From 83ac2dba38bb5f0b9e6a7cabe03e29efbbb8457e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 23 Aug 2023 16:15:53 +0300
Subject: [PATCH] update node-fetch version to 2.6.13

2.6.6 is vulnerable to CVE-2022-0235
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 4dd54d3..4c8a95b 100644
--- a/package.json
+++ b/package.json
@@ -15,7 +15,7 @@
     "cli-progress": "^3.9.1",
     "jsdom": "^22.1.0",
     "lodash": "^4.17.21",
-    "node-fetch": "2",
+    "node-fetch": "^2.6.13",
     "ora": "5.4.1",
     "tslib": "^1",
     "unzipit": "^1.3.5",
diff --git a/yarn.lock b/yarn.lock
index 5882e36..1af2a5b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2288,10 +2288,10 @@ nock@^13.0.0:
     lodash.set "^4.3.2"
     propagate "^2.0.0"
 
-node-fetch@2:
-  version "2.6.6"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.6.tgz#1751a7c01834e8e1697758732e9efb6eeadfaf89"
-  integrity sha512-Z8/6vRlTUChSdIgMa51jxQ4lrw/Jy5SOW10ObaA47/RElsAN2c5Pn8bTgFGWn/ibwzXTE8qwr1Yzx28vsecXEA==
+node-fetch@^2.6.13:
+  version "2.6.13"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.13.tgz#a20acbbec73c2e09f9007de5cda17104122e0010"
+  integrity sha512-StxNAxh15zr77QvvkmveSQ8uCQ4+v5FkvNTj0OESmiHu+VRi/gXArXtkWMElOsOUNLtUEvI4yS+rdtOHZTwlQA==
   dependencies:
     whatwg-url "^5.0.0"