[PR #609] [MERGED] ⬆️ upgrade node-fetch to ^2.6.9 #3205

New Issue

GiteaMirror · 2026-02-28T20:38:05-06:00

GiteaMirror commented

2026-02-28 20:38:05 -06:00

📋 Pull Request Information

Original PR: https://github.com/actualbudget/actual/pull/609
Author: @MatissJanis
Created: 2/2/2023
Status: ✅ Merged
Merged: 2/2/2023
Merged by: @MatissJanis

Base: master ← Head: matiss/node-fetch-upgrade

📝 Commits (1)

fad20ca ⬆️ upgrade node-fetch to ^2.6.9

📊 Changes

4 files changed (+21 additions, -7 deletions)

View changed files

📝 packages/api/package.json (+1 -1)
📝 packages/desktop-electron/package.json (+1 -1)
📝 packages/loot-core/package.json (+1 -1)
📝 yarn.lock (+18 -4)

📄 Description

Upgrading node-fetch to fix security issues. Especially important in actual-server (which imports @actual-app/api)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/actualbudget/actual/pull/609 **Author:** [@MatissJanis](https://github.com/MatissJanis) **Created:** 2/2/2023 **Status:** ✅ Merged **Merged:** 2/2/2023 **Merged by:** [@MatissJanis](https://github.com/MatissJanis) **Base:** `master` ← **Head:** `matiss/node-fetch-upgrade` --- ### 📝 Commits (1) - [`fad20ca`](https://github.com/actualbudget/actual/commit/fad20ca70e4d7df75fd9af1b3a0cb00e94854403) :arrow_up: upgrade node-fetch to ^2.6.9 ### 📊 Changes **4 files changed** (+21 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `packages/api/package.json` (+1 -1) 📝 `packages/desktop-electron/package.json` (+1 -1) 📝 `packages/loot-core/package.json` (+1 -1) 📝 `yarn.lock` (+18 -4) </details> ### 📄 Description Upgrading node-fetch to fix security issues. Especially important in `actual-server` (which imports `@actual-app/api`) - https://cwe.mitre.org/data/definitions/173.html - https://cwe.mitre.org/data/definitions/200.html - https://cwe.mitre.org/data/definitions/601.html --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-02-28 20:38:05 -06:00

GiteaMirror closed this issue

2026-02-28 20:38:05 -06:00

GiteaMirror referenced this issue

2026-02-28 21:00:27 -06:00

[PR #3205] [MERGED] fix "unkown" typo in error message #4735

Sign in to join this conversation.

Branches Tags

master

claude/fix-simplefin-ssrf-T31gX

claude/release-notes-validation-X7rvR

matiss/7155

claude/fix-simplefin-batch-sync-O8LcD

ai/custom-theme-dual-prefs

matiss/fix-6804

add-claude-github-actions-1772738270730

claude/analyze-internal-errors-4k6O2

react-query-rules

react-query-useSchedules

matiss/separate-lint-format

dependabot/npm_and_yarn/ajv-6.14.0

cursor/sync-performance-notification-9899

react-query-prefs

matiss/chunked-sync-and-progress-ux

v26.2.1

copilot/sub-pr-6880

fix-react-query-clear-on-close-budget

copilot/sub-pr-6140

feat/auto-note

feat/scoped-bank-sync

cursor/desktop-transactions-react-table-1d0c

fix-exhaustive-deps-App

copilot/fix-find-replace-bug

release/v26.2.0-pre

matiss/browser-tests

mobile-fix-drag-and-drop-across-groups

budget-table-v2

PayeeAutocomplete2

pglite

bugfix/plugins/fix-plugins-sw

feat/plugins/plugins-core-package

prerelease

matiss/unicode-minus-fix

cursor/fix-actual-github-issue-6206-gemini-3-pro-preview-9c37

TransactionFormPage

cursor/implement-mortgage-and-loan-account-type-78ca

tests-update-fill-with-pressSequentially

mobile/link-modal

deps/25.11

cursor/fix-update-vrt-apply-ci-job-dispatch-b324

sync-server-plugins

cursor/propose-patch-for-github-issue-5680-2a18

fix/compiler-preserve-inner-dollar-escapes

cursor/analyze-actual-budget-issue-and-propose-fix-5b70

coderabbitai/docstrings/0c070e5

cursor/add-wip-prefix-and-comment-to-prs-d78d

jfdoming/08-21-auto-focus-on-navigate-in-all-browsers

show-totals-on-mobile-budget-banners

allow-child-transactions-make-transfer

mobile-calculator-keyboard

payee-geolocation

enhance/restore_scroll_position

dm-fix-second-click-on-mobile-new-transaction-2

scrollToLocationBudget

alert-autofix-38

tsconfig-composite

mobile-fix-uncategorized-transactions-on-tracking-budgets

server-budget-handlers

fix-sql-injection-in-cleanup-template

non-chrome-draggable-workaround

mobile-budget-page-swipe-navigation

ts-db-all

stable

dark-theme-with-brand-colors

fix-mobile-delete-group

ts-db-select

UnderKoen/reconcile-context-menu

master-before-server-merge

v25.2.1

ts-runQuery

rename-redux-hooks

UnderKoen/3557-persist-state-in-history

remove-redux-CLOSE_BUDGET

fix-exhaustive-deps-errors-FinancesApp

redux-toolkit-createSlice-backup

accounts-function-component

ts-useSplitsExpanded

loot-core-server-package

useTransactios-in-TransactionEdit

react-aria-input

move-redux-to-desktop-client

QueryState-type

fix-themes-applied-late

mobile-vrts

revert-3295-spendingCardFix

react-aria-button-4

split-payee-on-mobile

twk3/pin-apis-crdt

notes-tag-autocomplete

ts-LoadBackup

dnd-kit

package-upgrades

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/actual#3205