Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency node-fetch to v2.6.1 #4995

Merged
merged 2 commits into from
Apr 30, 2021
Merged

chore(deps): update dependency node-fetch to v2.6.1 #4995

merged 2 commits into from
Apr 30, 2021

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 6, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-fetch 2.3.0 -> 2.6.1 age adoption passing confidence
@types/node-fetch 2.5.8 -> 2.5.10 age adoption passing confidence

Release Notes

bitinn/node-fetch

v2.6.1

Compare Source

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.

v2.6.0

Compare Source

See CHANGELOG.

v2.5.0

Compare Source

See CHANGELOG.

v2.4.1

Compare Source

See CHANGELOG.

v2.4.0

Compare Source

See CHANGELOG.

Configuration

📅 Schedule: "every weekend" in timezone America/Los_Angeles.

🚦 Automerge: Enabled.

♻️ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the dependencies label Mar 6, 2021
@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch 7 times, most recently from 1298e3e to 3ca9f3a Compare March 13, 2021 12:33
@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch 6 times, most recently from c99bfbf to 869c79c Compare March 20, 2021 14:39
@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch 5 times, most recently from 7bb6822 to a43415e Compare March 27, 2021 13:19
@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch 4 times, most recently from 641ba4d to d9e62f0 Compare April 3, 2021 13:13
@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch 3 times, most recently from ecaa68f to fea1de9 Compare April 17, 2021 08:49
@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch 3 times, most recently from 715a52e to faeece3 Compare April 17, 2021 14:45
@glasser
Copy link
Member

glasser commented Apr 19, 2021

This seems like a real conflict between a minor version update of node-fetch and RESTDataSource, worth investigating at some point.

@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch 2 times, most recently from 2428820 to b641924 Compare April 25, 2021 18:59
@abernix abernix self-assigned this Apr 29, 2021
@renovate renovate bot force-pushed the renovate/node-fetch-2.x branch from b641924 to de8304c Compare April 30, 2021 11:12
@abernix
tests: Use toString() method to test Buffer contents
df27762 
As of `node-fetch@2.4.0`, its internal representation of `body` is now
normalized to a `Buffer` during `Request` construction, and will always be
returned as a `Buffer`, rather than having the `body` being either a String
_or_ a Buffer.  This defeated the way we were testing the `body` but
shouldn't affect the actual `Response`'s `body`.

Ref: node-fetch/node-fetch@7d3293200a91a
@abernix abernix requested a review from glasser April 30, 2021 13:40
@abernix abernix merged commit c0265ac into main Apr 30, 2021
@abernix abernix deleted the renovate/node-fetch-2.x branch April 30, 2021 13:44
abernix added a commit that referenced this pull request Apr 30, 2021
@renovate @renovate-bot @abernix
chore(deps): update dependency node-fetch to v2.6.1 (#4995)
56f17b9 
* chore(deps): update dependency node-fetch to v2.6.1

* tests: Use `toString()` method to test Buffer contents

As of `node-fetch@2.4.0`, its internal representation of `body` is now
normalized to a `Buffer` during `Request` construction, and will always be
returned as a `Buffer`, rather than having the `body` being either a String
_or_ a Buffer.  This defeated the way we were testing the `body` but
shouldn't affect the actual `Response`'s `body`.

Ref: node-fetch/node-fetch@7d3293200a91a

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Jesse Rosenberger <git@jro.cc>
glasser added a commit that referenced this pull request Apr 30, 2021
@glasser
Follow-up to #4995: also update node-fetch in apollo-server-env
46e308a
glasser added a commit that referenced this pull request Apr 30, 2021
@glasser
Follow-up to #4995: also update node-fetch in apollo-server-env
984d7e3
@glasser
Copy link
Member

glasser commented Apr 30, 2021

This is released in AS 2.24.0! We don't think that Apollo Server was actually affected by the CVE patched in 2.6.1 but are happy to get this out anyway.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@glasser glasser glasser approved these changes

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

@abernix abernix

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@glasser @abernix @renovate-bot