Dependabot alert: node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Question

thomasmerz opened this issue 3 years ago · comments

Details can be found here ⚠️
Proposed action:

Upgrade node-fetch to version 2.6.7 or later. For example:

Thomas Merz · Answer 1 · Mon Feb 28 2022 16:24:06 GMT+0800 (China Standard Time)

I disabled Actions until this issue will be fixed.

inokawa · Answer 2 · Mon Feb 28 2022 20:05:23 GMT+0800 (China Standard Time)

Thank you for reporting.