Skip to content

Vulnerability issue in used "node-fetch" version 2.6.1 #207

New issue
New issue
Closed
Closed
Vulnerability issue in used "node-fetch" version 2.6.1#207
Assignees
danielbankhead
Labels
priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@devashish-s

Description

@devashish-s
devashish-s
opened on Jul 5, 2024

Hi there,

We are using google-gax in our project deployed on GCP account. in our yearly report we are getting issue with npm package node-fetch (^2.6.1) that should be update version 2.6.7 or higher.

Environment details

"The library node-fetch version 2.6.1 was detected in NPM library manager located at package-lock.json and is vulnerable to CVE-2022-0235, which exists in versions < 2.6.7.

The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: Medium).

The vulnerability can be remediated by updating the library to version 2.6.7 or higher."

Thanks!

Metadata

Metadata

Assignees

Labels

priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions