Closed renovate[bot] closed 1 month ago
This PR contains the following updates:
2.6.7
2.6.8
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
authorization
www-authenticate
cookie
cookie2
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
This PR contains the following updates:
2.6.7->2.6.8GitHub Vulnerability Alerts
CVE-2022-0235
node-fetch forwards secure headers such as
authorization,www-authenticate,cookie, &cookie2when redirecting to a untrusted site.Release Notes
node-fetch/node-fetch (node-fetch)
### [`v2.6.8`](https://redirect.github.com/node-fetch/node-fetch/releases/tag/v2.6.8) [Compare Source](https://redirect.github.com/node-fetch/node-fetch/compare/v2.6.7...v2.6.8) ##### Bug Fixes - **headers:** don't forward secure headers on protocol change ([#1605](https://redirect.github.com/bitinn/node-fetch/issues/1605)) ([fddad0e](https://redirect.github.com/bitinn/node-fetch/commit/fddad0e7ea3fd6da01cc006fdf0ed304ccdd7990)), closes [#1599](https://redirect.github.com/bitinn/node-fetch/issues/1599) - premature close with chunked transfer encoding and for async iterators in Node 12 ([#1172](https://redirect.github.com/bitinn/node-fetch/issues/1172)) ([50536d1](https://redirect.github.com/bitinn/node-fetch/commit/50536d1e02ad42bdf262381034805378b98bfa53)), closes [#1064](https://redirect.github.com/bitinn/node-fetch/issues/1064) [/github.com/node-fetch/node-fetch/pull/1064#issuecomment-849167400](https://redirect.github.com//github.com/node-fetch/node-fetch/pull/1064/issues/issuecomment-849167400) - prevent hoisting of the undefined `global` variable in `browser.js` ([#1534](https://redirect.github.com/bitinn/node-fetch/issues/1534)) ([8bb6e31](https://redirect.github.com/bitinn/node-fetch/commit/8bb6e317c866c4134e7d67e90a5596a8c67e3965))Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.