This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.6.11.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **10 versions** ahead of your current version.
- The recommended version was released **a month ago**, on 2023-05-09.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Information Exposure [SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **539/1000** **Why?** Has a fix available, CVSS 6.5 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: node-fetch
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
18193c5 fix v2.6.3 that did not sending query params (#1301)
ace7536 fix: properly encode url with unicode characters (#1291)
152214c Fix(package.json): Corrected main file path in package.json (#1274)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/thelmgn/project/00e6a3ef-e6d5-441b-822c-44f1fb39233b?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/thelmgn/project/00e6a3ef-e6d5-441b-822c-44f1fb39233b/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/thelmgn/project/00e6a3ef-e6d5-441b-822c-44f1fb39233b/settings/integration?pkg=node-fetch&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.6.11.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **10 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2023-05-09. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: node-fetch
-
2.6.11 - 2023-05-09
- Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741
-
2.6.10 - 2023-05-08
- handle bom in text and json (#1739) (29909d7)
-
2.6.9 - 2023-01-30
- "global is not defined" (#1704) (70f592d)
-
2.6.8 - 2023-01-13
- headers: don't forward secure headers on protocol change (#1605) (fddad0e), closes #1599
- premature close with chunked transfer encoding and for async iterators in Node 12 (#1172) (50536d1), closes #1064 /github.com/node-fetch/node-fetch/pull/1064#issuecomment-849167400
- prevent hoisting of the undefined
-
2.6.7 - 2022-01-16
-
2.6.6 - 2021-10-31
-
2.6.5 - 2021-09-22
-
2.6.4 - 2021-09-21
-
2.6.3 - 2021-09-20
-
2.6.2 - 2021-09-06
-
2.6.1 - 2020-09-05
from node-fetch GitHub release notes2.6.11 (2023-05-09)
Reverts
2.6.10 (2023-05-08)
Bug Fixes
2.6.9 (2023-01-30)
Bug Fixes
2.6.8 (2023-01-13)
Bug Fixes
globalvariable inbrowser.js(#1534) (8bb6e31)Commit messages
Package name: node-fetch
- afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
- 29909d7 fix: handle bom in text and json (#1739)
- 70f592d fix: "global is not defined" (#1704)
- 0f1ebb0 Prevent error when response is null (#1699)
- 6e9464d ci(release): install dependencies
- dd2a0ba ci(release): install dependencies
- 49bef02 ci(release): use latest Node LTS
- ce37bcd ci(semantic-release): config
- 1768eaa ci(release): initial version
- 8bb6e31 fix: prevent hoisting of the undefined `global` variable in `browser.js` (#1534)
- e218f8d Add missing changelog entries. (#1613)
- fddad0e fix(headers): don't forward secure headers on protocol change (#1605)
- 50536d1 fix: premature close with chunked transfer encoding and for async iterators in Node 12 (#1172)
- 838d971 Handle zero-length OK deflate responses (#903)
- 1ef4b56 backport of #1449 (#1453)
- 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
- f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
- b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
- 18193c5 fix v2.6.3 that did not sending query params (#1301)
- ace7536 fix: properly encode url with unicode characters (#1291)
- 152214c Fix(package.json): Corrected main file path in package.json (#1274)
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: