• 843c897 4.4.15
• 46fe350 Remove paths from dirCache when no longer dirs
• df3aa4d 4.4.14
• 6d28013 add publishConfig tag
• efc6bb0 fix: strip absolute paths more comprehensively
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from node-fetch's releases.

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.

Sourced from node-fetch's changelog.

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

• Fix: honor the size option after following a redirect.

• b5e2e41 update version number
• 2358a6c Honor the size option after following a redirect and revert data uri support
• 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
• 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
• 244e6f6 docs: Show backers in README
• 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
• 47a24a0 chore: Add opencollective badge
• 7b13662 chore: Add funding link
• 5535c2e fix: Check for global.fetch before binding it (#674)
• 1d5778a docs: Add Discord badge
• Additional commits viewable in compare view

This version was pushed to npm by akepinski, a new releaser for node-fetch since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from lodash's releases.

4.17.16

• d7fbc52 Bump to v4.17.19
• 2e1c0f2 Add npm-package
• 1b6c282 Bump to v4.17.18
• a370ac8 Bump to v4.17.17
• 1144918 Rebuild lodash and docs
• 3a3b0fd Bump to v4.17.16
• c84fe82 fix(zipObjectDeep): prototype pollution (#4759)
• e7b28ea Sanitize sourceURL so it cannot affect evaled code (#4518)
• 0cec225 Fix lodash.isEqual for circular references (#4320) (#4515)
• 94c3a81 Document matches* shorthands for over* methods (#4510) (#4514)
• Additional commits viewable in compare view

This version was pushed to npm by mathias, a new releaser for lodash since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from express's releases.

4.18.2

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]

... (truncated)

Sourced from express's changelog.

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]

... (truncated)

• 8368dc1 4.18.2
• 61f4049 docs: replace Freenode with Libera Chat
• bb7907b build: [email protected]
• f56ce73 build: [email protected]
• 24b3dc5 deps: [email protected]
• 689d175 deps: [email protected]
• 340be0f build: [email protected]
• 33e8dc3 docs: use Node.js name style
• 644f646 build: [email protected]
• ecd7572 build: [email protected]
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.4.1

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] use safer-buffer instead of Buffer constructor
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 486aa46 v6.4.1
• 727ef5d [Fix] parse: ignore __proto__ keys (#428)
• cd1874e [Robustness] stringify: avoid relying on a global undefined (#427)
• 45e987c [readme] remove travis badge; add github actions/codecov badges; update URLs
• 90a3bce [meta] fix README.md (#399)
• 9566d25 [Fix] fix for an impossible situation: when the formatter is called with a no...
• 74227ef Clean up license text so it’s properly detected as BSD-3-Clause
• 35dfb22 [actions] backport actions from main
• 7d4670f [Dev Deps] backport from main
• 0485440 [Fix] use safer-buffer instead of Buffer constructor
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from protobufjs's releases.

v6.11.3

6.11.3 (2022-05-20)

Bug Fixes

• deps: use eslint 8.x (#1728) (a8681ce)
• do not let setProperty change the prototype (#1731) (b5f1391)

v6.11.2

6.11.2 (2021-04-30)

• regenerated index.d.ts to fix the unintended breaking change in types.

v6.11.1

6.11.1 (2021-04-29)

Bug Fixes

• parse.js "parent.add(oneof)“ error (@​leon776) (#1602)

v6.11.0

6.11.0 (2021-04-28)

Features

• support for proto3 optional fields (@​alexander-fenster) (#1584)
• add --no-service option for pbjs (@​mdouglass) (#1577)

Bug Fixes

• do not assign oneof members to default values, use null instead (@​alexander-fenster) (#1597)

Dependencies

• set @types/node to >= 13.7.0 in dependencies (@​indutny) (#1575)

protobuf.js v6.10.2

Bug Fixes

• es6 export enum (#1446) (9f33784)
• make parsedOptions appear in method JSON representation (#1506) (3d29969)
• utf8 -> utf16 decoding bug on surrogate pairs (#1486) (75172cd)

protobuf.js v6.10.1

... (truncated)

Sourced from protobufjs's changelog.

6.11.3 (2022-05-20)

Bug Fixes

• deps: use eslint 8.x (#1728) (a8681ce)
• do not let setProperty change the prototype (#1731) (b5f1391)

6.11.2 (2021-04-30)

• regenerated index.d.ts to fix the unintended breaking change in types.

6.11.1 (2021-04-29)

Bug Fixes

• parse.js "parent.add(oneof)“ error (@​leon776) (#1602)

6.11.0 (2021-04-28)

Features

• support for proto3 optional fields (@​alexander-fenster) (#1584)
• add --no-service option for pbjs (@​mdouglass) (#1577)

Bug Fixes

• do not assign oneof members to default values, use null instead (@​alexander-fenster) (#1597)

Dependencies

• set @types/node to >= 13.7.0 in dependencies (@​indutny) (#1575)

6.10.2 (2020-11-13)

Bug Fixes

• es6 export enum (#1446) (9f33784)
• make parsedOptions appear in method JSON representation (#1506) (3d29969)
• utf8 -> utf16 decoding bug on surrogate pairs (#1486) (75172cd)

6.10.1 (2020-07-16)

Bug Fixes

... (truncated)

• b130dfd chore(6.x): release 6.11.3 (#1737)
• c2c17ae build: publish to main
• b2c6a5c build: run tests if ci label added (#1734)
• a8681ce fix(deps): use eslint 8.x (#1728)
• b5f1391 fix: do not let setProperty change the prototype (#1731)
• 7afd0a3 build: configure 6.x as default branch
• 37285d0 build: configure backports
• d127871 fix: rebuild type, release v6.11.2
• da9fdd2 fix(types): bring back Field.rule to .d.ts
• a2ccda1 chore: release v6.11.1
• Additional commits viewable in compare view

This version was pushed to npm by google-wombot, a new releaser for protobufjs since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from plist's changelog.

3.0.4 / 2021-08-27

• inline [email protected] to eliminate security warning false positive (Mike Reinstein)

3.0.3 / 2021-08-04

• update xmldom to 0.6.0 to patch critical vulnerability (Mike Reinstein)
• remove flaky saucelabs teseting badge (Mike Reinstein)

3.0.2 / 2021-03-25

• update xmldom to 0.5.0 to patch critical vulnerability (Mike Reinstein)
• update saucelab credentials to point at mreinstein's saucelabs account (Mike Reinstein)
• remove a bunch of test versions from the matrix because they weren't working in zuul + sauce (Mike Reinstein)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in node-fetch/node-fetch#1352

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.

Sourced from node-fetch's changelog.

Changelog

All notable changes will be recorded here.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

What's Changed

• core: update fetch-blob by @​jimmywarting in node-fetch/node-fetch#1371
• docs: Fix typo around sending a file by @​jimmywarting in node-fetch/node-fetch#1381
• core: (http.request): Cast URL to string before sending it to NodeJS core by @​jimmywarting in node-fetch/node-fetch#1378
• core: handle errors from the request body stream by @​mdmitry01 in node-fetch/node-fetch#1392
• core: Better handle wrong redirect header in a response by @​tasinet in node-fetch/node-fetch#1387
• core: Don't use buffer to make a blob by @​jimmywarting in node-fetch/node-fetch#1402
• docs: update readme for TS @​types/node-fetch by @​adamellsworth in node-fetch/node-fetch#1405
• core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @​maxshirshin in node-fetch/node-fetch#1369
• core: Don't use global buffer by @​jimmywarting in node-fetch/node-fetch#1422
• ci: fix main branch by @​dnalborczyk in node-fetch/node-fetch#1429
• core: use more node: protocol imports by @​dnalborczyk in node-fetch/node-fetch#1428
• core: Warn when using data by @​jimmywarting in node-fetch/node-fetch#1421
• docs: Create SECURITY.md by @​JamieSlome in node-fetch/node-fetch#1445
• core: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1449

New Contributors

• @​mdmitry01 made their first contribution in node-fetch/node-fetch#1392
• @​tasinet made their first contribution in node-fetch/node-fetch#1387
• @​adamellsworth made their first contribution in node-fetch/node-fetch#1405
• @​maxshirshin made their first contribution in node-fetch/node-fetch#1369
• @​JamieSlome made their first contribution in node-fetch/node-fetch#1445

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2

3.1.0

What's Changed

• fix(Body): Discourage form-data and buffer() by @​jimmywarting in node-fetch/node-fetch#1212
• fix: Pass url string to http.request by @​serverwentdown in node-fetch/node-fetch#1268
• Fix octocat image link by @​lakuapik in node-fetch/node-fetch#1281
• fix(Body.body): Normalize Body.body into a node:stream by @​jimmywarting in node-fetch/node-fetch#924
• docs(Headers): Add default Host request header to README.md file by @​robertoaceves in node-fetch/node-fetch#1316
• Update CHANGELOG.md by @​jimmywarting in node-fetch/node-fetch#1292
• Add highWaterMark to cloned properties by @​davesidious in node-fetch/node-fetch#1162
• Update README.md to fix HTTPResponseError by @​thedanfernandez in node-fetch/node-fetch#1135
• docs: switch url to URL by @​dhritzkiv in node-fetch/node-fetch#1318
• fix(types): declare buffer() deprecated by @​dnalborczyk in node-fetch/node-fetch#1345
• chore: fix lint by @​dnalborczyk in node-fetch/node-fetch#1348
• refactor: use node: prefix for imports by @​dnalborczyk in node-fetch/node-fetch#1346
• Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @​dependabot in node-fetch/node-fetch#1319
• Bump mocha from 8.4.0 to 9.1.3 by @​dependabot in node-fetch/node-fetch#1339
• Referrer and Referrer Policy by @​tekwiz in node-fetch/node-fetch#1057
• Add typing for Response.redirect(url, status) by @​c-w in node-fetch/node-fetch#1169

... (truncated)

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)
• b5e2e41 update version number
• 2358a6c Honor the size option after following a redirect and revert data uri support
• 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
• Additional commits viewable in compare view

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.