kir-dev / tanulo-next

:books: Közös tanuláshoz partnerkeresést segítő alkalmazás
https://tanulo.sch.bme.hu
MIT License
9 stars 4 forks source link

Update dependency node-fetch to v3 [SECURITY] #968

Open renovate[bot] opened 2 years ago

renovate[bot] commented 2 years ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-fetch 2.6.6 -> 3.2.10 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-0235

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.

CVE-2022-2596

node-fetch is a light-weight module that brings window.fetch to node.js.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the isOriginPotentiallyTrustworthy() function in referrer.js, when processing a URL string with alternating letters and periods, such as 'http://' + 'a.a.'.repeat(i) + 'a'.


Release Notes

node-fetch/node-fetch (node-fetch) ### [`v3.2.10`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.10) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.9...v3.2.10) ##### Bug Fixes - ReDoS referrer ([#​1611](https://redirect.github.com/node-fetch/node-fetch/issues/1611)) ([2880238](https://redirect.github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d)) ### [`v3.2.9`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.9) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.8...v3.2.9) ##### Bug Fixes - **Headers:** don't forward secure headers on protocol change ([#​1599](https://redirect.github.com/node-fetch/node-fetch/issues/1599)) ([e87b093](https://redirect.github.com/node-fetch/node-fetch/commit/e87b093fd678a9ea39c5b17b2a1bdfc4691eedc7)) ### [`v3.2.8`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.8) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.7...v3.2.8) ##### Bug Fixes - possibly flaky test ([#​1523](https://redirect.github.com/node-fetch/node-fetch/issues/1523)) ([11b7033](https://redirect.github.com/node-fetch/node-fetch/commit/11b703361134340a8361f591d6e3a0bcf6a261fa)) ### [`v3.2.7`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.7) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.6...v3.2.7) ##### Bug Fixes - always warn Request.data ([#​1550](https://redirect.github.com/node-fetch/node-fetch/issues/1550)) ([4f43c9e](https://redirect.github.com/node-fetch/node-fetch/commit/4f43c9ed63da98f4b5167f0a8e447cd0f0133cd3)) ### [`v3.2.6`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.6) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.5...v3.2.6) ##### Bug Fixes - undefined reference to response.body when aborted ([#​1578](https://redirect.github.com/node-fetch/node-fetch/issues/1578)) ([1c5ed6b](https://redirect.github.com/node-fetch/node-fetch/commit/1c5ed6b981e6c5dd28bd50f5ab5418e5bd262b99)) ### [`v3.2.5`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.5) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.4...v3.2.5) ##### Bug Fixes - use space in accept-encoding values ([#​1572](https://redirect.github.com/node-fetch/node-fetch/issues/1572)) ([a92b5d5](https://redirect.github.com/node-fetch/node-fetch/commit/a92b5d5cf4457c2da95d8404b08cfd06a426a2fa)), closes [#​1571](https://redirect.github.com/node-fetch/node-fetch/issues/1571) ### [`v3.2.4`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.4) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.3...v3.2.4) ##### Bug Fixes - don't uppercase unknown methods ([#​1542](https://redirect.github.com/node-fetch/node-fetch/issues/1542)) ([004b3ac](https://redirect.github.com/node-fetch/node-fetch/commit/004b3ac8324e6cdbfb5d04b8bbdc6664ea48fbcf)) ### [`v3.2.3`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.3) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.2...v3.2.3) ##### Bug Fixes - handle bom in text and json ([#​1482](https://redirect.github.com/node-fetch/node-fetch/issues/1482)) ([6425e20](https://redirect.github.com/node-fetch/node-fetch/commit/6425e2021a7def096e13dbabcac2f10e6da83d11)) ### [`v3.2.2`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.2) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.1...v3.2.2) ##### Bug Fixes - add missing formdata export to types ([#​1518](https://redirect.github.com/node-fetch/node-fetch/issues/1518)) ([a4ea5f9](https://redirect.github.com/node-fetch/node-fetch/commit/a4ea5f9308f942400695cce261291d0a80cd1b02)), closes [#​1517](https://redirect.github.com/node-fetch/node-fetch/issues/1517) ### [`v3.2.1`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.1) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.2.0...v3.2.1) ##### Bug Fixes - cancel request example import ([#​1513](https://redirect.github.com/node-fetch/node-fetch/issues/1513)) ([61b3b5a](https://redirect.github.com/node-fetch/node-fetch/commit/61b3b5a06384003d332581080af6522bec19417f)) ### [`v3.2.0`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.2.0) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.1.1...v3.2.0) ##### Features - export Blob, File and FormData + utilities ([#​1463](https://redirect.github.com/node-fetch/node-fetch/issues/1463)) ([81b1378](https://redirect.github.com/node-fetch/node-fetch/commit/81b1378bb3bda555d3d2114e7d3dfddbd91f210c)) ### [`v3.1.1`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.1.1) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1) #### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred #### What's Changed - core: update fetch-blob by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1371](https://redirect.github.com/node-fetch/node-fetch/pull/1371) - docs: Fix typo around sending a file by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1381](https://redirect.github.com/node-fetch/node-fetch/pull/1381) - core: (http.request): Cast URL to string before sending it to NodeJS core by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1378](https://redirect.github.com/node-fetch/node-fetch/pull/1378) - core: handle errors from the request body stream by [@​mdmitry01](https://redirect.github.com/mdmitry01) in [https://github.com/node-fetch/node-fetch/pull/1392](https://redirect.github.com/node-fetch/node-fetch/pull/1392) - core: Better handle wrong redirect header in a response by [@​tasinet](https://redirect.github.com/tasinet) in [https://github.com/node-fetch/node-fetch/pull/1387](https://redirect.github.com/node-fetch/node-fetch/pull/1387) - core: Don't use buffer to make a blob by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1402](https://redirect.github.com/node-fetch/node-fetch/pull/1402) - docs: update readme for TS [@​types/node-fetch](https://redirect.github.com/types/node-fetch) by [@​adamellsworth](https://redirect.github.com/adamellsworth) in [https://github.com/node-fetch/node-fetch/pull/1405](https://redirect.github.com/node-fetch/node-fetch/pull/1405) - core: Fix logical operator priority to disallow GET/HEAD with non-empty body by [@​maxshirshin](https://redirect.github.com/maxshirshin) in [https://github.com/node-fetch/node-fetch/pull/1369](https://redirect.github.com/node-fetch/node-fetch/pull/1369) - core: Don't use global buffer by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1422](https://redirect.github.com/node-fetch/node-fetch/pull/1422) - ci: fix main branch by [@​dnalborczyk](https://redirect.github.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1429](https://redirect.github.com/node-fetch/node-fetch/pull/1429) - core: use more node: protocol imports by [@​dnalborczyk](https://redirect.github.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1428](https://redirect.github.com/node-fetch/node-fetch/pull/1428) - core: Warn when using data by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1421](https://redirect.github.com/node-fetch/node-fetch/pull/1421) - docs: Create SECURITY.md by [@​JamieSlome](https://redirect.github.com/JamieSlome) in [https://github.com/node-fetch/node-fetch/pull/1445](https://redirect.github.com/node-fetch/node-fetch/pull/1445) - core: don't forward secure headers to 3th party by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1449](https://redirect.github.com/node-fetch/node-fetch/pull/1449) #### New Contributors - [@​mdmitry01](https://redirect.github.com/mdmitry01) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1392](https://redirect.github.com/node-fetch/node-fetch/pull/1392) - [@​tasinet](https://redirect.github.com/tasinet) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1387](https://redirect.github.com/node-fetch/node-fetch/pull/1387) - [@​adamellsworth](https://redirect.github.com/adamellsworth) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1405](https://redirect.github.com/node-fetch/node-fetch/pull/1405) - [@​maxshirshin](https://redirect.github.com/maxshirshin) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1369](https://redirect.github.com/node-fetch/node-fetch/pull/1369) - [@​JamieSlome](https://redirect.github.com/JamieSlome) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1445](https://redirect.github.com/node-fetch/node-fetch/pull/1445) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1 ### [`v3.1.0`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.1.0) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0) #### What's Changed - fix(Body): Discourage form-data and buffer() by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1212](https://redirect.github.com/node-fetch/node-fetch/pull/1212) - fix: Pass url string to http.request by [@​serverwentdown](https://redirect.github.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1268](https://redirect.github.com/node-fetch/node-fetch/pull/1268) - Fix octocat image link by [@​lakuapik](https://redirect.github.com/lakuapik) in [https://github.com/node-fetch/node-fetch/pull/1281](https://redirect.github.com/node-fetch/node-fetch/pull/1281) - fix(Body.body): Normalize `Body.body` into a `node:stream` by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/924](https://redirect.github.com/node-fetch/node-fetch/pull/924) - docs(Headers): Add default Host request header to README.md file by [@​robertoaceves](https://redirect.github.com/robertoaceves) in [https://github.com/node-fetch/node-fetch/pull/1316](https://redirect.github.com/node-fetch/node-fetch/pull/1316) - Update CHANGELOG.md by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1292](https://redirect.github.com/node-fetch/node-fetch/pull/1292) - Add highWaterMark to cloned properties by [@​davesidious](https://redirect.github.com/davesidious) in [https://github.com/node-fetch/node-fetch/pull/1162](https://redirect.github.com/node-fetch/node-fetch/pull/1162) - Update README.md to fix HTTPResponseError by [@​thedanfernandez](https://redirect.github.com/thedanfernandez) in [https://github.com/node-fetch/node-fetch/pull/1135](https://redirect.github.com/node-fetch/node-fetch/pull/1135) - docs: switch `url` to `URL` by [@​dhritzkiv](https://redirect.github.com/dhritzkiv) in [https://github.com/node-fetch/node-fetch/pull/1318](https://redirect.github.com/node-fetch/node-fetch/pull/1318) - fix(types): declare buffer() deprecated by [@​dnalborczyk](https://redirect.github.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1345](https://redirect.github.com/node-fetch/node-fetch/pull/1345) - chore: fix lint by [@​dnalborczyk](https://redirect.github.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1348](https://redirect.github.com/node-fetch/node-fetch/pull/1348) - refactor: use node: prefix for imports by [@​dnalborczyk](https://redirect.github.com/dnalborczyk) in [https://github.com/node-fetch/node-fetch/pull/1346](https://redirect.github.com/node-fetch/node-fetch/pull/1346) - Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1319](https://redirect.github.com/node-fetch/node-fetch/pull/1319) - Bump mocha from 8.4.0 to 9.1.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/node-fetch/node-fetch/pull/1339](https://redirect.github.com/node-fetch/node-fetch/pull/1339) - Referrer and Referrer Policy by [@​tekwiz](https://redirect.github.com/tekwiz) in [https://github.com/node-fetch/node-fetch/pull/1057](https://redirect.github.com/node-fetch/node-fetch/pull/1057) - Add typing for Response.redirect(url, status) by [@​c-w](https://redirect.github.com/c-w) in [https://github.com/node-fetch/node-fetch/pull/1169](https://redirect.github.com/node-fetch/node-fetch/pull/1169) - chore: Correct stuff in README.md by [@​Jiralite](https://redirect.github.com/Jiralite) in [https://github.com/node-fetch/node-fetch/pull/1361](https://redirect.github.com/node-fetch/node-fetch/pull/1361) - docs: Improve clarity of "Loading and configuring" by [@​serverwentdown](https://redirect.github.com/serverwentdown) in [https://github.com/node-fetch/node-fetch/pull/1323](https://redirect.github.com/node-fetch/node-fetch/pull/1323) - feat(Body): Added support for `BodyMixin.formData()` and constructing bodies with FormData by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1314](https://redirect.github.com/node-fetch/node-fetch/pull/1314) - template: Make PR template more task oriented by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1224](https://redirect.github.com/node-fetch/node-fetch/pull/1224) - docs: Update code examples by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1365](https://redirect.github.com/node-fetch/node-fetch/pull/1365) #### New Contributors - [@​serverwentdown](https://redirect.github.com/serverwentdown) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1268](https://redirect.github.com/node-fetch/node-fetch/pull/1268) - [@​lakuapik](https://redirect.github.com/lakuapik) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1281](https://redirect.github.com/node-fetch/node-fetch/pull/1281) - [@​robertoaceves](https://redirect.github.com/robertoaceves) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1316](https://redirect.github.com/node-fetch/node-fetch/pull/1316) - [@​davesidious](https://redirect.github.com/davesidious) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1162](https://redirect.github.com/node-fetch/node-fetch/pull/1162) - [@​thedanfernandez](https://redirect.github.com/thedanfernandez) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1135](https://redirect.github.com/node-fetch/node-fetch/pull/1135) - [@​dhritzkiv](https://redirect.github.com/dhritzkiv) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1318](https://redirect.github.com/node-fetch/node-fetch/pull/1318) - [@​dnalborczyk](https://redirect.github.com/dnalborczyk) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1345](https://redirect.github.com/node-fetch/node-fetch/pull/1345) - [@​dependabot](https://redirect.github.com/dependabot) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1319](https://redirect.github.com/node-fetch/node-fetch/pull/1319) - [@​c-w](https://redirect.github.com/c-w) made their first contribution in [https://github.com/node-fetch/node-fetch/pull/1169](https://redirect.github.com/node-fetch/node-fetch/pull/1169) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v3.0.0...v3.1.0 ### [`v3.0.0`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v3.0.0) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.7.0...v3.0.0) version 3 is going out of a long beta period and switches to stable One major change is that it's now a ESM only package See [changelog](https://redirect.github.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md#v300) for more information about all the changes. ### [`v2.7.0`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.7.0) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.13...v2.7.0) ##### Features - `AbortError` ([#​1744](https://redirect.github.com/bitinn/node-fetch/issues/1744)) ([9b9d458](https://redirect.github.com/bitinn/node-fetch/commit/9b9d45881e5ca68757077726b3c0ecf8fdca1f29)) ### [`v2.6.13`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.13) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.12...v2.6.13) ##### Bug Fixes - Remove the default connection close header ([#​1765](https://redirect.github.com/bitinn/node-fetch/issues/1765)) ([65ae25a](https://redirect.github.com/bitinn/node-fetch/commit/65ae25a1da2834b046c218685f2085a06f679492)), closes [#​1735](https://redirect.github.com/bitinn/node-fetch/issues/1735) [#​1473](https://redirect.github.com/bitinn/node-fetch/issues/1473) [#​1736](https://redirect.github.com/bitinn/node-fetch/issues/1736) ### [`v2.6.12`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.12) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.11...v2.6.12) ##### Bug Fixes - socket variable testing for undefined ([#​1726](https://redirect.github.com/bitinn/node-fetch/issues/1726)) ([8bc3a7c](https://redirect.github.com/bitinn/node-fetch/commit/8bc3a7c85f67fb81bb3d71c8254e68f3b88e9169)) ### [`v2.6.11`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.11) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.10...v2.6.11) ##### Reverts - Revert "fix: handle bom in text and json ([#​1739](https://redirect.github.com/node-fetch/node-fetch/issues/1739))" ([#​1741](https://redirect.github.com/node-fetch/node-fetch/issues/1741)) ([afb36f6](https://redirect.github.com/bitinn/node-fetch/commit/afb36f6c178342488d71947dfc87e7ddd19fab9e)), closes [#​1739](https://redirect.github.com/bitinn/node-fetch/issues/1739) [#​1741](https://redirect.github.com/bitinn/node-fetch/issues/1741) ### [`v2.6.10`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.10) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.9...v2.6.10) ##### Bug Fixes - handle bom in text and json ([#​1739](https://redirect.github.com/bitinn/node-fetch/issues/1739)) ([29909d7](https://redirect.github.com/bitinn/node-fetch/commit/29909d75c62d51e0d1c23758e526dba74bfd463d)) ### [`v2.6.9`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.9) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.8...v2.6.9) ##### Bug Fixes - "global is not defined" ([#​1704](https://redirect.github.com/bitinn/node-fetch/issues/1704)) ([70f592d](https://redirect.github.com/bitinn/node-fetch/commit/70f592d9d2da959df1cebc2dd2314286a4bcf345)) ### [`v2.6.8`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.8) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.7...v2.6.8) ##### Bug Fixes - **headers:** don't forward secure headers on protocol change ([#​1605](https://redirect.github.com/bitinn/node-fetch/issues/1605)) ([fddad0e](https://redirect.github.com/bitinn/node-fetch/commit/fddad0e7ea3fd6da01cc006fdf0ed304ccdd7990)), closes [#​1599](https://redirect.github.com/bitinn/node-fetch/issues/1599) - premature close with chunked transfer encoding and for async iterators in Node 12 ([#​1172](https://redirect.github.com/bitinn/node-fetch/issues/1172)) ([50536d1](https://redirect.github.com/bitinn/node-fetch/commit/50536d1e02ad42bdf262381034805378b98bfa53)), closes [#​1064](https://redirect.github.com/bitinn/node-fetch/issues/1064) [/github.com/node-fetch/node-fetch/pull/1064#issuecomment-849167400](https://redirect.github.com//github.com/node-fetch/node-fetch/pull/1064/issues/issuecomment-849167400) - prevent hoisting of the undefined `global` variable in `browser.js` ([#​1534](https://redirect.github.com/bitinn/node-fetch/issues/1534)) ([8bb6e31](https://redirect.github.com/bitinn/node-fetch/commit/8bb6e317c866c4134e7d67e90a5596a8c67e3965)) ### [`v2.6.7`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.7) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7) ### Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred #### What's Changed - fix: don't forward secure headers to 3th party by [@​jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/node-fetch/node-fetch/pull/1453](https://redirect.github.com/node-fetch/node-fetch/pull/1453) **Full Changelog**: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.