[Snyk] Upgrade node-fetch from 2.3.0 to 3.2.10

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade node-fetch from 2.3.0 to 3.2.10.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 36 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2022-07-31.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-543307	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-174125	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Denial of Service SNYK-JS-NODEFETCH-674311	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-fetch

• 3.2.10 - 2022-07-31
  

  3.2.10 (2022-07-31)

  Bug Fixes

  • ReDoS referrer (#1611) (2880238)
• 3.2.9 - 2022-07-18
  

  3.2.9 (2022-07-18)

  Bug Fixes

  • Headers: don't forward secure headers on protocol change (#1599) (e87b093)
• 3.2.8 - 2022-07-12
  

  3.2.8 (2022-07-12)

  Bug Fixes

  • possibly flaky test (#1523) (11b7033)
• 3.2.7 - 2022-07-11
  

  3.2.7 (2022-07-11)

  Bug Fixes

  • always warn Request.data (#1550) (4f43c9e)
• 3.2.6 - 2022-06-09
  

  3.2.6 (2022-06-09)

  Bug Fixes

  • undefined reference to response.body when aborted (#1578) (1c5ed6b)
• 3.2.5 - 2022-06-01
  

  3.2.5 (2022-06-01)

  Bug Fixes

  • use space in accept-encoding values (#1572) (a92b5d5), closes #1571
• 3.2.4 - 2022-04-28
  

  3.2.4 (2022-04-28)

  Bug Fixes

  • don't uppercase unknown methods (#1542) (004b3ac)
• 3.2.3 - 2022-03-11
  

  3.2.3 (2022-03-11)

  Bug Fixes

  • handle bom in text and json (#1482) (6425e20)
• 3.2.2 - 2022-03-07
  

  3.2.2 (2022-03-07)

  Bug Fixes

  • add missing formdata export to types (#1518) (a4ea5f9), closes #1517
• 3.2.1 - 2022-03-01
  

  3.2.1 (2022-03-01)

  Bug Fixes

  • cancel request example import (#1513) (61b3b5a)
• 3.2.0 - 2022-01-20
• 3.1.1 - 2022-01-16
• 3.1.0 - 2021-11-08
• 3.0.0 - 2021-08-31
• 3.0.0-beta.6-exportfix - 2020-05-25
• 3.0.0-beta.10 - 2021-07-19
• 3.0.0-beta.9 - 2020-09-05
• 3.0.0-beta.8 - 2020-08-10
• 3.0.0-beta.7 - 2020-06-11
• 3.0.0-beta.6 - 2020-05-25
• 3.0.0-beta.5 - 2020-04-22
• 3.0.0-beta.4 - 2020-03-14
• 3.0.0-beta.3 - 2020-03-13
• 3.0.0-beta.2 - 2020-03-13
• 3.0.0-beta.1 - 2020-03-13
• 2.6.7 - 2022-01-16
• 2.6.6 - 2021-10-31
• 2.6.5 - 2021-09-22
• 2.6.4 - 2021-09-21
• 2.6.3 - 2021-09-20
• 2.6.2 - 2021-09-06
• 2.6.1 - 2020-09-05
• 2.6.0 - 2019-05-16
• 2.5.0 - 2019-05-01
• 2.4.1 - 2019-04-27
• 2.4.0 - 2019-04-26
• 2.3.0 - 2018-11-13

from node-fetch GitHub release notes

Commit messages

Package name: node-fetch

• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• bcfb71c chore: remove triple-slash directives from typings (#1285) (#1287)
• 95165d5 fix spelling (#1602)
• 11b7033 fix: possibly flaky test (#1523)
• 4f43c9e fix: always warn Request.data (#1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (#1578)
• a92b5d5 fix: use space in accept-encoding values (#1572)
• 0f122b8 docs: fix formdata code example (#1562)
• 6ae9c76 docs(readme): response.clone() is not async (#1560)
• 043a5fc Fix leaking listeners (#1295) (#1474)
• 004b3ac fix: don't uppercase unknown methods (#1542)
• c33e393 Fix Code of Conduct link in Readme. (#1532)
• 6875205 docs: Fix link markup to Options definition (#1525)
• 6425e20 fix: handle bom in text and json (#1482)
• a4ea5f9 fix: add missing formdata export to types (#1518)
• 61b3b5a fix: cancel request example import (#1513)
• 5e78af3 Replace changelog with valid url (#1506)
• 9014db7 types: support `agent: false` (#1502)
• 2e1f3a5 chore: fix typo in credential error message (#1496)
• 4ce2ce5 docs(readme): fix typo (#1489)
• ba23fd2 docs: remove the changelog (#1464)
• 8fedc1b core: move support and feature to discussion (#1471)
• 0b43b9f docs: update formdata example (#1465)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs