-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: bump up undici version to v6.6.1 [SECURITY] #5828
Conversation
☁️ Nx Cloud ReportCI is running/has finished running commands for commit b6f776c. As they complete they will appear below. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this CI Pipeline Execution ✅ Successfully ran 6 targets
Sent with 💌 from NxCloud. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## canary #5828 +/- ##
==========================================
- Coverage 65.23% 65.14% -0.10%
==========================================
Files 348 348
Lines 19670 19670
Branches 1661 1660 -1
==========================================
- Hits 12832 12814 -18
- Misses 6617 6635 +18
Partials 221 221
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
ee0fa99
to
682cef2
Compare
Merge activity
|
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`6.0.1` -> `6.6.1`](https://renovatebot.com/diffs/npm/undici/6.0.1/6.6.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/6.0.1/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/6.0.1/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-24750](https://togithub.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw) ### Impact Calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. ### Patches Patched in v6.6.1 ### Workarounds Make sure to always consume the incoming body. #### [CVE-2024-24758](https://togithub.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3) ### Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authorization` headers. ### Patches This is patched in v5.28.3 and v6.6.1 ### Workarounds There are no known workarounds. ### References - https://fetch.spec.whatwg.org/#authentication-entries - GHSA-wqq4-5wpv-mx2g --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v6.6.1`](https://togithub.com/nodejs/undici/releases/tag/v6.6.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.6.0...v6.6.1) ####⚠️ Security Release⚠️ Details on the vulnerabilities fixed will be shared in the next couple of days. #### What's Changed - fix: flaky debug test by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2687](https://togithub.com/nodejs/undici/pull/2687) - build(deps): bump github/codeql-action from 3.22.12 to 3.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2688](https://togithub.com/nodejs/undici/pull/2688) - build(deps): bump actions/dependency-review-action from 3.1.0 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2689](https://togithub.com/nodejs/undici/pull/2689) - fix: ci pipeline warnings by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2685](https://togithub.com/nodejs/undici/pull/2685) - perf: optimize Iterator by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2692](https://togithub.com/nodejs/undici/pull/2692) **Full Changelog**: nodejs/undici@v6.6.0...v6.6.1 ### [`v6.6.0`](https://togithub.com/nodejs/undici/releases/tag/v6.6.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.5.0...v6.6.0) #### What's Changed - add webSocket example by [@​mertcanaltin](https://togithub.com/mertcanaltin) in [https://github.com/nodejs/undici/pull/2626](https://togithub.com/nodejs/undici/pull/2626) - chore: remove atomic-sleep as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2648](https://togithub.com/nodejs/undici/pull/2648) - chore: remove semver as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2646](https://togithub.com/nodejs/undici/pull/2646) - chore: remove table as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2649](https://togithub.com/nodejs/undici/pull/2649) - chore: remove delay as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2647](https://togithub.com/nodejs/undici/pull/2647) - chore: reduce noise in test-logs test/issue-2349.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2655](https://togithub.com/nodejs/undici/pull/2655) - chore: fix faketimer warning in test/request-timeout.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2656](https://togithub.com/nodejs/undici/pull/2656) - chore: reduce noise in test logs test/client-node-max-header-size.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2654](https://togithub.com/nodejs/undici/pull/2654) - refactor: use fromInnerResponse by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2635](https://togithub.com/nodejs/undici/pull/2635) - fix: support deflate raw responses by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2650](https://togithub.com/nodejs/undici/pull/2650) - Support building for externally shared js builtins by [@​mochaaP](https://togithub.com/mochaaP) in [https://github.com/nodejs/undici/pull/2643](https://togithub.com/nodejs/undici/pull/2643) - fix: typo clampAndCoarsenConnectionTimingInfo by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2653](https://togithub.com/nodejs/undici/pull/2653) - chore: use 'node:'-prefix for requiring node core modules by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2662](https://togithub.com/nodejs/undici/pull/2662) - build(deps-dev): bump husky from 8.0.3 to 9.0.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2667](https://togithub.com/nodejs/undici/pull/2667) - build(deps-dev): bump cronometro from 1.2.0 to 2.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2668](https://togithub.com/nodejs/undici/pull/2668) - remove timers/promises import by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2665](https://togithub.com/nodejs/undici/pull/2665) - chore: fix various codesmells by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2669](https://togithub.com/nodejs/undici/pull/2669) - chore: remove this alias in agent.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2671](https://togithub.com/nodejs/undici/pull/2671) - chore: use optional chaining by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2666](https://togithub.com/nodejs/undici/pull/2666) - chore: small perf improvements by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2661](https://togithub.com/nodejs/undici/pull/2661) - implement spec changes from a while ago by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2676](https://togithub.com/nodejs/undici/pull/2676) - websocket: fix close when no closing code is received by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2680](https://togithub.com/nodejs/undici/pull/2680) - fix: make ci less flaky by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2684](https://togithub.com/nodejs/undici/pull/2684) #### New Contributors - [@​mochaaP](https://togithub.com/mochaaP) made their first contribution in [https://github.com/nodejs/undici/pull/2643](https://togithub.com/nodejs/undici/pull/2643) **Full Changelog**: nodejs/undici@v6.5.0...v6.6.0 ### [`v6.5.0`](https://togithub.com/nodejs/undici/releases/tag/v6.5.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.4.0...v6.5.0) #### What's Changed - build(deps-dev): bump jsdom from 23.2.0 to 24.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2632](https://togithub.com/nodejs/undici/pull/2632) - feat: Implement EventSource by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2608](https://togithub.com/nodejs/undici/pull/2608) - fix: readable body by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2642](https://togithub.com/nodejs/undici/pull/2642) **Full Changelog**: nodejs/undici@v6.4.0...v6.5.0 ### [`v6.4.0`](https://togithub.com/nodejs/undici/releases/tag/v6.4.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.3.0...v6.4.0) ##### What's Changed - refactor: version cleanup by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2605](https://togithub.com/nodejs/undici/pull/2605) - cacheStorage: separate matchAll logic by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2599](https://togithub.com/nodejs/undici/pull/2599) - cleanup index by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2598](https://togithub.com/nodejs/undici/pull/2598) - feat: port `balanced-pool`, `ca-fingerprint`, `client-abort` tests to `node:test` by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2584](https://togithub.com/nodejs/undici/pull/2584) - ci: unpin nodejs workflow version by [@​dominykas](https://togithub.com/dominykas) in [https://github.com/nodejs/undici/pull/2434](https://togithub.com/nodejs/undici/pull/2434) - test([#​2600](https://togithub.com/nodejs/undici/issues/2600)): Flaky debug test by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2607](https://togithub.com/nodejs/undici/pull/2607) - fix: h2 hang issue with empty body by [@​timursevimli](https://togithub.com/timursevimli) in [https://github.com/nodejs/undici/pull/2601](https://togithub.com/nodejs/undici/pull/2601) - Fix tests for Node.js v21 by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2609](https://togithub.com/nodejs/undici/pull/2609) - perf(cache): avoid Request and Response initialization by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2610](https://togithub.com/nodejs/undici/pull/2610) - Add more libraries to benchmarks by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2614](https://togithub.com/nodejs/undici/pull/2614) - feat: port `client-connect`, `client-dispatch`, `client-errors` test to `node:test` by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2591](https://togithub.com/nodejs/undici/pull/2591) - exit with 1 if WPT runner has unexpected errors by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2621](https://togithub.com/nodejs/undici/pull/2621) - Fix tests for Node.js v20.11.0 by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2618](https://togithub.com/nodejs/undici/pull/2618) - fix(mock-agent): split set-cookie by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2619](https://togithub.com/nodejs/undici/pull/2619) - feat: implement throwOnMaxRedirect option for RedirectHandler by [@​mertcanaltin](https://togithub.com/mertcanaltin) in [https://github.com/nodejs/undici/pull/2563](https://togithub.com/nodejs/undici/pull/2563) - test: fix flaky debug test by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2613](https://togithub.com/nodejs/undici/pull/2613) - fix: hide statusOutput if empty in handleRunnerCompletion by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2624](https://togithub.com/nodejs/undici/pull/2624) - docs: Fix typo in Debug.md by [@​Skn0tt](https://togithub.com/Skn0tt) in [https://github.com/nodejs/undici/pull/2625](https://togithub.com/nodejs/undici/pull/2625) - fix(cache): set AbortSignal by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2612](https://togithub.com/nodejs/undici/pull/2612) - Use correct http Agent for node-fetch, axios, got and request by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2629](https://togithub.com/nodejs/undici/pull/2629) ##### New Contributors - [@​timursevimli](https://togithub.com/timursevimli) made their first contribution in [https://github.com/nodejs/undici/pull/2601](https://togithub.com/nodejs/undici/pull/2601) - [@​mertcanaltin](https://togithub.com/mertcanaltin) made their first contribution in [https://github.com/nodejs/undici/pull/2563](https://togithub.com/nodejs/undici/pull/2563) - [@​Skn0tt](https://togithub.com/Skn0tt) made their first contribution in [https://github.com/nodejs/undici/pull/2625](https://togithub.com/nodejs/undici/pull/2625) **Full Changelog**: nodejs/undici@v6.3.0...v6.4.0 ### [`v6.3.0`](https://togithub.com/nodejs/undici/releases/tag/v6.3.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.2.1...v6.3.0) #### What's Changed - Clear all timeout on destroy and close by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2535](https://togithub.com/nodejs/undici/pull/2535) - ConnectOptions should include 'origin' field by [@​dvoytenko](https://togithub.com/dvoytenko) in [https://github.com/nodejs/undici/pull/2532](https://togithub.com/nodejs/undici/pull/2532) - perf: avoid toLowerCase call by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2537](https://togithub.com/nodejs/undici/pull/2537) - revert [`a1a8136`](https://togithub.com/nodejs/undici/commit/a1a8136) by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2539](https://togithub.com/nodejs/undici/pull/2539) - docs: add Util to sidebar by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2529](https://togithub.com/nodejs/undici/pull/2529) - fix: call explicitly unregister by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2534](https://togithub.com/nodejs/undici/pull/2534) - fix: check the content-type of invalid formData by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2541](https://togithub.com/nodejs/undici/pull/2541) - Add request examples. by [@​autopulated](https://togithub.com/autopulated) in [https://github.com/nodejs/undici/pull/2380](https://togithub.com/nodejs/undici/pull/2380) - fix(HTTP/2): handle consumption of aborted request by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2387](https://togithub.com/nodejs/undici/pull/2387) - chore: update tst test by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2538](https://togithub.com/nodejs/undici/pull/2538) - fix(fetch): do not abort fetch on redirect by [@​angelyan](https://togithub.com/angelyan) in [https://github.com/nodejs/undici/pull/2545](https://togithub.com/nodejs/undici/pull/2545) - drop verifyVersion in scripts by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2549](https://togithub.com/nodejs/undici/pull/2549) - types: remove unused Client and Pool types by [@​RafaelGSS](https://togithub.com/RafaelGSS) in [https://github.com/nodejs/undici/pull/2557](https://togithub.com/nodejs/undici/pull/2557) - lib: fix Host header when CONNECT ProxyAgent by [@​RafaelGSS](https://togithub.com/RafaelGSS) in [https://github.com/nodejs/undici/pull/2556](https://togithub.com/nodejs/undici/pull/2556) - feat: port cookies tests to node runner by [@​pmarchini](https://togithub.com/pmarchini) in [https://github.com/nodejs/undici/pull/2547](https://togithub.com/nodejs/undici/pull/2547) - feat: port webidl tests to node test runner by [@​ilteoood](https://togithub.com/ilteoood) in [https://github.com/nodejs/undici/pull/2554](https://togithub.com/nodejs/undici/pull/2554) - perf: Improve percentDecode by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2562](https://togithub.com/nodejs/undici/pull/2562) - Fix parseHashWithOptions regex by [@​flapenna](https://togithub.com/flapenna) in [https://github.com/nodejs/undici/pull/2561](https://togithub.com/nodejs/undici/pull/2561) - feat: port diagnostic-channel tests to node test runner by [@​ilteoood](https://togithub.com/ilteoood) in [https://github.com/nodejs/undici/pull/2559](https://togithub.com/nodejs/undici/pull/2559) - feat: port websocket tests to node test runner by [@​ilteoood](https://togithub.com/ilteoood) in [https://github.com/nodejs/undici/pull/2553](https://togithub.com/nodejs/undici/pull/2553) - build(deps-dev): bump tsd from 0.29.0 to 0.30.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2551](https://togithub.com/nodejs/undici/pull/2551) - build(deps): bump actions/setup-node from 4.0.0 to 4.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2572](https://togithub.com/nodejs/undici/pull/2572) - build(deps): bump github/codeql-action from 2.22.5 to 3.22.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2574](https://togithub.com/nodejs/undici/pull/2574) - Update `@matteo.collina/tspl` to 0.1.1 by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2576](https://togithub.com/nodejs/undici/pull/2576) - mark wpt as failing by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2581](https://togithub.com/nodejs/undici/pull/2581) - feat: port `abort-controller.js` tests to `node:test` runner by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2564](https://togithub.com/nodejs/undici/pull/2564) - fix data url test by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2580](https://togithub.com/nodejs/undici/pull/2580) - feat: port `async_hooks.js` tests to `node:test` runner by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2568](https://togithub.com/nodejs/undici/pull/2568) - feat: port `agent.js` tests to `node:test` runner by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2566](https://togithub.com/nodejs/undici/pull/2566) - feat: port `abort-event-emitter.js` tests to `node:test` runnner by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2565](https://togithub.com/nodejs/undici/pull/2565) - feat: port first half of fetch tests to node test runner by [@​anurag-roy](https://togithub.com/anurag-roy) in [https://github.com/nodejs/undici/pull/2569](https://togithub.com/nodejs/undici/pull/2569) - perf: bypass method validation by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2583](https://togithub.com/nodejs/undici/pull/2583) - fetch: warn when using patch method by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2577](https://togithub.com/nodejs/undici/pull/2577) - feat: port `autoselectfamily.js` tests to `node:test` runner by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2570](https://togithub.com/nodejs/undici/pull/2570) - feat: port remaining fetch tests to node test runner by [@​anurag-roy](https://togithub.com/anurag-roy) in [https://github.com/nodejs/undici/pull/2587](https://togithub.com/nodejs/undici/pull/2587) - fix: use isArrayBuffer instead of isAnyArrayBuffer by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2586](https://togithub.com/nodejs/undici/pull/2586) - Feat/migrate tests to node runner by [@​pmarchini](https://togithub.com/pmarchini) in [https://github.com/nodejs/undici/pull/2593](https://togithub.com/nodejs/undici/pull/2593) - abort request with reason if one is provided by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2592](https://togithub.com/nodejs/undici/pull/2592) - feat: port tst test to node test runner by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2595](https://togithub.com/nodejs/undici/pull/2595) - feat([#​2191](https://togithub.com/nodejs/undici/issues/2191)): Add support for `NODE_DEBUG` by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2585](https://togithub.com/nodejs/undici/pull/2585) - cacheStorage: fix bugs make wpts pass by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2596](https://togithub.com/nodejs/undici/pull/2596) - fix: non-object error in abort throws bad error by [@​atlowChemi](https://togithub.com/atlowChemi) in [https://github.com/nodejs/undici/pull/2597](https://togithub.com/nodejs/undici/pull/2597) - fix: add test helper for closing server as promise by [@​sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2604](https://togithub.com/nodejs/undici/pull/2604) #### New Contributors - [@​dvoytenko](https://togithub.com/dvoytenko) made their first contribution in [https://github.com/nodejs/undici/pull/2532](https://togithub.com/nodejs/undici/pull/2532) - [@​autopulated](https://togithub.com/autopulated) made their first contribution in [https://github.com/nodejs/undici/pull/2380](https://togithub.com/nodejs/undici/pull/2380) - [@​angelyan](https://togithub.com/angelyan) made their first contribution in [https://github.com/nodejs/undici/pull/2545](https://togithub.com/nodejs/undici/pull/2545) - [@​pmarchini](https://togithub.com/pmarchini) made their first contribution in [https://github.com/nodejs/undici/pull/2547](https://togithub.com/nodejs/undici/pull/2547) - [@​ilteoood](https://togithub.com/ilteoood) made their first contribution in [https://github.com/nodejs/undici/pull/2554](https://togithub.com/nodejs/undici/pull/2554) - [@​flapenna](https://togithub.com/flapenna) made their first contribution in [https://github.com/nodejs/undici/pull/2561](https://togithub.com/nodejs/undici/pull/2561) - [@​sosukesuzuki](https://togithub.com/sosukesuzuki) made their first contribution in [https://github.com/nodejs/undici/pull/2576](https://togithub.com/nodejs/undici/pull/2576) - [@​anurag-roy](https://togithub.com/anurag-roy) made their first contribution in [https://github.com/nodejs/undici/pull/2569](https://togithub.com/nodejs/undici/pull/2569) **Full Changelog**: nodejs/undici@v6.2.1...v6.3.0 ### [`v6.2.1`](https://togithub.com/nodejs/undici/releases/tag/v6.2.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.2.0...v6.2.1) ##### What's Changed - perf: use tree by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2528](https://togithub.com/nodejs/undici/pull/2528) - chore: reduce dependencies by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2533](https://togithub.com/nodejs/undici/pull/2533) - Remove timers in agent.js by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2536](https://togithub.com/nodejs/undici/pull/2536) **Full Changelog**: nodejs/undici@v6.2.0...v6.2.1 ### [`v6.2.0`](https://togithub.com/nodejs/undici/releases/tag/v6.2.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.1.0...v6.2.0) #### What's Changed - Remove FinalizationRegistry from Agent by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2530](https://togithub.com/nodejs/undici/pull/2530) **Full Changelog**: nodejs/undici@v6.1.0...v6.2.0 ### [`v6.1.0`](https://togithub.com/nodejs/undici/releases/tag/v6.1.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.0.1...v6.1.0) #### What's Changed - fix: more sensible stack trace from dump error by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2503](https://togithub.com/nodejs/undici/pull/2503) - refactor: remove some node compat by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2502](https://togithub.com/nodejs/undici/pull/2502) - refactor: version cleanup by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2507](https://togithub.com/nodejs/undici/pull/2507) - perf(fetch): Improve fetch of detaurl by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2479](https://togithub.com/nodejs/undici/pull/2479) - feat: expose parseHeader by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2511](https://togithub.com/nodejs/undici/pull/2511) - perf(fetch): optimize call `dispatch` by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2493](https://togithub.com/nodejs/undici/pull/2493) - perf(util/parseHeaders): If the header name is buffer by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2501](https://togithub.com/nodejs/undici/pull/2501) - perf: twice faster method check by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2495](https://togithub.com/nodejs/undici/pull/2495) - refactor: remove Error.captureStackTrace by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2509](https://togithub.com/nodejs/undici/pull/2509) - perf: Improve processHeader by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2513](https://togithub.com/nodejs/undici/pull/2513) - perf: reduce `String#toLowerCase` call by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2516](https://togithub.com/nodejs/undici/pull/2516) - perf: optimize consumeEnd by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2510](https://togithub.com/nodejs/undici/pull/2510) - perf: reduce tst built time by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2517](https://togithub.com/nodejs/undici/pull/2517) - feat: allow customization of build environment by [@​khardix](https://togithub.com/khardix) in [https://github.com/nodejs/undici/pull/2403](https://togithub.com/nodejs/undici/pull/2403) - fix: clear cache by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2519](https://togithub.com/nodejs/undici/pull/2519) - feat: Add resource timing entries for connection, request and response by [@​ToshB](https://togithub.com/ToshB) in [https://github.com/nodejs/undici/pull/2481](https://togithub.com/nodejs/undici/pull/2481) - Call fg.unregister() after a dispatcher is done, adds UNDICI_NO_FG to… by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2527](https://togithub.com/nodejs/undici/pull/2527) - feat: expose headerNameToString by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2525](https://togithub.com/nodejs/undici/pull/2525) #### New Contributors - [@​khardix](https://togithub.com/khardix) made their first contribution in [https://github.com/nodejs/undici/pull/2403](https://togithub.com/nodejs/undici/pull/2403) **Full Changelog**: nodejs/undici@v6.0.1...v6.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5In0=-->
682cef2
to
b6f776c
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
This PR contains the following updates:
6.0.1
->6.6.1
GitHub Vulnerability Alerts
CVE-2024-24750
Impact
Calling
fetch(url)
and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.Patches
Patched in v6.6.1
Workarounds
Make sure to always consume the incoming body.
CVE-2024-24758
Impact
Undici already cleared Authorization headers on cross-origin redirects, but did not clear
Proxy-Authorization
headers.Patches
This is patched in v5.28.3 and v6.6.1
Workarounds
There are no known workarounds.
References
Release Notes
nodejs/undici (undici)
v6.6.1
Compare Source
Details on the vulnerabilities fixed will be shared in the next couple of days.
What's Changed
Full Changelog: nodejs/undici@v6.6.0...v6.6.1
v6.6.0
Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v6.5.0...v6.6.0
v6.5.0
Compare Source
What's Changed
Full Changelog: nodejs/undici@v6.4.0...v6.5.0
v6.4.0
Compare Source
What's Changed
balanced-pool
,ca-fingerprint
,client-abort
tests tonode:test
by @sosukesuzuki in https://github.com/nodejs/undici/pull/2584client-connect
,client-dispatch
,client-errors
test tonode:test
by @sosukesuzuki in https://github.com/nodejs/undici/pull/2591New Contributors
Full Changelog: nodejs/undici@v6.3.0...v6.4.0
v6.3.0
Compare Source
What's Changed
a1a8136
by @KhafraDev in https://github.com/nodejs/undici/pull/2539@matteo.collina/tspl
to 0.1.1 by @sosukesuzuki in https://github.com/nodejs/undici/pull/2576abort-controller.js
tests tonode:test
runner by @sosukesuzuki in https://github.com/nodejs/undici/pull/2564async_hooks.js
tests tonode:test
runner by @sosukesuzuki in https://github.com/nodejs/undici/pull/2568agent.js
tests tonode:test
runner by @sosukesuzuki in https://github.com/nodejs/undici/pull/2566abort-event-emitter.js
tests tonode:test
runnner by @sosukesuzuki in https://github.com/nodejs/undici/pull/2565autoselectfamily.js
tests tonode:test
runner by @sosukesuzuki in https://github.com/nodejs/undici/pull/2570NODE_DEBUG
by @metcoder95 in https://github.com/nodejs/undici/pull/2585New Contributors
Full Changelog: nodejs/undici@v6.2.1...v6.3.0
v6.2.1
Compare Source
What's Changed
Full Changelog: nodejs/undici@v6.2.0...v6.2.1
v6.2.0
Compare Source
What's Changed
Full Changelog: nodejs/undici@v6.1.0...v6.2.0
v6.1.0
Compare Source
What's Changed
dispatch
by @tsctx in https://github.com/nodejs/undici/pull/2493String#toLowerCase
call by @tsctx in https://github.com/nodejs/undici/pull/2516New Contributors
Full Changelog: nodejs/undici@v6.0.1...v6.1.0
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.