[Snyk] Security upgrade node-fetch from 2.6.1 to 3.2.10

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-fetch

The new version differs by 217 commits.

• 2880238 fix: ReDoS referrer (WANT TO SEE HOT PICS WITH ME? 💋 💋 💋 markedjs/marked#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (Cleanup now.json markedjs/marked#1599)
• bcfb71c chore: remove triple-slash directives from typings (Don't Encode Internationalized Domain Names markedjs/marked#1285) (marked does not transform "#xxx" as what i expected markedjs/marked#1287)
• 95165d5 fix spelling (send inline html to renderer markedjs/marked#1602)
• 11b7033 fix: possibly flaky test (Multiple HTML blocks  markedjs/marked#1523)
• 4f43c9e fix: always warn Request.data (Allow links to be multiline markedjs/marked#1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (<pre> followed by empty line markedjs/marked#1578)
• a92b5d5 fix: use space in accept-encoding values (Use Babel's loose mode for shorted & more performant code markedjs/marked#1572)
• 0f122b8 docs: fix formdata code example (Reflink-like extension markedjs/marked#1562)
• 6ae9c76 docs(readme): response.clone() is not async (Converting tabs to appropriate number of spaces for proper alignment. markedjs/marked#1560)
• 043a5fc Fix leaking listeners (use iframe to sandbox generated html markedjs/marked#1295) (Some failed commonmark examples markedjs/marked#1474)
• 004b3ac fix: don't uppercase unknown methods (Update eslint markedjs/marked#1542)
• c33e393 Fix Code of Conduct link in Readme. (remove substitutions markedjs/marked#1532)
• 6875205 docs: Fix link markup to Options definition (& in a url query gets escaped and re-written to & markedjs/marked#1525)
• 6425e20 fix: handle bom in text and json (Clean up tests markedjs/marked#1482)
• a4ea5f9 fix: add missing formdata export to types (Develop markedjs/marked#1518)
• 61b3b5a fix: cancel request example import (Remove baseUrl if its just a slash markedjs/marked#1513)
• 5e78af3 Replace changelog with valid url (update test descriptions in CONTRIBUTING.md markedjs/marked#1506)
• 9014db7 types: support `agent: false` (baseUrl doesn't work on <img> tag markedjs/marked#1502)
• 2e1f3a5 chore: fix typo in credential error message (modify the list regex to solve an issue with list rendering #1461 markedjs/marked#1496)
• 4ce2ce5 docs(readme): fix typo (Better solution for TOC markedjs/marked#1489)
• ba23fd2 docs: remove the changelog (Nested blockquotes markedjs/marked#1464)
• 8fedc1b core: move support and feature to discussion (nested lists Maximum call stack size exceeded markedjs/marked#1471)
• 0b43b9f docs: update formdata example (commonmark 0.29 markedjs/marked#1465)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[secure-code-warrior-for-github]

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try this challenge in Secure Code Warrior