[Snyk] Security upgrade node-fetch from 2.6.7 to 3.2.10

[christeredvartsen]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-fetch

The new version differs by 217 commits.

• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (Bump next from 13.4.1 to 13.5.0 #1599)
• bcfb71c chore: remove triple-slash directives from typings (Kontorsider #1285) (Indikasjon på åpningstider for chat i kontaktmodul #1287)
• 95165d5 fix spelling (Fikse code smells og issues rapportert av Sonarcloud #1602)
• 11b7033 fix: possibly flaky test (Migrere fra ds-icons til aksel-icons #1523)
• 4f43c9e fix: always warn Request.data (Forside og underforside for samarbeidspartner #1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (Macro for å lenke til et spesifikt layer #1578)
• a92b5d5 fix: use space in accept-encoding values ([Snyk] Security upgrade sharp from 0.32.1 to 0.32.6 #1572)
• 0f122b8 docs: fix formdata code example (UU: Fjern bruk av background image #1562)
• 6ae9c76 docs(readme): response.clone() is not async (Underforside #1560)
• 043a5fc Fix leaking listeners (Klokkeslett i badge for åpningstider må være forenklet til "...åpner i dag kl. 9" #1295) (Justere tekst på kontorside #1474)
• 004b3ac fix: don't uppercase unknown methods (Lenketekst oversatt til samisk #1542)
• c33e393 Fix Code of Conduct link in Readme. (Aktiver søkefunksjon på oversiktssider #1532)
• 6875205 docs: Fix link markup to Options definition (Arbeidsgiver: Setter fontstørrelse og linjehøyde på kort lik heading-medium #1525)
• 6425e20 fix: handle bom in text and json (Ekspandere produktpanel ved hash change #1482)
• a4ea5f9 fix: add missing formdata export to types (Felles komponent for visning av bruk av innhold #1518)
• 61b3b5a fix: cancel request example import (Bump tough-cookie from 4.1.2 to 4.1.3 #1513)
• 5e78af3 Replace changelog with valid url (Refactor typer og sett strengere TS config #1506)
• 9014db7 types: support `agent: false` (Flere video fixes #1502)
• 2e1f3a5 chore: fix typo in credential error message (Videoer laster ikke ved async-navigering #1496)
• 4ce2ce5 docs(readme): fix typo (Fikser 404-feil ved fetch av produkt- og skjemadetaljer på oversiktssider #1489)
• ba23fd2 docs: remove the changelog (Erstatte Sentry med nais frontend observability #1464)
• 8fedc1b core: move support and feature to discussion (Skjuler filter-knapp på mobil når ingen toggle-filtre er enabled #1471)
• 0b43b9f docs: update formdata example (Ignorer heading-tag hvis makro + fjern tomme thead-tags #1465)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[bdahle]

Denne sårbarheten skal ikke påvirke versjon 2.x av node-fetch: node-fetch/node-fetch#1611 (comment)

Oppgradering til versjon 3 krever støtte for ESM