Skip to content

Commit 34d4fbf

Browse files
CJ Wilsonmroch
CJ Wilson
authored and
mroch
committed
fix: update cross-fetch to resolve CVE-2022-0235 
1 parent 8656752 commit 34d4fbf

2 files changed

Lines changed: 30 additions & 16 deletions

File tree

packages/fbjs/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@
6363
]
6464
},
6565
"dependencies": {
66-
"cross-fetch": "^3.0.4",
66+
"cross-fetch": "^3.1.5",
6767
"fbjs-css-vars": "^1.0.0",
6868
"loose-envify": "^1.0.0",
6969
"object-assign": "^4.1.0",

packages/fbjs/yarn.lock

Lines changed: 29 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1538,13 +1538,12 @@ core-util-is@1.0.2, core-util-is@~1.0.0:
15381538
resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7"
15391539
integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=
15401540

1541-
cross-fetch@^3.0.4:
1542-
version "3.0.4"
1543-
resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.0.4.tgz#7bef7020207e684a7638ef5f2f698e24d9eb283c"
1544-
integrity sha512-MSHgpjQqgbT/94D4CyADeNoYh52zMkCX4pcJvPP5WqPsLFMKjr2TCMg381ox5qI0ii2dPwaLx/00477knXqXVw==
1541+
cross-fetch@^3.1.5:
1542+
version "3.1.5"
1543+
resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.1.5.tgz#e1389f44d9e7ba767907f7af8454787952ab534f"
1544+
integrity sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==
15451545
dependencies:
1546-
node-fetch "2.6.0"
1547-
whatwg-fetch "3.0.0"
1546+
node-fetch "2.6.7"
15481547

15491548
cross-spawn@^5.0.1, cross-spawn@^5.1.0:
15501549
version "5.1.0"
@@ -3872,10 +3871,12 @@ next-tick@~1.0.0:
38723871
resolved "https://registry.yarnpkg.com/next-tick/-/next-tick-1.0.0.tgz#ca86d1fe8828169b0120208e3dc8424b9db8342c"
38733872
integrity sha1-yobR/ogoFpsBICCOPchCS524NCw=
38743873

3875-
node-fetch@2.6.0:
3876-
version "2.6.0"
3877-
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.0.tgz#e633456386d4aa55863f676a7ab0daa8fdecb0fd"
3878-
integrity sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==
3874+
node-fetch@2.6.7:
3875+
version "2.6.7"
3876+
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
3877+
integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
3878+
dependencies:
3879+
whatwg-url "^5.0.0"
38793880

38803881
node-int64@^0.4.0:
38813882
version "0.4.0"
@@ -5226,6 +5227,11 @@ tr46@^1.0.1:
52265227
dependencies:
52275228
punycode "^2.1.0"
52285229

5230+
tr46@~0.0.3:
5231+
version "0.0.3"
5232+
resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
5233+
integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=
5234+
52295235
trim-right@^1.0.1:
52305236
version "1.0.1"
52315237
resolved "https://registry.yarnpkg.com/trim-right/-/trim-right-1.0.1.tgz#cb2e1203067e0c8de1f614094b9fe45704ea6003"
@@ -5465,6 +5471,11 @@ watch@~0.18.0:
54655471
exec-sh "^0.2.0"
54665472
minimist "^1.2.0"
54675473

5474+
webidl-conversions@^3.0.0:
5475+
version "3.0.1"
5476+
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
5477+
integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=
5478+
54685479
webidl-conversions@^4.0.2:
54695480
version "4.0.2"
54705481
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-4.0.2.tgz#a855980b1f0b6b359ba1d5d9fb39ae941faa63ad"
@@ -5477,16 +5488,19 @@ whatwg-encoding@^1.0.1, whatwg-encoding@^1.0.3:
54775488
dependencies:
54785489
iconv-lite "0.4.23"
54795490

5480-
whatwg-fetch@3.0.0:
5481-
version "3.0.0"
5482-
resolved "https://registry.yarnpkg.com/whatwg-fetch/-/whatwg-fetch-3.0.0.tgz#fc804e458cc460009b1a2b966bc8817d2578aefb"
5483-
integrity sha512-9GSJUgz1D4MfyKU7KRqwOjXCXTqWdFNvEr7eUBYchQiVc744mqK/MzXPNR2WsPkmkOa4ywfg8C2n8h+13Bey1Q==
5484-
54855491
whatwg-mimetype@^2.1.0:
54865492
version "2.2.0"
54875493
resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.2.0.tgz#a3d58ef10b76009b042d03e25591ece89b88d171"
54885494
integrity sha512-5YSO1nMd5D1hY3WzAQV3PzZL83W3YeyR1yW9PcH26Weh1t+Vzh9B6XkDh7aXm83HBZ4nSMvkjvN2H2ySWIvBgw==
54895495

5496+
whatwg-url@^5.0.0:
5497+
version "5.0.0"
5498+
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
5499+
integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0=
5500+
dependencies:
5501+
tr46 "~0.0.3"
5502+
webidl-conversions "^3.0.0"
5503+
54905504
whatwg-url@^6.4.1:
54915505
version "6.5.0"
54925506
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-6.5.0.tgz#f2df02bff176fd65070df74ad5ccbb5a199965a8"

0 commit comments

Comments
 (0)