node-fetch+3.3.2.patch

diff --git a/node_modules/node-fetch/src/index.js b/node_modules/node-fetch/src/index.js
index 7c4aee8..270cbb6 100644
--- a/node_modules/node-fetch/src/index.js
+++ b/node_modules/node-fetch/src/index.js
@@ -197,21 +197,6 @@ export default async function fetch(url, options_) {
 							referrerPolicy: request.referrerPolicy
 						};
 
-						// when forwarding sensitive headers like "Authorization",
-						// "WWW-Authenticate", and "Cookie" to untrusted targets,
-						// headers will be ignored when following a redirect to a domain
-						// that is not a subdomain match or exact match of the initial domain.
-						// For example, a redirect from "foo.com" to either "foo.com" or "sub.foo.com"
-						// will forward the sensitive headers, but a redirect to "bar.com" will not.
-						// headers will also be ignored when following a redirect to a domain using
-						// a different protocol. For example, a redirect from "https://foo.com" to "http://foo.com"
-						// will not forward the sensitive headers
-						if (!isDomainOrSubdomain(request.url, locationURL) || !isSameProtocol(request.url, locationURL)) {
-							for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {
-								requestOptions.headers.delete(name);
-							}
-						}
-
 						// HTTP-redirect fetch step 9
 						if (response_.statusCode !== 303 && request.body && options_.body instanceof Stream.Readable) {
 							reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));

To use:

yarn add -D patch-package postinstall-postinstall
mkdir patches
cp <this patch> patches/node-fetch+3.3.2.patch

In package.json:

"scripts": {
  "postinstall": "patch-package",
  "prepare": "patch-package"
}