Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. Reference: https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31 Upstream patch: https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f