botonic
botonic copied to clipboard
hubtype
[Snyk] Security upgrade cross-fetch from 3.1.4 to 3.1.5
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/botonic-nlp/package.json
- packages/botonic-nlp/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Information Exposure SNYK-JS-NODEFETCH-2342118 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: cross-fetch
The new version differs by 13 commits.- c6089df chore(release): 3.1.5
- a3b3a94 chore: updated node-fetch version to 2.6.7 (#124)
- efed703 chore: updated node-fetch version to 2.6.5
- 694ff77 refactor: removed ora from dependencies
- efc5956 refactor: added .vscode to .gitignore
- da605d5 refactor: renamed test/fetch/ to test/fetch-api/ and test/module/ to test/module-system/
- 0f0d51d chore: updated minor and patch versions of dev dependencies
- c6e34ea refactor: removed sinon.js
- f524a52 fix: yargs was incompatible with node 10
- 7906fcf chore: updated dev dependencies
- 24bc35a chore: added make browser task
- 6baf09d chore: added closeOnExec param to ./bin/server
- 80c46c1 chore: added exec param to ./bin/server
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
