Immutable
release. Only release title and notes can be modified.
What's Changed
Security
- Do not forward credential headers (
Authorization,Cookie,Proxy-Authorization) on cross-origin redirect, and clearauth/digestAuthbefore following. Same-origin redirects are unchanged and the caller's headers object is never mutated (#813).
Internal
- Two-stage release workflow with manual approval, publishing the 2.x line to the
latest-2npm dist-tag (#815). - Use Node 24 in the release workflow for npm 11 OIDC trusted publishing.
Full Changelog: v2.44.0...v2.44.1