Bump node-fetch from 3.1.0 to 3.1.1 #286

Merged

dependabot[bot] merged 1 commits from dependabot/npm_and_yarn/node-fetch-3.1.1 into main 2022-01-17 13:38:44 +00:00

Conversation 0 Commits 1 Files Changed 1 +8 -8

dependabot[bot] commented 2022-01-17 07:06:13 +00:00 (Migrated from github.com)

Copy Link

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps node-fetch from 3.1.0 to 3.1.1.

Release notes

Sourced from node-fetch's releases.

v3.1.1

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• core: update fetch-blob by @​jimmywarting in node-fetch/node-fetch#1371
• docs: Fix typo around sending a file by @​jimmywarting in node-fetch/node-fetch#1381
• core: (http.request): Cast URL to string before sending it to NodeJS core by @​jimmywarting in node-fetch/node-fetch#1378
• core: handle errors from the request body stream by @​mdmitry01 in node-fetch/node-fetch#1392
• core: Better handle wrong redirect header in a response by @​tasinet in node-fetch/node-fetch#1387
• core: Don't use buffer to make a blob by @​jimmywarting in node-fetch/node-fetch#1402
• docs: update readme for TS @​types/node-fetch by @​adamellsworth in node-fetch/node-fetch#1405
• core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @​maxshirshin in node-fetch/node-fetch#1369
• core: Don't use global buffer by @​jimmywarting in node-fetch/node-fetch#1422
• ci: fix main branch by @​dnalborczyk in node-fetch/node-fetch#1429
• core: use more node: protocol imports by @​dnalborczyk in node-fetch/node-fetch#1428
• core: Warn when using data by @​jimmywarting in node-fetch/node-fetch#1421
• docs: Create SECURITY.md by @​JamieSlome in node-fetch/node-fetch#1445
• core: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1449

New Contributors

• @​mdmitry01 made their first contribution in node-fetch/node-fetch#1392
• @​tasinet made their first contribution in node-fetch/node-fetch#1387
• @​adamellsworth made their first contribution in node-fetch/node-fetch#1405
• @​maxshirshin made their first contribution in node-fetch/node-fetch#1369
• @​JamieSlome made their first contribution in node-fetch/node-fetch#1445

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1

Changelog

Sourced from node-fetch's changelog.

Changelog

All notable changes will be recorded here.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

What's Changed

• core: update fetch-blob by @​jimmywarting in node-fetch/node-fetch#1371
• docs: Fix typo around sending a file by @​jimmywarting in node-fetch/node-fetch#1381
• core: (http.request): Cast URL to string before sending it to NodeJS core by @​jimmywarting in node-fetch/node-fetch#1378
• core: handle errors from the request body stream by @​mdmitry01 in node-fetch/node-fetch#1392
• core: Better handle wrong redirect header in a response by @​tasinet in node-fetch/node-fetch#1387
• core: Don't use buffer to make a blob by @​jimmywarting in node-fetch/node-fetch#1402
• docs: update readme for TS @​types/node-fetch by @​adamellsworth in node-fetch/node-fetch#1405
• core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @​maxshirshin in node-fetch/node-fetch#1369
• core: Don't use global buffer by @​jimmywarting in node-fetch/node-fetch#1422
• ci: fix main branch by @​dnalborczyk in node-fetch/node-fetch#1429
• core: use more node: protocol imports by @​dnalborczyk in node-fetch/node-fetch#1428
• core: Warn when using data by @​jimmywarting in node-fetch/node-fetch#1421
• docs: Create SECURITY.md by @​JamieSlome in node-fetch/node-fetch#1445
• core: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1449

New Contributors

• @​mdmitry01 made their first contribution in node-fetch/node-fetch#1392
• @​tasinet made their first contribution in node-fetch/node-fetch#1387
• @​adamellsworth made their first contribution in node-fetch/node-fetch#1405
• @​maxshirshin made their first contribution in node-fetch/node-fetch#1369
• @​JamieSlome made their first contribution in node-fetch/node-fetch#1445

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2

Commits

• 36e47e8 3.1.1 release (#1451)
• 5304f3f Don't change relative location header on manual redirect (#1105)
• f5d3cf5 fix(Headers): don't forward secure headers to 3th party (#1449)
• f2c3d56 Create SECURITY.md (#1445)
• 4ae3538 core: Warn when using data (#1421)
• 41f53b9 fix: use more node: protocol imports (#1428)
• f674875 ci: fix main branch (#1429)
• 1493d04 core: Don't use global buffer (#1422)
• eb33090 Chore: Fix logical operator priority (regression) to disallow GET/HEAD with n...
• 7ba5bc9 update readme for TS @​type/node-fetch (#1405)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 3.1.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/releases">node-fetch's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2>Security patch release</h2> <p>Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred</p> <h2>What's Changed</h2> <ul> <li>core: update fetch-blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1371">node-fetch/node-fetch#1371</a></li> <li>docs: Fix typo around sending a file by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1381">node-fetch/node-fetch#1381</a></li> <li>core: (http.request): Cast URL to string before sending it to NodeJS core by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1378">node-fetch/node-fetch#1378</a></li> <li>core: handle errors from the request body stream by <a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li>core: Better handle wrong redirect header in a response by <a href="https://github.com/tasinet"><code>@​tasinet</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li>core: Don't use buffer to make a blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1402">node-fetch/node-fetch#1402</a></li> <li>docs: update readme for TS <code>@​types/node-fetch</code> by <a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li>core: Fix logical operator priority to disallow GET/HEAD with non-empty body by <a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li>core: Don't use global buffer by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1422">node-fetch/node-fetch#1422</a></li> <li>ci: fix main branch by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1429">node-fetch/node-fetch#1429</a></li> <li>core: use more node: protocol imports by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1428">node-fetch/node-fetch#1428</a></li> <li>core: Warn when using data by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1421">node-fetch/node-fetch#1421</a></li> <li>docs: Create SECURITY.md by <a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> <li>core: don't forward secure headers to 3th party by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1449">node-fetch/node-fetch#1449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li><a href="https://github.com/tasinet"><code>@​tasinet</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li><a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li><a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li><a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1">https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md">node-fetch's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes will be recorded here.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and this project adheres to <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2>What's Changed</h2> <ul> <li>core: update fetch-blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1371">node-fetch/node-fetch#1371</a></li> <li>docs: Fix typo around sending a file by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1381">node-fetch/node-fetch#1381</a></li> <li>core: (http.request): Cast URL to string before sending it to NodeJS core by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1378">node-fetch/node-fetch#1378</a></li> <li>core: handle errors from the request body stream by <a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li>core: Better handle wrong redirect header in a response by <a href="https://github.com/tasinet"><code>@​tasinet</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li>core: Don't use buffer to make a blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1402">node-fetch/node-fetch#1402</a></li> <li>docs: update readme for TS <code>@​types/node-fetch</code> by <a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li>core: Fix logical operator priority to disallow GET/HEAD with non-empty body by <a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li>core: Don't use global buffer by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1422">node-fetch/node-fetch#1422</a></li> <li>ci: fix main branch by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1429">node-fetch/node-fetch#1429</a></li> <li>core: use more node: protocol imports by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1428">node-fetch/node-fetch#1428</a></li> <li>core: Warn when using data by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1421">node-fetch/node-fetch#1421</a></li> <li>docs: Create SECURITY.md by <a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> <li>core: don't forward secure headers to 3th party by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1449">node-fetch/node-fetch#1449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li><a href="https://github.com/tasinet"><code>@​tasinet</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li><a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li><a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li><a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2">https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10"><code>36e47e8</code></a> 3.1.1 release (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1451">#1451</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/5304f3f7f7778f1011b622bedcb0e4d3c04dba31"><code>5304f3f</code></a> Don't change relative location header on manual redirect (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1105">#1105</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80"><code>f5d3cf5</code></a> fix(Headers): don't forward secure headers to 3th party (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1449">#1449</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f2c3d563755d4d357df987fe871607e296463cef"><code>f2c3d56</code></a> Create SECURITY.md (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1445">#1445</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/4ae35388b078bddda238277142bf091898ce6fda"><code>4ae3538</code></a> core: Warn when using data (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1421">#1421</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/41f53b9065a00bc73d24215d42aacdcd284b199c"><code>41f53b9</code></a> fix: use more node: protocol imports (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1428">#1428</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f674875f98c4ef2970a9acf02324f520b1b77967"><code>f674875</code></a> ci: fix main branch (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1429">#1429</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1493d046bc0944886277b0b82dfdf78a7b9f7799"><code>1493d04</code></a> core: Don't use global buffer (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1422">#1422</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/eb33090b81442bc6af9f714a5158160856a1e2f2"><code>eb33090</code></a> Chore: Fix logical operator priority (regression) to disallow GET/HEAD with n...</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/7ba5bc9e0aff386ae0e00792d1ea2e2f7a4fd7d6"><code>7ba5bc9</code></a> update readme for TS <code>@​type/node-fetch</code> (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1405">#1405</a>)</li> <li>Additional commits viewable in <a href="https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

This repo is archived. You cannot comment on pull requests.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

github_actions

Pull requests that update Github_actions code

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

javascript

Pull requests that update Javascript code

question

Further information is requested

Sirherobrine23

Sirherobrine23 Developments and features

wontfix

This will not be worked on

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Reviewed

Confirmed

Issue has been confirmed

Reviewed

Duplicate

This issue or pull request already exists

Reviewed

Invalid

Invalid issue

Reviewed

Won't Fix

This issue won't be fixed

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

dependencies

javascript

Milestone

No items

No Milestone

Assignees

Clear assignees

Sirherobrine23

No Assignees

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: go-bds/Maneger#286

No description provided.