-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump node-fetch from 2.6.0 to 2.6.1 #919
Conversation
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
@googlebot I signed it! |
Possible to piggyback a patch update of the Edit: Can we also expand scope of PR to include additional packages? e.g. lighthouse-plugin-amp; toolbox-linter; toolbox-cli |
Related: #916 |
So based on the discussion, I bumped both cross-fetch and node-fetch to semver. All instances of both were bumped! |
Thanks @daggy1234 for creating a PR! What's the best away getting around to getting this merged? 🎉 It'd be great to see the vulnerability patched 😄 |
I think its ready |
While a low severity issue, node-fetch 2.6.0 has vulnerabilities. It is a good idea to bump node-fetch used from 2.6.0 to 2.6.1.
https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261
Thats about it!