Closed sasadjolic closed 3 years ago
hey! thanks for reporting that. Actually the v3.0.6
was published on npm registry 5 months ago (see "last publish" on https://www.npmjs.com/package/cross-fetch). However on Github registry the package was not up to date. So I've published the last version: v3.0.6 (see "Published" on https://github.com/lquixada?tab=packages&repo_name=cross-fetch). I feel you might be unintentionally using the Github registry under the hood (https://npm.pkg.github.com).
anyway, everything's up to date now! 👍
There is vulnerability in the currently latest NPM package for cross-fetch which is v3.0.4. The fix for the vulnerability is to: Upgrade node-fetch to version 2.6.1 or later
This has already been done in v3.0.6 tag on Github but this version was not published to NPM. Please publish to NPM