[Snyk] Upgrade node-fetch from 3.2.1 to 3.3.2

[mshantanu]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade node-fetch from 3.2.1 to 3.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.

• The recommended version was released 10 months ago, on 2023-07-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-fetch

• 3.3.2 - 2023-07-25
  

  3.3.2 (2023-07-25)

  Bug Fixes

  • Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473
• 3.3.1 - 2023-03-11
  

  3.3.1 (2023-03-11)

  Bug Fixes

  • release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)
• 3.3.0 - 2022-11-10
  

  3.3.0 (2022-11-10)

  Features

  • add static Response.json (#1670) (55a4870)
• 3.2.10 - 2022-07-31
  

  3.2.10 (2022-07-31)

  Bug Fixes

  • ReDoS referrer (#1611) (2880238)
• 3.2.9 - 2022-07-18
  

  3.2.9 (2022-07-18)

  Bug Fixes

  • Headers: don't forward secure headers on protocol change (#1599) (e87b093)
• 3.2.8 - 2022-07-12
• 3.2.7 - 2022-07-11
• 3.2.6 - 2022-06-09
• 3.2.5 - 2022-06-01
• 3.2.4 - 2022-04-28
• 3.2.3 - 2022-03-11
• 3.2.2 - 2022-03-07
• 3.2.1 - 2022-03-01

from node-fetch GitHub release notes

Commit messages

Package name: node-fetch

• 8b3320d fix: Remove the default connection close header. (#1736)
• 7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
• 8ced5b9 docs: readme - non ESM example (#1707)
• 71e376b ci(release): use latest Node LTS (#1697)
• e093030 Allow URL class object as an argument for fetch() (#1696)
• 55a4870 feat: add static Response.json (#1670)
• c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
• 6f72caa docs: fix missing comma in example (#1623)
• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• bcfb71c chore: remove triple-slash directives from typings (#1285) (#1287)
• 95165d5 fix spelling (#1602)
• 11b7033 fix: possibly flaky test (#1523)
• 4f43c9e fix: always warn Request.data (#1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (#1578)
• a92b5d5 fix: use space in accept-encoding values (#1572)
• 0f122b8 docs: fix formdata code example (#1562)
• 6ae9c76 docs(readme): response.clone() is not async (#1560)
• 043a5fc Fix leaking listeners (#1295) (#1474)
• 004b3ac fix: don't uppercase unknown methods (#1542)
• c33e393 Fix Code of Conduct link in Readme. (#1532)
• 6875205 docs: Fix link markup to Options definition (#1525)
• 6425e20 fix: handle bom in text and json (#1482)
• a4ea5f9 fix: add missing formdata export to types (#1518)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.