[Snyk] Upgrade node-fetch from 2.6.1 to 2.7.0

[Vishwas1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.7.0.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.
• The recommended version was released 7 months ago, on 2023-08-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579152	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-fetch

• 2.7.0 - 2023-08-23
  

  2.7.0 (2023-08-23)

  Features

  • AbortError (#1744) (9b9d458)
• 2.6.13 - 2023-08-18
  

  2.6.13 (2023-08-18)

  Bug Fixes

  • Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736
• 2.6.12 - 2023-06-29
  

  2.6.12 (2023-06-29)

  Bug Fixes

  • socket variable testing for undefined (#1726) (8bc3a7c)
• 2.6.11 - 2023-05-09
  

  2.6.11 (2023-05-09)

  Reverts

  • Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741
• 2.6.10 - 2023-05-08
  

  2.6.10 (2023-05-08)

  Bug Fixes

  • handle bom in text and json (#1739) (29909d7)
• 2.6.9 - 2023-01-30
  

  2.6.9 (2023-01-30)

  Bug Fixes

  • "global is not defined" (#1704) (70f592d)
• 2.6.8 - 2023-01-13
  

  2.6.8 (2023-01-13)

  Bug Fixes

  • headers: don't forward secure headers on protocol change (#1605) (fddad0e), closes #1599
  • premature close with chunked transfer encoding and for async iterators in Node 12 (#1172) (50536d1), closes #1064 /github.com/node-fetch/node-fetch/pull/1064#issuecomment-849167400
  • prevent hoisting of the undefined global variable in browser.js (#1534) (8bb6e31)
• 2.6.7 - 2022-01-16
• 2.6.6 - 2021-10-31
• 2.6.5 - 2021-09-22
• 2.6.4 - 2021-09-21
• 2.6.3 - 2021-09-20
• 2.6.2 - 2021-09-06
• 2.6.1 - 2020-09-05

from node-fetch GitHub release notes

Commit messages

Package name: node-fetch

• 9b9d458 feat: `AbortError` (UI design for taking attribute field in Custom Api at admin side #1744)
• 65ae25a fix: Remove the default connection close header (add validation for invalid object type #1765)
• 8bc3a7c fix: socket variable testing for undefined (changes in UI for code optimization in NFT and custom NFT #1726)
• afb36f6 Revert "fix: handle bom in text and json (Minor UI changes fixed #1739)" (add validation for entering custom ABI method in contract address field #1741)
• 29909d7 fix: handle bom in text and json (Minor UI changes fixed #1739)
• 70f592d fix: "global is not defined" (Issues/1703 #1704)
• 0f1ebb0 Prevent error when response is null (project api calling 2 times bug fixed in participants.vue page #1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• ce37bcd ci(semantic-release): config
• 1768eaa ci(release): initial version
• 8bb6e31 fix: prevent hoisting of the undefined `global` variable in `browser.js` (Opt/prettier #1534)
• e218f8d Add missing changelog entries. (change validations #1613)
• fddad0e fix(headers): don't forward secure headers on protocol change (implemet super admin page in better way #1605)
• 50536d1 fix: premature close with chunked transfer encoding and for async iterators in Node 12 (Being able to delete an event (at least from the front end/ admin dashboard) #1172)
• 838d971 Handle zero-length OK deflate responses (ui breaking for prize config #903)
• 1ef4b56 backport of Issues#1444 #1449 (Issues#1445 #1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (fixed subscription #1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (The accordion of actions on the logout page is opening because of adding KYC #1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (fixed bug #1303)
• 18193c5 fix v2.6.3 that did not sending query params (display validation on keeping the contract ABI method and and condition blank #1301)
• ace7536 fix: properly encode url with unicode characters (Updates #1291)
• 152214c Fix(package.json): Corrected main file path in package.json (Develop #1274)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs