[Snyk] Upgrade node-fetch from 3.1.1 to 3.2.0

[snyk-bot]

Snyk has created this PR to upgrade node-fetch from 3.1.1 to 3.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released a month ago, on 2022-01-20.

Release notes

Package name: node-fetch

• 3.2.0 - 2022-01-20
  

  3.2.0 (2022-01-20)

  Features

  • export Blob, File and FormData + utilities (#1463) (81b1378)
• 3.1.1 - 2022-01-16
  

  Security patch release

  Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

  What's Changed

  • core: update fetch-blob by @ jimmywarting in #1371
  • docs: Fix typo around sending a file by @ jimmywarting in #1381
  • core: (http.request): Cast URL to string before sending it to NodeJS core by @ jimmywarting in #1378
  • core: handle errors from the request body stream by @ mdmitry01 in #1392
  • core: Better handle wrong redirect header in a response by @ tasinet in #1387
  • core: Don't use buffer to make a blob by @ jimmywarting in #1402
  • docs: update readme for TS @ types/node-fetch by @ adamellsworth in #1405
  • core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @ maxshirshin in #1369
  • core: Don't use global buffer by @ jimmywarting in #1422
  • ci: fix main branch by @ dnalborczyk in #1429
  • core: use more node: protocol imports by @ dnalborczyk in #1428
  • core: Warn when using data by @ jimmywarting in #1421
  • docs: Create SECURITY.md by @ JamieSlome in #1445
  • core: don't forward secure headers to 3th party by @ jimmywarting in #1449

  New Contributors

  • @ mdmitry01 made their first contribution in #1392
  • @ tasinet made their first contribution in #1387
  • @ adamellsworth made their first contribution in #1405
  • @ maxshirshin made their first contribution in #1369
  • @ JamieSlome made their first contribution in #1445

  Full Changelog: v3.1.0...v3.1.1

from node-fetch GitHub release notes

Commit messages

Package name: node-fetch

• 81b1378 feat: export Blob, File and FormData + utilities (#1463)
• b2f5d8d ci: semantic-release (#1270)
• 015798e test: Modernize and convert some test in `main.js` to async/await (#1456)
• 1028f83 test: Update major busboy version (#1457)
• dd2cea4 Handle zero-length OK deflate responses (master) (#965)
• 92dee09 Simplify check in isDomainOrSubdomain (#1455)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/fogrew/gurylev/8Vzh3jgnmh2JEPxESTcfEQKjaJCP
✅ Preview: https://gurylev-git-snyk-upgrade-47d30b562c40977ae88d06f5-125a43-fogrew.vercel.app

[commit-lint]

Bug Fixes

• upgrade node-fetch from 3.1.1 to 3.2.0 (d1fc635)

Contributors

snyk-bot

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR:

• @Commit-Lint merge patch will merge dependabot PR on "patch" versions (X.X.Y - Y change)
• @Commit-Lint merge minor will merge dependabot PR on "minor" versions (X.Y.Y - Y change)
• @Commit-Lint merge major will merge dependabot PR on "major" versions (Y.Y.Y - Y change)
• @Commit-Lint merge disable will desactivate merge dependabot PR
• @Commit-Lint review will approve dependabot PR
• @Commit-Lint stop review will stop approve dependabot PR

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Pages

Latest commit:	d1fc635
Status:	🚫  Build failed.

View logs