[Snyk] Upgrade node-fetch from 1.7.3 to 3.1.0

[snyk-bot]

Snyk has created this PR to upgrade node-fetch from 1.7.3 to 3.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 39 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2021-11-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution npm:extend:20180424	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-fetch

• 3.1.0 - 2021-11-08
  

  What's Changed

  • fix(Body): Discourage form-data and buffer() by @ jimmywarting in #1212
  • fix: Pass url string to http.request by @ serverwentdown in #1268
  • Fix octocat image link by @ lakuapik in #1281
  • fix(Body.body): Normalize Body.body into a node:stream by @ jimmywarting in #924
  • docs(Headers): Add default Host request header to README.md file by @ robertoaceves in #1316
  • Update CHANGELOG.md by @ jimmywarting in #1292
  • Add highWaterMark to cloned properties by @ davesidious in #1162
  • Update README.md to fix HTTPResponseError by @ thedanfernandez in #1135
  • docs: switch url to URL by @ dhritzkiv in #1318
  • fix(types): declare buffer() deprecated by @ dnalborczyk in #1345
  • chore: fix lint by @ dnalborczyk in #1348
  • refactor: use node: prefix for imports by @ dnalborczyk in #1346
  • Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @ dependabot in #1319
  • Bump mocha from 8.4.0 to 9.1.3 by @ dependabot in #1339
  • Referrer and Referrer Policy by @ tekwiz in #1057
  • Add typing for Response.redirect(url, status) by @ c-w in #1169
  • chore: Correct stuff in README.md by @ Jiralite in #1361
  • docs: Improve clarity of "Loading and configuring" by @ serverwentdown in #1323
  • feat(Body): Added support for BodyMixin.formData() and constructing bodies with FormData by @ jimmywarting in #1314
  • template: Make PR template more task oriented by @ jimmywarting in #1224
  • docs: Update code examples by @ jimmywarting in #1365

  New Contributors

  • @ serverwentdown made their first contribution in #1268
  • @ lakuapik made their first contribution in #1281
  • @ robertoaceves made their first contribution in #1316
  • @ davesidious made their first contribution in #1162
  • @ thedanfernandez made their first contribution in #1135
  • @ dhritzkiv made their first contribution in #1318
  • @ dnalborczyk made their first contribution in #1345
  • @ dependabot made their first contribution in #1319
  • @ c-w made their first contribution in #1169

  Full Changelog: v3.0.0...v3.1.0

• 3.0.0 - 2021-08-31
  

  version 3 is going out of a long beta period and switches to stable

  One major change is that it's now a ESM only package
  See changelog for more information about all the changes.

• 3.0.0-beta.6-exportfix - 2020-05-25
• 3.0.0-beta.10 - 2021-07-19
  

  This package is now a ESM only package. To import fetch you either have to use

  import fetch from 'node-fetch';

  // Or if you are still using commonjs or want to lazy
  // import fetch then the async import works fine
  import('node-fetch')

  • res.blob().stream() now returns a whatwg ReadableStream instad

  See CHANGELOG for details.

• 3.0.0-beta.9 - 2020-09-05
  

  This is an important security release. It is strongly recommended to update as soon as possible.

  See CHANGELOG for details.

• 3.0.0-beta.8 - 2020-08-10
• 3.0.0-beta.7 - 2020-06-11
• 3.0.0-beta.6 - 2020-05-25
• 3.0.0-beta.5 - 2020-04-22
• 3.0.0-beta.4 - 2020-03-14
• 3.0.0-beta.3 - 2020-03-13
• 3.0.0-beta.2 - 2020-03-13
• 3.0.0-beta.1 - 2020-03-13
• 2.6.7 - 2022-01-16
• 2.6.6 - 2021-10-31
  

  What's Changed

  • fix(URL): prefer built in URL version when available and fallback to whatwg by @ jimmywarting in #1352

  Full Changelog: v2.6.5...v2.6.6

• 2.6.5 - 2021-09-22
  

  • fix: import whatwg-url in a way compatible with ESM Node

  • release: 2.6.5

• 2.6.4 - 2021-09-21
• 2.6.3 - 2021-09-20
  
  • fix: properly encode url with unicode characters
  • release: 2.6.3
• 2.6.2 - 2021-09-06
  

  fixed main path in package.json

• 2.6.1 - 2020-09-05
  

  This is an important security release. It is strongly recommended to update as soon as possible.

  See CHANGELOG for details.

• 2.6.0 - 2019-05-16
• 2.5.0 - 2019-05-01
• 2.4.1 - 2019-04-27
• 2.4.0 - 2019-04-26
• 2.3.0 - 2018-11-13
• 2.2.1 - 2018-11-05
• 2.2.0 - 2018-07-22
• 2.1.2 - 2018-03-25
• 2.1.1 - 2018-03-05
• 2.1.0 - 2018-03-05
• 2.0.0 - 2018-02-03
• 2.0.0-alpha.9 - 2017-09-24
• 2.0.0-alpha.8 - 2017-07-26
• 2.0.0-alpha.7 - 2017-07-25
• 2.0.0-alpha.6 - 2017-07-21
• 2.0.0-alpha.5 - 2017-06-03
• 2.0.0-alpha.4 - 2017-05-15
• 2.0.0-alpha.3 - 2017-01-29
• 2.0.0-alpha.1 - 2017-01-15
• 1.7.3 - 2017-09-08

from node-fetch GitHub release notes

Commit messages

Package name: node-fetch

• 109bd21 release minor change (3.1.0) (#1364)
• ff71348 docs: Update code examples (#1365)
• 1068c8a template: Make PR template more task oriented (#1224)
• 3944f24 feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData (#1314)
• 37ac459 docs: Improve clarity of "Loading and configuring" (#1323)
• a3a5b63 chore: Correct stuff in README.md (#1361)
• ff7e950 Add typing for Response.redirect(url, status) (Add notes for gui-and-browsers-biweekly 2020-07-28 ipfs/team-mgmt#1169)
• 2d80b0b Add support for Referrer and Referrer Policy (Add notes for ipfs-weekly-call 2019-06-03 ipfs/team-mgmt#1057)
• 0a67275 Bump mocha from 8.4.0 to 9.1.3 (#1339)
• 300eb56 Bump data-uri-to-buffer from 3.0.1 to 4.0.0 (#1319)
• 47d9cde refactor: use node: prefix for imports (#1346)
• 96f9ae2 chore: fix lint (#1348)
• 965b323 fix(types): declare buffer() deprecated (#1345)
• 4972e00 docs: switch url to URL
• 52b743b Update README.md to fix HTTPResponseError (Project WG Weekly Meeting ipfs/team-mgmt#1135)
• acc2cba Update response.js (Create 2020-06-15--core-implementations-weekly.md ipfs/team-mgmt#1162)
• 5756eaa Update CHANGELOG.md (#1292)
• 3b99832 Add default Host request header to README.md file (#1316)
• 8721d79 fix(Body.body): Normalize `Body.body` into a `node:stream` (Create 2019-04-01--go-core-dev-team-weekly.md ipfs/team-mgmt#924)
• 9cd2e43 Fix octocat image link (#1281)
• 8b54ab4 fix: Pass url string to http.request (#1268)
• 471f08c fix(Body): Discurage form-data and buffer() (#1212)
• 2603c67 V3 stable release (#1257)
• 2f1b426 docs: Add example for loading ESM from CommonJS (#1236)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs