[Snyk] Upgrade: node-fetch, web3

[mshantanu]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

node-fetch
from 3.2.1 to 3.3.2 | 12 versions ahead of your current version | a year ago
on 2023-07-25
web3
from 1.7.0 to 1.10.4 | 30 versions ahead of your current version | 7 months ago
on 2024-02-05

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180	484	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	484	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	484	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	484	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	484	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	484	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	484	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	484	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	484	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	484	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	484	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	484	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	484	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	484	No Known Exploit

Release notes

Package name: node-fetch

• 3.3.2 - 2023-07-25
  

  3.3.2 (2023-07-25)

  Bug Fixes

  • Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473
• 3.3.1 - 2023-03-11
  

  3.3.1 (2023-03-11)

  Bug Fixes

  • release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)
• 3.3.0 - 2022-11-10
  

  3.3.0 (2022-11-10)

  Features

  • add static Response.json (#1670) (55a4870)
• 3.2.10 - 2022-07-31
  

  3.2.10 (2022-07-31)

  Bug Fixes

  • ReDoS referrer (#1611) (2880238)
• 3.2.9 - 2022-07-18
  

  3.2.9 (2022-07-18)

  Bug Fixes

  • Headers: don't forward secure headers on protocol change (#1599) (e87b093)
• 3.2.8 - 2022-07-12
• 3.2.7 - 2022-07-11
• 3.2.6 - 2022-06-09
• 3.2.5 - 2022-06-01
• 3.2.4 - 2022-04-28
• 3.2.3 - 2022-03-11
• 3.2.2 - 2022-03-07
• 3.2.1 - 2022-03-01

from node-fetch GitHub release notes

Package name: web3

• 1.10.4 - 2024-02-05
• 1.10.4-dev.0 - 2024-01-31
• 1.10.3 - 2023-10-18
• 1.10.3-dev.0 - 2023-10-16
• 1.10.2 - 2023-08-28
• 1.10.1 - 2023-08-14
• 1.10.1-rc.0 - 2023-08-08
• 1.10.0 - 2023-05-10
• 1.10.0-rc.0 - 2023-05-02
• 1.9.0 - 2023-03-20
• 1.9.0-rc.0 - 2023-03-07
• 1.8.2 - 2023-01-30
• 1.8.2-rc.0 - 2023-01-11
• 1.8.1 - 2022-11-10
• 1.8.1-rc.0 - 2022-10-28
• 1.8.0 - 2022-09-14
• 1.8.0-rc.0 - 2022-09-08
• 1.7.5 - 2022-08-01
• 1.7.5-rc.1 - 2022-07-19
• 1.7.5-rc.0 - 2022-07-15
• 1.7.4 - 2022-06-21
• 1.7.4-rc.2 - 2022-06-16
• 1.7.4-rc.1 - 2022-06-08
• 1.7.4-rc.0 - 2022-05-17
• 1.7.3 - 2022-04-08
• 1.7.3-rc.0 - 2022-04-07
• 1.7.2 - 2022-04-07
• 1.7.2-rc.0 - 2022-03-24
• 1.7.1 - 2022-03-03
• 1.7.1-rc.0 - 2022-02-10
• 1.7.0 - 2022-01-17

from web3 GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs