[Snyk] Fix for 4 vulnerabilities

[twilio-product-security]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-APOLLOCLIENT-1085706	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cross-fetch

The new version differs by 147 commits.

• c6089df chore(release): 3.1.5
• a3b3a94 chore: updated node-fetch version to 2.6.7 (#124)
• efed703 chore: updated node-fetch version to 2.6.5
• 694ff77 refactor: removed ora from dependencies
• efc5956 refactor: added .vscode to .gitignore
• da605d5 refactor: renamed test/fetch/ to test/fetch-api/ and test/module/ to test/module-system/
• 0f0d51d chore: updated minor and patch versions of dev dependencies
• c6e34ea refactor: removed sinon.js
• f524a52 fix: yargs was incompatible with node 10
• 7906fcf chore: updated dev dependencies
• 24bc35a chore: added make browser task
• 6baf09d chore: added closeOnExec param to ./bin/server
• 80c46c1 chore: added exec param to ./bin/server
• 7e4b657 chore(release): 3.1.4
• 47bc898 chore(release): 3.1.4-alpha.0
• 3fce389 fix: reverted index.d.ts to its original state (prior 3.1.0)
• ddfe452 chore(release): 3.1.3
• 0a35f69 chore: updated dev dependencies
• 6c7c5d3 chore: removed target from typescript example
• 7c6a3f4 chore(release): 3.1.3-alpha.6
• 4e32613 chore: improved index.d.ts
• d7210dc chore(release): 3.1.3-alpha.5
• 69b7d5b chore: improved typescript example
• f3b2fc4 chore: added no-default-lib directive to index.d.ts and lib.fetch.d.ts

See the full diff

Package name: got

The new version differs by 65 commits.

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
• f896aa5 11.8.2
• 3bd245f Instantiate CacheableLookup only when needed (#1529)
• a72ed84 11.8.1
• 4c815c3 Do not throw on custom stack traces (#1491)
• e0cb820 11.8.0
• f65c9ef Upgrade dependencies
• 7acd380 Fix for sending files with size `0` on `stat` (#1488)
• 6aa86f2 Fix indentation in the readme
• 3dd2273 `beforeRetry` allows stream body if different from original (#1501)
• b1afa2b Fix readme example comment (#1505)
• 390b145 Set default value for an options object (#1495)
• 87dadd5 Fixed documentation example for `responseType` (#1494)
• 3bf3e3b Add `lookup` option documentation (#1483)
• c31366b Add a test for #1438 (#1469)
• 5d62958 11.7.0
• 88b32ea Fix a regression where body was sent after redirect

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Denial of Service (DoS)