Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
…#1428) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.26.2` -> `5.28.3`](https://renovatebot.com/diffs/npm/undici/5.26.2/5.28.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.28.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.28.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.26.2/5.28.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.26.2/5.28.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-24758](https://togithub.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3) ### Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authorization` headers. ### Patches This is patched in v5.28.3 and v6.6.1 ### Workarounds There are no known workarounds. ### References - https://fetch.spec.whatwg.org/#authentication-entries - GHSA-wqq4-5wpv-mx2g --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.28.3`](https://togithub.com/nodejs/undici/releases/tag/v5.28.3) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.28.2...v5.28.3) ####⚠️ Security Release⚠️ Details on the vulnerabilities fixed will be shared in the next couple of days. **Full Changelog**: nodejs/undici@v5.28.2...v5.28.3 ### [`v5.28.2`](https://togithub.com/nodejs/undici/releases/tag/v5.28.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.28.1...v5.28.2) #### What's Changed - fix: remove optional chainning for compatible with Nodejs12 and below by [@​bugb](https://togithub.com/bugb) in [https://github.com/nodejs/undici/pull/2470](https://togithub.com/nodejs/undici/pull/2470) - fix: remove `node:` prefix by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2471](https://togithub.com/nodejs/undici/pull/2471) - perf: avoid Headers initialization by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2468](https://togithub.com/nodejs/undici/pull/2468) - fix: handle SharedArrayBuffer correctly by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2466](https://togithub.com/nodejs/undici/pull/2466) - fix: Add `null` type to `signal` in `RequestInit` by [@​gebsh](https://togithub.com/gebsh) in [https://github.com/nodejs/undici/pull/2455](https://togithub.com/nodejs/undici/pull/2455) - fix: correctly handle data URL with hashes. by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2475](https://togithub.com/nodejs/undici/pull/2475) - fix: check response for timinginfo allow flag by [@​ToshB](https://togithub.com/ToshB) in [https://github.com/nodejs/undici/pull/2477](https://togithub.com/nodejs/undici/pull/2477) - Make call to onBodySent conditional in RetryHandler by [@​MzUgM](https://togithub.com/MzUgM) in [https://github.com/nodejs/undici/pull/2478](https://togithub.com/nodejs/undici/pull/2478) - refactor: better integrity check by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2462](https://togithub.com/nodejs/undici/pull/2462) - fix: Added support for inline URL username:password proxy auth by [@​matt-way](https://togithub.com/matt-way) in [https://github.com/nodejs/undici/pull/2473](https://togithub.com/nodejs/undici/pull/2473) - build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2472](https://togithub.com/nodejs/undici/pull/2472) - build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2405](https://togithub.com/nodejs/undici/pull/2405) - build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2396](https://togithub.com/nodejs/undici/pull/2396) - build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2395](https://togithub.com/nodejs/undici/pull/2395) - build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2392](https://togithub.com/nodejs/undici/pull/2392) - build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2389](https://togithub.com/nodejs/undici/pull/2389) - build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2302](https://togithub.com/nodejs/undici/pull/2302) #### New Contributors - [@​bugb](https://togithub.com/bugb) made their first contribution in [https://github.com/nodejs/undici/pull/2470](https://togithub.com/nodejs/undici/pull/2470) - [@​gebsh](https://togithub.com/gebsh) made their first contribution in [https://github.com/nodejs/undici/pull/2455](https://togithub.com/nodejs/undici/pull/2455) - [@​ToshB](https://togithub.com/ToshB) made their first contribution in [https://github.com/nodejs/undici/pull/2477](https://togithub.com/nodejs/undici/pull/2477) - [@​MzUgM](https://togithub.com/MzUgM) made their first contribution in [https://github.com/nodejs/undici/pull/2478](https://togithub.com/nodejs/undici/pull/2478) - [@​matt-way](https://togithub.com/matt-way) made their first contribution in [https://github.com/nodejs/undici/pull/2473](https://togithub.com/nodejs/undici/pull/2473) **Full Changelog**: nodejs/undici@v5.28.1...v5.28.2 ### [`v5.28.1`](https://togithub.com/nodejs/undici/releases/tag/v5.28.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.28.0...v5.28.1) #### What's Changed - perf: Improve `normalizeMethod` by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2456](https://togithub.com/nodejs/undici/pull/2456) - fix: dispatch error handling by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2459](https://togithub.com/nodejs/undici/pull/2459) - perf(request): optimize if headers are given by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2454](https://togithub.com/nodejs/undici/pull/2454) **Full Changelog**: nodejs/undici@v5.28.0...v5.28.1 ### [`v5.28.0`](https://togithub.com/nodejs/undici/releases/tag/v5.28.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.27.2...v5.28.0) #### What's Changed - fix(parseHeaders): util.parseHeaders handle correctly array of buffer… by [@​mdoria12](https://togithub.com/mdoria12) in [https://github.com/nodejs/undici/pull/2398](https://togithub.com/nodejs/undici/pull/2398) - docs: add license to undici-types by [@​dancastillo](https://togithub.com/dancastillo) in [https://github.com/nodejs/undici/pull/2401](https://togithub.com/nodejs/undici/pull/2401) - perf: optimize Readable.dump by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2402](https://togithub.com/nodejs/undici/pull/2402) - perf(headers): Improve Headers by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2397](https://togithub.com/nodejs/undici/pull/2397) - test: re-enable conditional WPT Report for websockets by [@​panva](https://togithub.com/panva) in [https://github.com/nodejs/undici/pull/2407](https://togithub.com/nodejs/undici/pull/2407) - fix: delay abort on 'close' by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2408](https://togithub.com/nodejs/undici/pull/2408) - refactor: use `substring` instead of `substr` by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2411](https://togithub.com/nodejs/undici/pull/2411) - add additional http2 test with fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2419](https://togithub.com/nodejs/undici/pull/2419) - fix: HTTPToken check by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2410](https://togithub.com/nodejs/undici/pull/2410) - perf: optimize HeadersList.get by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2420](https://togithub.com/nodejs/undici/pull/2420) - properly handle pseudo-headers in fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2422](https://togithub.com/nodejs/undici/pull/2422) - perf(headers): if the guard is immutable by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2424](https://togithub.com/nodejs/undici/pull/2424) - fix(mock-agent): send stream body by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2425](https://togithub.com/nodejs/undici/pull/2425) - build(deps): bump github/codeql-action from 2.21.5 to 2.22.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2394](https://togithub.com/nodejs/undici/pull/2394) - feat([#​2264](https://togithub.com/nodejs/undici/issues/2264)): Expose Retry Handler by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2281](https://togithub.com/nodejs/undici/pull/2281) - fix: implement `Headers#set` correctly by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2432](https://togithub.com/nodejs/undici/pull/2432) - fix: implement `Headers#delete` correctly by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2430](https://togithub.com/nodejs/undici/pull/2430) - test: update websocket wpt availability by [@​panva](https://togithub.com/panva) in [https://github.com/nodejs/undici/pull/2437](https://togithub.com/nodejs/undici/pull/2437) - fix: type comment position by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2443](https://togithub.com/nodejs/undici/pull/2443) - fix: `onHeaders` type declaration by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2444](https://togithub.com/nodejs/undici/pull/2444) - remove http2 status pseudo header from headers by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2438](https://togithub.com/nodejs/undici/pull/2438) - docs: Clarify `path` matching in `intercept()` by [@​oliversalzburg](https://togithub.com/oliversalzburg) in [https://github.com/nodejs/undici/pull/2426](https://togithub.com/nodejs/undici/pull/2426) - fix: set-cookie clone by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2446](https://togithub.com/nodejs/undici/pull/2446) - docs: fix typo in maxConcurrentStreams by [@​tniessen](https://togithub.com/tniessen) in [https://github.com/nodejs/undici/pull/2450](https://togithub.com/nodejs/undici/pull/2450) - refactor: remove leftovers by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2451](https://togithub.com/nodejs/undici/pull/2451) - refactor: add missing new operator by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2452](https://togithub.com/nodejs/undici/pull/2452) #### New Contributors - [@​mdoria12](https://togithub.com/mdoria12) made their first contribution in [https://github.com/nodejs/undici/pull/2398](https://togithub.com/nodejs/undici/pull/2398) - [@​tsctx](https://togithub.com/tsctx) made their first contribution in [https://github.com/nodejs/undici/pull/2397](https://togithub.com/nodejs/undici/pull/2397) - [@​oliversalzburg](https://togithub.com/oliversalzburg) made their first contribution in [https://github.com/nodejs/undici/pull/2426](https://togithub.com/nodejs/undici/pull/2426) **Full Changelog**: nodejs/undici@v5.27.2...v5.28.0 ### [`v5.27.2`](https://togithub.com/nodejs/undici/releases/tag/v5.27.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.27.1...v5.27.2) **Full Changelog**: nodejs/undici@v5.27.1...v5.27.2 ### [`v5.27.1`](https://togithub.com/nodejs/undici/releases/tag/v5.27.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.27.0...v5.27.1) #### What's Changed - add regression test by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2376](https://togithub.com/nodejs/undici/pull/2376) - fix: define conditions when content-length should be sent by [@​pxue](https://togithub.com/pxue) in [https://github.com/nodejs/undici/pull/2305](https://togithub.com/nodejs/undici/pull/2305) - refactor: removed unnecessary default by [@​nikelborm](https://togithub.com/nikelborm) in [https://github.com/nodejs/undici/pull/2381](https://togithub.com/nodejs/undici/pull/2381) - fix: stream body handling by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2391](https://togithub.com/nodejs/undici/pull/2391) #### New Contributors - [@​pxue](https://togithub.com/pxue) made their first contribution in [https://github.com/nodejs/undici/pull/2305](https://togithub.com/nodejs/undici/pull/2305) - [@​nikelborm](https://togithub.com/nikelborm) made their first contribution in [https://github.com/nodejs/undici/pull/2381](https://togithub.com/nodejs/undici/pull/2381) **Full Changelog**: nodejs/undici@v5.27.0...v5.27.1 ### [`v5.27.0`](https://togithub.com/nodejs/undici/releases/tag/v5.27.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.5...v5.27.0) #### What's Changed - Use sets and reusable TextEncoder/TextDecoder instances by [@​kibertoad](https://togithub.com/kibertoad) in [https://github.com/nodejs/undici/pull/2368](https://togithub.com/nodejs/undici/pull/2368) - feat: forward onRequestSent to handler by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2375](https://togithub.com/nodejs/undici/pull/2375) - skip bundle test on node 16 by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2377](https://togithub.com/nodejs/undici/pull/2377) - fix windows CI by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2379](https://togithub.com/nodejs/undici/pull/2379) **Full Changelog**: nodejs/undici@v5.26.5...v5.27.0 ### [`v5.26.5`](https://togithub.com/nodejs/undici/releases/tag/v5.26.5) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.4...v5.26.5) #### What's Changed - Drop race condition in connect-timeout test by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2360](https://togithub.com/nodejs/undici/pull/2360) - Remove a couple of unnecessary async functions by [@​kibertoad](https://togithub.com/kibertoad) in [https://github.com/nodejs/undici/pull/2367](https://togithub.com/nodejs/undici/pull/2367) - Update namespace type with Fetch exports by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2361](https://togithub.com/nodejs/undici/pull/2361) **Full Changelog**: nodejs/undici@v5.26.4...v5.26.5 ### [`v5.26.4`](https://togithub.com/nodejs/undici/releases/tag/v5.26.4) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.3...v5.26.4) #### What's Changed - use esbuild define/hooks by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2342](https://togithub.com/nodejs/undici/pull/2342) - fix request's arrayBuffer returning uint8 instead of arraybuffer by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2344](https://togithub.com/nodejs/undici/pull/2344) - fix: skip readMore call if parser is null or undefined by [@​iiAku](https://togithub.com/iiAku) in [https://github.com/nodejs/undici/pull/2346](https://togithub.com/nodejs/undici/pull/2346) - test: first attempt for flaky fix by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2337](https://togithub.com/nodejs/undici/pull/2337) - test: only include WebSocket in WPT Report where it's landed by [@​panva](https://togithub.com/panva) in [https://github.com/nodejs/undici/pull/2351](https://togithub.com/nodejs/undici/pull/2351) - Update DispatchInterceptor.md by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2354](https://togithub.com/nodejs/undici/pull/2354) - fix: Avoid error for stream() being aborted by [@​BobNobrain](https://togithub.com/BobNobrain) in [https://github.com/nodejs/undici/pull/2355](https://togithub.com/nodejs/undici/pull/2355) - fix names with esbuild by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2359](https://togithub.com/nodejs/undici/pull/2359) #### New Contributors - [@​iiAku](https://togithub.com/iiAku) made their first contribution in [https://github.com/nodejs/undici/pull/2346](https://togithub.com/nodejs/undici/pull/2346) - [@​Uzlopak](https://togithub.com/Uzlopak) made their first contribution in [https://github.com/nodejs/undici/pull/2354](https://togithub.com/nodejs/undici/pull/2354) - [@​BobNobrain](https://togithub.com/BobNobrain) made their first contribution in [https://github.com/nodejs/undici/pull/2355](https://togithub.com/nodejs/undici/pull/2355) **Full Changelog**: nodejs/undici@v5.26.3...v5.26.4 ### [`v5.26.3`](https://togithub.com/nodejs/undici/compare/12a62187d45f332cf39dd405f7c52b759cf40cdd...227b9bedf233f741b86dda4ae9d1c7ad69f5d75c) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.2...v5.26.3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/coveo/cli). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information