Cookies are sent to domains that are not allowed

[ShiraNagen]

Describe the bug

I use superagent.agent() to run several requests. The cookies from set-cookies are sent to all domains without checking if the domain is the one that the set-cookie returned from.

Actual behavior

I send a request to httpbin.org that returns a header with set-cookie and then send a request to google.com and the cookie from httpbin is sent to google as well

Expected behavior

The cookie of google request should be empty

Code to reproduce

const superagent = require("superagent")
const request = superagent.agent();
const cookie = encodeURIComponent('_ga=s%3ACcsRO5I9SasTzV;Path=/;Expires=Sat,07Jan202313:53:43GMT')2023 13:53:43 GMT')
await request.get(`http://httpbin.org/response-headers?set-cookie=${cookie}`);
request.get('https://google.com').cookies;

This pull request solves that issue: https://github.com/ladjs/superagent/pull/1757

Checklist

• [x] I have searched through GitHub issues for similar issues.
• [x] I have completely read through the README and documentation.
• [x] I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.

[titanism]

v8.0.8 released

https://github.com/ladjs/superagent/releases/tag/v8.0.8