chore(deps): update dependency node-fetch to v3.1.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
node-fetch	3.0.0 → 3.1.1

GitHub Vulnerability Alerts

CVE-2022-0235

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.

---

Release Notes

node-fetch/node-fetch (node-fetch)

v3.1.1

Compare Source

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• core: update fetch-blob by @​jimmywarting in #​1371
• docs: Fix typo around sending a file by @​jimmywarting in #​1381
• core: (http.request): Cast URL to string before sending it to NodeJS core by @​jimmywarting in #​1378
• core: handle errors from the request body stream by @​mdmitry01 in #​1392
• core: Better handle wrong redirect header in a response by @​tasinet in #​1387
• core: Don't use buffer to make a blob by @​jimmywarting in #​1402
• docs: update readme for TS @​types/node-fetch by @​adamellsworth in #​1405
• core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @​maxshirshin in #​1369
• core: Don't use global buffer by @​jimmywarting in #​1422
• ci: fix main branch by @​dnalborczyk in #​1429
• core: use more node: protocol imports by @​dnalborczyk in #​1428
• core: Warn when using data by @​jimmywarting in #​1421
• docs: Create SECURITY.md by @​JamieSlome in #​1445
• core: don't forward secure headers to 3th party by @​jimmywarting in #​1449

New Contributors

• @​mdmitry01 made their first contribution in #​1392
• @​tasinet made their first contribution in #​1387
• @​adamellsworth made their first contribution in #​1405
• @​maxshirshin made their first contribution in #​1369
• @​JamieSlome made their first contribution in #​1445

Full Changelog: node-fetch/node-fetch@v3.1.0...v3.1.1

v3.1.0

Compare Source

What's Changed

• fix(Body): Discourage form-data and buffer() by @​jimmywarting in #​1212
• fix: Pass url string to http.request by @​serverwentdown in #​1268
• Fix octocat image link by @​lakuapik in #​1281
• fix(Body.body): Normalize Body.body into a node:stream by @​jimmywarting in #​924
• docs(Headers): Add default Host request header to README.md file by @​robertoaceves in #​1316
• Update CHANGELOG.md by @​jimmywarting in #​1292
• Add highWaterMark to cloned properties by @​davesidious in #​1162
• Update README.md to fix HTTPResponseError by @​thedanfernandez in #​1135
• docs: switch url to URL by @​dhritzkiv in #​1318
• fix(types): declare buffer() deprecated by @​dnalborczyk in #​1345
• chore: fix lint by @​dnalborczyk in #​1348
• refactor: use node: prefix for imports by @​dnalborczyk in #​1346
• Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @​dependabot in #​1319
• Bump mocha from 8.4.0 to 9.1.3 by @​dependabot in #​1339
• Referrer and Referrer Policy by @​tekwiz in #​1057
• Add typing for Response.redirect(url, status) by @​c-w in #​1169
• chore: Correct stuff in README.md by @​Jiralite in #​1361
• docs: Improve clarity of "Loading and configuring" by @​serverwentdown in #​1323
• feat(Body): Added support for BodyMixin.formData() and constructing bodies with FormData by @​jimmywarting in #​1314
• template: Make PR template more task oriented by @​jimmywarting in #​1224
• docs: Update code examples by @​jimmywarting in #​1365

New Contributors

• @​serverwentdown made their first contribution in #​1268
• @​lakuapik made their first contribution in #​1281
• @​robertoaceves made their first contribution in #​1316
• @​davesidious made their first contribution in #​1162
• @​thedanfernandez made their first contribution in #​1135
• @​dhritzkiv made their first contribution in #​1318
• @​dnalborczyk made their first contribution in #​1345
• @​dependabot made their first contribution in #​1319
• @​c-w made their first contribution in #​1169

Full Changelog: node-fetch/node-fetch@v3.0.0...v3.1.0

---

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.