CLAassistant
commented
2 years ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 6.5
SNYK-JS-NODEFETCH-2342118
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: cross-fetch
The new version differs by 13 commits.- c6089df chore(release): 3.1.5
- a3b3a94 chore: updated node-fetch version to 2.6.7 (#124)
- efed703 chore: updated node-fetch version to 2.6.5
- 694ff77 refactor: removed ora from dependencies
- efc5956 refactor: added .vscode to .gitignore
- da605d5 refactor: renamed test/fetch/ to test/fetch-api/ and test/module/ to test/module-system/
- 0f0d51d chore: updated minor and patch versions of dev dependencies
- c6e34ea refactor: removed sinon.js
- f524a52 fix: yargs was incompatible with node 10
- 7906fcf chore: updated dev dependencies
- 24bc35a chore: added make browser task
- 6baf09d chore: added closeOnExec param to ./bin/server
- 80c46c1 chore: added exec param to ./bin/server
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic