[Snyk] Security upgrade node-fetch from 2.6.1 to 3.1.1

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-fetch

The new version differs by 187 commits.

• 36e47e8 3.1.1 release (fix(proxy): update proxy module jef/streetmerchant#1451)
• 5304f3f Don't change relative location header on manual redirect (feat(store): add expert jef/streetmerchant#1105)
• f5d3cf5 fix(Headers): don't forward secure headers to 3th party (CAPTCHA + ERROR 403 jef/streetmerchant#1449)
• f2c3d56 Create SECURITY.md (Error : Cannot find module '@doridian/puppeteer-page-proxy' jef/streetmerchant#1445)
• 4ae3538 core: Warn when using data (Some out of stock items are checked for max price before out of stock check jef/streetmerchant#1421)
• 41f53b9 fix: use more node: protocol imports (Setting up streetmerchant in Unraid via Docker jef/streetmerchant#1428)
• f674875 ci: fix main branch (Getting NPM Pushbullet Error When Building Docker Image jef/streetmerchant#1429)
• 1493d04 core: Don't use global buffer (fix(lookup): check out of stock before price jef/streetmerchant#1422)
• eb33090 Chore: Fix logical operator priority (regression) to disallow GET/HEAD with non-empty body (docs(filter): update El Corte Inglés location jef/streetmerchant#1369)
• 7ba5bc9 update readme for TS @ type/node-fetch (Mediaworld italian store jef/streetmerchant#1405)
• 6956bf8 core: Don't use buffer to make a blob (chore(deps-dev): bump webpack from 5.10.0 to 5.10.1 jef/streetmerchant#1402)
• 6e4c1e4 fix(Redirect): Better handle wrong redirect header in a response (chore: release 3.3.1 jef/streetmerchant#1387)
• 2d5399e fix: handle errors from the request body stream (Some stores marked as having stock, browser opens, but no stock jef/streetmerchant#1392)
• 0284826 fix(http.request): Cast URL to string before sending it to NodeJS core (Get error message on startup, "where" unrecognizable command jef/streetmerchant#1378)
• 3f0e0c2 docs: Fix typo around sending a file (Request Interception is not enabled! and adblocker.js jef/streetmerchant#1381)
• 30c3cfe update fetch-blob (Only Asus TUF 3080 being scanned jef/streetmerchant#1371)
• 109bd21 release minor change (3.1.0) (Belgium. jef/streetmerchant#1364)
• ff71348 docs: Update code examples (Cannot find module 'random-useragent' or its corresponding type declarations. jef/streetmerchant#1365)
• 1068c8a template: Make PR template more task oriented (Trouble adding a store. jef/streetmerchant#1224)
• 3944f24 feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData (How do I change the cartURL for notifications to just the plain URL for notifications. jef/streetmerchant#1314)
• 37ac459 docs: Improve clarity of "Loading and configuring" (#1323)
• a3a5b63 chore: Correct stuff in README.md (#1361)
• ff7e950 Add typing for Response.redirect(url, status) (Docker installation failed jef/streetmerchant#1169)
• 2d80b0b Add support for Referrer and Referrer Policy (feat(store): add Medimax jef/streetmerchant#1057)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 10 days

[github-actions]

This issue has been closed because it is stale. Reopen if necessary.