This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.7.0.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration).
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **13 versions** ahead of your current version.
- The recommended version was released **3 months ago**, on 2023-08-23.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Information Exposure [SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **539/1000** **Why?** Has a fix available, CVSS 6.5 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: node-fetch
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
18193c5 fix v2.6.3 that did not sending query params (#1301)
ace7536 fix: properly encode url with unicode characters (#1291)
152214c Fix(package.json): Corrected main file path in package.json (#1274)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f?utm_source=github&utm_medium=referral&page=upgrade-pr)
👩💻 [Set who automatically gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?pkg=node-fetch&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade node-fetch from 2.6.1 to 2.7.0.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. :sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration). :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **13 versions** ahead of your current version. - The recommended version was released **3 months ago**, on 2023-08-23. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: node-fetch
2.7.0 (2023-08-23)
Features
AbortError
(#1744) (9b9d458)2.6.13 (2023-08-18)
Bug Fixes
2.6.12 (2023-06-29)
Bug Fixes
2.6.11 (2023-05-09)
Reverts
2.6.10 (2023-05-08)
Bug Fixes
2.6.9 (2023-01-30)
Bug Fixes
2.6.8 (2023-01-13)
Bug Fixes
global
variable inbrowser.js
(#1534) (8bb6e31)Commit messages
Package name: node-fetch
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f?utm_source=github&utm_medium=referral&page=upgrade-pr) 👩💻 [Set who automatically gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?pkg=node-fetch&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)