[Snyk] Upgrade node-fetch from 3.2.0 to 3.3.2

[chncaption]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade node-fetch from 3.2.0 to 3.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2023-07-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-fetch

• 3.3.2 - 2023-07-25
  

  3.3.2 (2023-07-25)

  Bug Fixes

  • Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473
• 3.3.1 - 2023-03-11
  

  3.3.1 (2023-03-11)

  Bug Fixes

  • release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)
• 3.3.0 - 2022-11-10
  

  3.3.0 (2022-11-10)

  Features

  • add static Response.json (#1670) (55a4870)
• 3.2.10 - 2022-07-31
  

  3.2.10 (2022-07-31)

  Bug Fixes

  • ReDoS referrer (#1611) (2880238)
• 3.2.9 - 2022-07-18
  

  3.2.9 (2022-07-18)

  Bug Fixes

  • Headers: don't forward secure headers on protocol change (#1599) (e87b093)
• 3.2.8 - 2022-07-12
• 3.2.7 - 2022-07-11
• 3.2.6 - 2022-06-09
• 3.2.5 - 2022-06-01
• 3.2.4 - 2022-04-28
• 3.2.3 - 2022-03-11
• 3.2.2 - 2022-03-07
• 3.2.1 - 2022-03-01
• 3.2.0 - 2022-01-20

from node-fetch GitHub release notes

Commit messages

Package name: node-fetch

• 8b3320d fix: Remove the default connection close header. (Support custom headers in elm client OpenAPITools/openapi-generator#1736)
• 7b86e94 fix: release "Allow URL class object as an argument for fetch()" [BUG][Java][Spring] Sanitize tag name when use the option useTags is set to true OpenAPITools/openapi-generator#1696 ([REQ][HTML] YAML multiline string formatting of descriptions should be translated to HTML OpenAPITools/openapi-generator#1716)
• 8ced5b9 docs: readme - non ESM example ([BUG][HTML] Vendor-specific media type breaks Example Data OpenAPITools/openapi-generator#1707)
• 71e376b ci(release): use latest Node LTS ([Java] Default values for string-type header parameters are generated with two sets of quotes OpenAPITools/openapi-generator#1697)
• e093030 Allow URL class object as an argument for fetch() ([BUG][Java][Spring] Sanitize tag name when use the option useTags is set to true OpenAPITools/openapi-generator#1696)
• 55a4870 feat: add static Response.json (Improve model class of ruby-client OpenAPITools/openapi-generator#1670)
• c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage ([BUG][Python-Flask] Missing required argument on PUT, POST, PATCH OpenAPITools/openapi-generator#1666)
• 6f72caa docs: fix missing comma in example (NullPointerException in StaticHtmlGenerator when components: doesn't have schema: OpenAPITools/openapi-generator#1623)
• 2880238 fix: ReDoS referrer ( [TS][Angular] Avoid strictNullChecks errors for apiKeys OpenAPITools/openapi-generator#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (Issue #1571 - Improved objc Compatibility OpenAPITools/openapi-generator#1599)
• bcfb71c chore: remove triple-slash directives from typings ([Snyk] Fix for 1 vulnerabilities #1285) ([Snyk] Security upgrade python-multipart from 0.0.5 to 0.0.22 #1287)
• 95165d5 fix spelling ([Java] Generate model for component with allOf has not attributes OpenAPITools/openapi-generator#1602)
• 11b7033 fix: possibly flaky test (Generic JSON body support in rust-server OpenAPITools/openapi-generator#1523)
• 4f43c9e fix: always warn Request.data (Add online services to the documentation OpenAPITools/openapi-generator#1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (Update JS client dependency OpenAPITools/openapi-generator#1578)
• a92b5d5 fix: use space in accept-encoding values ([C++][Pistache-server] Object containing an Array - model file (.h) is not included and generated code is wrong - Compilation failed OpenAPITools/openapi-generator#1572)
• 0f122b8 docs: fix formdata code example ([csharp] Multiple response types not supported OpenAPITools/openapi-generator#1562)
• 6ae9c76 docs(readme): response.clone() is not async ([Python3] Fix #1445: Safe decoding of response content with try-except OpenAPITools/openapi-generator#1560)
• 043a5fc Fix leaking listeners ([Snyk] Security upgrade axios from 0.27.2 to 1.13.5 #1295) (Broken link in README.md OpenAPITools/openapi-generator#1474)
• 004b3ac fix: don't uppercase unknown methods (WIP: Ruby faraday client OpenAPITools/openapi-generator#1542)
• c33e393 Fix Code of Conduct link in Readme. ([SPRING] Generate constants for paths (#1385) OpenAPITools/openapi-generator#1532)
• 6875205 docs: Fix link markup to Options definition ([JAVA][Server] Generated model classes are missing default values OpenAPITools/openapi-generator#1525)
• 6425e20 fix: handle bom in text and json (Generate a ruby-client sample for OpenAPI 2.0 OpenAPITools/openapi-generator#1482)
• a4ea5f9 fix: add missing formdata export to types (Protobuf support ? OpenAPITools/openapi-generator#1518)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs