fix(deps): update dependency node-fetch to v2.6.7 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
node-fetch	2.6.1 -> 2.6.7

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

GitHub Vulnerability Alerts

CVE-2022-0235

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.

---

Release Notes

node-fetch/node-fetch (node-fetch)

v2.6.7

Compare Source

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in #​1453

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

v2.6.6

Compare Source

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in #​1352

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

v2.6.5

Compare Source

v2.6.4

Compare Source

v2.6.3

Compare Source

v2.6.2

Compare Source

fixed main path in package.json

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[guardrails]

⚠️ We detected 39 security issues in this pull request:

Vulnerable Libraries (39)

Severity	Details
High	@evocateur/libnpmaccess@3.1.2 (t) upgrade to: >=3.1.0
High	@jest/reporters@26.4.1 (t) upgrade to: >26.6.2
High	@lerna/clean@3.18.4 (t) upgrade to: >3.21.0 || 5.5.3
High	@lerna/create@3.18.0 (t) upgrade to: >3.22.0 || 5.5.3
High	@lerna/diff@3.18.0 (t) upgrade to: >3.21.0 || 5.5.3
High	@lerna/exec@3.18.4 (t) upgrade to: >3.21.0 || 5.5.3
High	@lerna/import@3.18.0 (t) upgrade to: >3.22.0 || 5.5.3
High	@lerna/init@3.18.0 (t) upgrade to: >3.21.0 || 5.5.3
High	@lerna/link@3.18.0 (t) upgrade to: >3.21.0 || 5.5.3
High	@lerna/list@3.18.4 (t) upgrade to: >3.21.0 || 5.5.3
High	@lerna/npm-publish@3.16.2 (t) upgrade to: >4.0.0
Medium	@lerna/pack-directory@3.16.4 (t) upgrade to: >4.0.0 || 5.5.3
High	@lerna/publish@3.18.4 (t) upgrade to: >5.1.1 || 5.5.3 || >6.3.1-beta.4
High	@lerna/run@3.18.4 (t) upgrade to: >3.21.0 || 5.5.3
Medium	@pm2/js-api@0.6.0 (t) upgrade to: >0.6.1
High	browserify-sign@4.0.4 (t) upgrade to: >=2.6.0
High	cheerio@1.0.0-rc.3 (t) upgrade to: >1.0.0-rc.3
High	decode-uri-component@0.2.0 (t) upgrade to: >=0.2.1
High	dns-packet@1.3.1 (t) upgrade to: >5.2.4
Critical	eventsource@1.0.7 (t) upgrade to: >=1.1.1
High	express@4.17.1 (t) upgrade to: >4.19.1 || >5.0.0-alpha.8
Medium	git-up@4.0.1 (t) upgrade to: >4.0.3
Critical	handlebars@4.7.6 (t) upgrade to: >4.7.6
Medium	hosted-git-info@2.8.5 (t) upgrade to: >=2.8.9
High	jest-resolve-dependencies@26.4.2 (t) upgrade to: >26.6.3
High	jest-runner@26.4.2 (t) upgrade to: >26.6.3
Critical	jsprim@1.4.1 (t) upgrade to: >1.4.1 || >2.0.1
High	jszip@3.2.2 (t) upgrade to: >3.7.1
Critical	merge-deep@3.0.2 (t) upgrade to: >=3.0.3
Medium	moment-timezone@0.5.31 (t) upgrade to: >0.5.34
Medium	node-notifier@8.0.0 (t) upgrade to: >=8.0.1
Medium	path-parse@1.0.6 (t) upgrade to: >=1.0.7
High	renderkid@2.0.3 (t) upgrade to: >2.0.5
High	systeminformation@4.27.3 (t) upgrade to: >5.6.3
Critical	thenify@3.3.0 (t) upgrade to: >=3.3.1
High	tmpl@1.0.4 (t) upgrade to: >=1.0.5
Medium	trim-off-newlines@1.0.1 (t) upgrade to: >=1.0.3
Critical	url-parse@1.4.7 (t) upgrade to: >1.5.8
Medium	word-wrap@1.2.3 (t) upgrade to: >=1.2.4

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.