Security patch release
Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred
What's Changed
- core: update fetch-blob by @jimmywarting in #1371
- docs: Fix typo around sending a file by @jimmywarting in #1381
- core: (http.request): Cast URL to string before sending it to NodeJS core by @jimmywarting in #1378
- core: handle errors from the request body stream by @mdmitry01 in #1392
- core: Better handle wrong redirect header in a response by @tasinet in #1387
- core: Don't use buffer to make a blob by @jimmywarting in #1402
- docs: update readme for TS @types/node-fetch by @adamellsworth in #1405
- core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @maxshirshin in #1369
- core: Don't use global buffer by @jimmywarting in #1422
- ci: fix main branch by @dnalborczyk in #1429
- core: use more node: protocol imports by @dnalborczyk in #1428
- core: Warn when using data by @jimmywarting in #1421
- docs: Create SECURITY.md by @JamieSlome in #1445
- core: don't forward secure headers to 3th party by @jimmywarting in #1449
New Contributors
- @mdmitry01 made their first contribution in #1392
- @tasinet made their first contribution in #1387
- @adamellsworth made their first contribution in #1405
- @maxshirshin made their first contribution in #1369
- @JamieSlome made their first contribution in #1445
Full Changelog: v3.1.0...v3.1.1