File CVE-2022-0235.patch of Package nodejs10.26739

Index: node-v8.17.0/deps/npm/node_modules/node-fetch-npm/src/index.js
===================================================================
--- node-v8.17.0.orig/deps/npm/node_modules/node-fetch-npm/src/index.js
+++ node-v8.17.0/deps/npm/node_modules/node-fetch-npm/src/index.js
@@ -99,6 +99,9 @@ function fetch (uri, opts) {
         }
         if (url.parse(request.url).hostname !== redirectURL.hostname) {
           request.headers.delete('authorization')
+          request.headers.delete('www-authenticate')
+          request.headers.delete('cookie')
+          request.headers.delete('cookie2')
         }
 
         // per fetch spec, for POST request with 301/302 response, or any request with 303 response, use GET when following redirect