release: v2.44.1 (#819)

github-actions[bot] · fengmk2 · web-flow · commit 98b76abbabab · 2026-06-13T22:52:28.000+08:00
Release urllib v2.44.1. Merging this PR updates the version on `2.x` and triggers the release workflow, which publishes to npm (dist-tag `latest-2`) and creates the GitHub Release after manual approval. ## What's Changed ### Security * Do not forward credential headers (`Authorization`, `Cookie`, `Proxy-Authorization`) on cross-origin redirect, and clear `auth`/`digestAuth` before following. Same-origin redirects are unchanged and the caller's headers object is never mutated (#813). ### Internal * Two-stage release workflow with manual approval, publishing the 2.x line to the `latest-2` npm dist-tag (#815). * Use Node 24 in the release workflow for npm 11 OIDC trusted publishing. --------- Co-authored-by: fengmk2 <156269+fengmk2@users.noreply.github.com> Co-authored-by: MK <fengmk2@gmail.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## [2.44.1](https://github.com/node-modules/urllib/compare/v2.44.0...v2.44.1) (2026-06-13)
+
+
+### Bug Fixes
+
+* do not forward credential headers on cross-origin redirect ([#813](https://github.com/node-modules/urllib/issues/813)) ([7c86c46](https://github.com/node-modules/urllib/commit/7c86c465883ebd3dea5109c87d7bbe3b00960a16))
+
 ## [2.44.0](https://github.com/node-modules/urllib/compare/v2.43.0...v2.44.0) (2024-07-08)
 
 
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "urllib",
-  "version": "2.44.0",
+  "version": "2.44.1",
   "publishConfig": {
     "tag": "latest-2"
   },

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "urllib",`
`3`		`- "version": "2.44.0",`
	`3`	`+ "version": "2.44.1",`
`4`	`4`	`"publishConfig": {`
`5`	`5`	`"tag": "latest-2"`
`6`	`6`	`},`