node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Release Notes
node-fetch/node-fetch
### [`v3.1.1`](https://togithub.com/node-fetch/node-fetch/releases/v3.1.1)
[Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1)
#### Security patch release
Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred
#### What's Changed
- core: update fetch-blob by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1371](https://togithub.com/node-fetch/node-fetch/pull/1371)
- docs: Fix typo around sending a file by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1381](https://togithub.com/node-fetch/node-fetch/pull/1381)
- core: (http.request): Cast URL to string before sending it to NodeJS core by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1378](https://togithub.com/node-fetch/node-fetch/pull/1378)
- core: handle errors from the request body stream by [@mdmitry01](https://togithub.com/mdmitry01) in [https://github.com/node-fetch/node-fetch/pull/1392](https://togithub.com/node-fetch/node-fetch/pull/1392)
- core: Better handle wrong redirect header in a response by [@tasinet](https://togithub.com/tasinet) in [https://github.com/node-fetch/node-fetch/pull/1387](https://togithub.com/node-fetch/node-fetch/pull/1387)
- core: Don't use buffer to make a blob by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1402](https://togithub.com/node-fetch/node-fetch/pull/1402)
- docs: update readme for TS [@types/node-fetch](https://togithub.com/types/node-fetch) by [@adamellsworth](https://togithub.com/adamellsworth) in [https://github.com/node-fetch/node-fetch/pull/1405](https://togithub.com/node-fetch/node-fetch/pull/1405)
- core: Fix logical operator priority to disallow GET/HEAD with non-empty body by [@maxshirshin](https://togithub.com/maxshirshin) in [https://github.com/node-fetch/node-fetch/pull/1369](https://togithub.com/node-fetch/node-fetch/pull/1369)
- core: Don't use global buffer by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1422](https://togithub.com/node-fetch/node-fetch/pull/1422)
- ci: fix main branch by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1429](https://togithub.com/node-fetch/node-fetch/pull/1429)
- core: use more node: protocol imports by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1428](https://togithub.com/node-fetch/node-fetch/pull/1428)
- core: Warn when using data by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1421](https://togithub.com/node-fetch/node-fetch/pull/1421)
- docs: Create SECURITY.md by [@JamieSlome](https://togithub.com/JamieSlome) in [https://github.com/node-fetch/node-fetch/pull/1445](https://togithub.com/node-fetch/node-fetch/pull/1445)
- core: don't forward secure headers to 3th party by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1449](https://togithub.com/node-fetch/node-fetch/pull/1449)
#### New Contributors
- [@mdmitry01](https://togithub.com/mdmitry01) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1392](https://togithub.com/node-fetch/node-fetch/pull/1392)
- [@tasinet](https://togithub.com/tasinet) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1387](https://togithub.com/node-fetch/node-fetch/pull/1387)
- [@adamellsworth](https://togithub.com/adamellsworth) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1405](https://togithub.com/node-fetch/node-fetch/pull/1405)
- [@maxshirshin](https://togithub.com/maxshirshin) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1369](https://togithub.com/node-fetch/node-fetch/pull/1369)
- [@JamieSlome](https://togithub.com/JamieSlome) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1445](https://togithub.com/node-fetch/node-fetch/pull/1445)
**Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1
### [`v3.1.0`](https://togithub.com/node-fetch/node-fetch/releases/v3.1.0)
[Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0)
##### What's Changed
- fix(Body): Discourage form-data and buffer() by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1212](https://togithub.com/node-fetch/node-fetch/pull/1212)
- fix: Pass url string to http.request by [@serverwentdown](https://togithub.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1268](https://togithub.com/node-fetch/node-fetch/pull/1268)
- Fix octocat image link by [@lakuapik](https://togithub.com/lakuapik) in [https://github.com/node-fetch/node-fetch/pull/1281](https://togithub.com/node-fetch/node-fetch/pull/1281)
- fix(Body.body): Normalize `Body.body` into a `node:stream` by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/924](https://togithub.com/node-fetch/node-fetch/pull/924)
- docs(Headers): Add default Host request header to README.md file by [@robertoaceves](https://togithub.com/robertoaceves) in [https://github.com/node-fetch/node-fetch/pull/1316](https://togithub.com/node-fetch/node-fetch/pull/1316)
- Update CHANGELOG.md by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1292](https://togithub.com/node-fetch/node-fetch/pull/1292)
- Add highWaterMark to cloned properties by [@davesidious](https://togithub.com/davesidious) in [https://github.com/node-fetch/node-fetch/pull/1162](https://togithub.com/node-fetch/node-fetch/pull/1162)
- Update README.md to fix HTTPResponseError by [@thedanfernandez](https://togithub.com/thedanfernandez) in [https://github.com/node-fetch/node-fetch/pull/1135](https://togithub.com/node-fetch/node-fetch/pull/1135)
- docs: switch `url` to `URL` by [@dhritzkiv](https://togithub.com/dhritzkiv) in [https://github.com/node-fetch/node-fetch/pull/1318](https://togithub.com/node-fetch/node-fetch/pull/1318)
- fix(types): declare buffer() deprecated by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1345](https://togithub.com/node-fetch/node-fetch/pull/1345)
- chore: fix lint by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1348](https://togithub.com/node-fetch/node-fetch/pull/1348)
- refactor: use node: prefix for imports by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1346](https://togithub.com/node-fetch/node-fetch/pull/1346)
- Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1319](https://togithub.com/node-fetch/node-fetch/pull/1319)
- Bump mocha from 8.4.0 to 9.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1339](https://togithub.com/node-fetch/node-fetch/pull/1339)
- Referrer and Referrer Policy by [@tekwiz](https://togithub.com/tekwiz) in [https://github.com/node-fetch/node-fetch/pull/1057](https://togithub.com/node-fetch/node-fetch/pull/1057)
- Add typing for Response.redirect(url, status) by [@c-w](https://togithub.com/c-w) in [https://github.com/node-fetch/node-fetch/pull/1169](https://togithub.com/node-fetch/node-fetch/pull/1169)
- chore: Correct stuff in README.md by [@Jiralite](https://togithub.com/Jiralite) in [https://github.com/node-fetch/node-fetch/pull/1361](https://togithub.com/node-fetch/node-fetch/pull/1361)
- docs: Improve clarity of "Loading and configuring" by [@serverwentdown](https://togithub.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1323](https://togithub.com/node-fetch/node-fetch/pull/1323)
- feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1314](https://togithub.com/node-fetch/node-fetch/pull/1314)
- template: Make PR template more task oriented by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1224](https://togithub.com/node-fetch/node-fetch/pull/1224)
- docs: Update code examples by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1365](https://togithub.com/node-fetch/node-fetch/pull/1365)
##### New Contributors
- [@serverwentdown](https://togithub.com/serverwentdown) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1268](https://togithub.com/node-fetch/node-fetch/pull/1268)
- [@lakuapik](https://togithub.com/lakuapik) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1281](https://togithub.com/node-fetch/node-fetch/pull/1281)
- [@robertoaceves](https://togithub.com/robertoaceves) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1316](https://togithub.com/node-fetch/node-fetch/pull/1316)
- [@davesidious](https://togithub.com/davesidious) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1162](https://togithub.com/node-fetch/node-fetch/pull/1162)
- [@thedanfernandez](https://togithub.com/thedanfernandez) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1135](https://togithub.com/node-fetch/node-fetch/pull/1135)
- [@dhritzkiv](https://togithub.com/dhritzkiv) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1318](https://togithub.com/node-fetch/node-fetch/pull/1318)
- [@dnalborczyk](https://togithub.com/dnalborczyk) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1345](https://togithub.com/node-fetch/node-fetch/pull/1345)
- [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1319](https://togithub.com/node-fetch/node-fetch/pull/1319)
- [@c-w](https://togithub.com/c-w) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1169](https://togithub.com/node-fetch/node-fetch/pull/1169)
**Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0
### [`v3.0.0`](https://togithub.com/node-fetch/node-fetch/releases/v3.0.0)
[Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.7...v3.0.0)
version 3 is going out of a long beta period and switches to stable
One major change is that it's now a ESM only package
See [changelog](https://togithub.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md#v300) for more information about all the changes.
### [`v2.6.7`](https://togithub.com/node-fetch/node-fetch/releases/v2.6.7)
[Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7)
##### Security patch release
Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred
##### What's Changed
- fix: don't forward secure headers to 3th party by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1453](https://togithub.com/node-fetch/node-fetch/pull/1453)
**Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7
Configuration
๐ Schedule: "" in timezone Europe/Paris.
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
๐ Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR contains the following updates:
^2.6.6
->^3.0.0
GitHub Vulnerability Alerts
CVE-2022-0235
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Release Notes
node-fetch/node-fetch
### [`v3.1.1`](https://togithub.com/node-fetch/node-fetch/releases/v3.1.1) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1) #### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred #### What's Changed - core: update fetch-blob by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1371](https://togithub.com/node-fetch/node-fetch/pull/1371) - docs: Fix typo around sending a file by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1381](https://togithub.com/node-fetch/node-fetch/pull/1381) - core: (http.request): Cast URL to string before sending it to NodeJS core by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1378](https://togithub.com/node-fetch/node-fetch/pull/1378) - core: handle errors from the request body stream by [@mdmitry01](https://togithub.com/mdmitry01) in [https://github.com/node-fetch/node-fetch/pull/1392](https://togithub.com/node-fetch/node-fetch/pull/1392) - core: Better handle wrong redirect header in a response by [@tasinet](https://togithub.com/tasinet) in [https://github.com/node-fetch/node-fetch/pull/1387](https://togithub.com/node-fetch/node-fetch/pull/1387) - core: Don't use buffer to make a blob by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1402](https://togithub.com/node-fetch/node-fetch/pull/1402) - docs: update readme for TS [@types/node-fetch](https://togithub.com/types/node-fetch) by [@adamellsworth](https://togithub.com/adamellsworth) in [https://github.com/node-fetch/node-fetch/pull/1405](https://togithub.com/node-fetch/node-fetch/pull/1405) - core: Fix logical operator priority to disallow GET/HEAD with non-empty body by [@maxshirshin](https://togithub.com/maxshirshin) in [https://github.com/node-fetch/node-fetch/pull/1369](https://togithub.com/node-fetch/node-fetch/pull/1369) - core: Don't use global buffer by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1422](https://togithub.com/node-fetch/node-fetch/pull/1422) - ci: fix main branch by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1429](https://togithub.com/node-fetch/node-fetch/pull/1429) - core: use more node: protocol imports by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1428](https://togithub.com/node-fetch/node-fetch/pull/1428) - core: Warn when using data by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1421](https://togithub.com/node-fetch/node-fetch/pull/1421) - docs: Create SECURITY.md by [@JamieSlome](https://togithub.com/JamieSlome) in [https://github.com/node-fetch/node-fetch/pull/1445](https://togithub.com/node-fetch/node-fetch/pull/1445) - core: don't forward secure headers to 3th party by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1449](https://togithub.com/node-fetch/node-fetch/pull/1449) #### New Contributors - [@mdmitry01](https://togithub.com/mdmitry01) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1392](https://togithub.com/node-fetch/node-fetch/pull/1392) - [@tasinet](https://togithub.com/tasinet) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1387](https://togithub.com/node-fetch/node-fetch/pull/1387) - [@adamellsworth](https://togithub.com/adamellsworth) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1405](https://togithub.com/node-fetch/node-fetch/pull/1405) - [@maxshirshin](https://togithub.com/maxshirshin) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1369](https://togithub.com/node-fetch/node-fetch/pull/1369) - [@JamieSlome](https://togithub.com/JamieSlome) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1445](https://togithub.com/node-fetch/node-fetch/pull/1445) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1 ### [`v3.1.0`](https://togithub.com/node-fetch/node-fetch/releases/v3.1.0) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0) ##### What's Changed - fix(Body): Discourage form-data and buffer() by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1212](https://togithub.com/node-fetch/node-fetch/pull/1212) - fix: Pass url string to http.request by [@serverwentdown](https://togithub.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1268](https://togithub.com/node-fetch/node-fetch/pull/1268) - Fix octocat image link by [@lakuapik](https://togithub.com/lakuapik) in [https://github.com/node-fetch/node-fetch/pull/1281](https://togithub.com/node-fetch/node-fetch/pull/1281) - fix(Body.body): Normalize `Body.body` into a `node:stream` by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/924](https://togithub.com/node-fetch/node-fetch/pull/924) - docs(Headers): Add default Host request header to README.md file by [@robertoaceves](https://togithub.com/robertoaceves) in [https://github.com/node-fetch/node-fetch/pull/1316](https://togithub.com/node-fetch/node-fetch/pull/1316) - Update CHANGELOG.md by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1292](https://togithub.com/node-fetch/node-fetch/pull/1292) - Add highWaterMark to cloned properties by [@davesidious](https://togithub.com/davesidious) in [https://github.com/node-fetch/node-fetch/pull/1162](https://togithub.com/node-fetch/node-fetch/pull/1162) - Update README.md to fix HTTPResponseError by [@thedanfernandez](https://togithub.com/thedanfernandez) in [https://github.com/node-fetch/node-fetch/pull/1135](https://togithub.com/node-fetch/node-fetch/pull/1135) - docs: switch `url` to `URL` by [@dhritzkiv](https://togithub.com/dhritzkiv) in [https://github.com/node-fetch/node-fetch/pull/1318](https://togithub.com/node-fetch/node-fetch/pull/1318) - fix(types): declare buffer() deprecated by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1345](https://togithub.com/node-fetch/node-fetch/pull/1345) - chore: fix lint by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1348](https://togithub.com/node-fetch/node-fetch/pull/1348) - refactor: use node: prefix for imports by [@dnalborczyk](https://togithub.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1346](https://togithub.com/node-fetch/node-fetch/pull/1346) - Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1319](https://togithub.com/node-fetch/node-fetch/pull/1319) - Bump mocha from 8.4.0 to 9.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1339](https://togithub.com/node-fetch/node-fetch/pull/1339) - Referrer and Referrer Policy by [@tekwiz](https://togithub.com/tekwiz) in [https://github.com/node-fetch/node-fetch/pull/1057](https://togithub.com/node-fetch/node-fetch/pull/1057) - Add typing for Response.redirect(url, status) by [@c-w](https://togithub.com/c-w) in [https://github.com/node-fetch/node-fetch/pull/1169](https://togithub.com/node-fetch/node-fetch/pull/1169) - chore: Correct stuff in README.md by [@Jiralite](https://togithub.com/Jiralite) in [https://github.com/node-fetch/node-fetch/pull/1361](https://togithub.com/node-fetch/node-fetch/pull/1361) - docs: Improve clarity of "Loading and configuring" by [@serverwentdown](https://togithub.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1323](https://togithub.com/node-fetch/node-fetch/pull/1323) - feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1314](https://togithub.com/node-fetch/node-fetch/pull/1314) - template: Make PR template more task oriented by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1224](https://togithub.com/node-fetch/node-fetch/pull/1224) - docs: Update code examples by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1365](https://togithub.com/node-fetch/node-fetch/pull/1365) ##### New Contributors - [@serverwentdown](https://togithub.com/serverwentdown) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1268](https://togithub.com/node-fetch/node-fetch/pull/1268) - [@lakuapik](https://togithub.com/lakuapik) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1281](https://togithub.com/node-fetch/node-fetch/pull/1281) - [@robertoaceves](https://togithub.com/robertoaceves) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1316](https://togithub.com/node-fetch/node-fetch/pull/1316) - [@davesidious](https://togithub.com/davesidious) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1162](https://togithub.com/node-fetch/node-fetch/pull/1162) - [@thedanfernandez](https://togithub.com/thedanfernandez) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1135](https://togithub.com/node-fetch/node-fetch/pull/1135) - [@dhritzkiv](https://togithub.com/dhritzkiv) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1318](https://togithub.com/node-fetch/node-fetch/pull/1318) - [@dnalborczyk](https://togithub.com/dnalborczyk) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1345](https://togithub.com/node-fetch/node-fetch/pull/1345) - [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1319](https://togithub.com/node-fetch/node-fetch/pull/1319) - [@c-w](https://togithub.com/c-w) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1169](https://togithub.com/node-fetch/node-fetch/pull/1169) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0 ### [`v3.0.0`](https://togithub.com/node-fetch/node-fetch/releases/v3.0.0) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.7...v3.0.0) version 3 is going out of a long beta period and switches to stable One major change is that it's now a ESM only package See [changelog](https://togithub.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md#v300) for more information about all the changes. ### [`v2.6.7`](https://togithub.com/node-fetch/node-fetch/releases/v2.6.7) [Compare Source](https://togithub.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7) ##### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred ##### What's Changed - fix: don't forward secure headers to 3th party by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1453](https://togithub.com/node-fetch/node-fetch/pull/1453) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7Configuration
๐ Schedule: "" in timezone Europe/Paris.
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
๐ Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.