Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: bump up undici version to v6.6.1 [SECURITY] #5828

Merged
merged 1 commit into from
Feb 20, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 16, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
undici (source) 6.0.1 -> 6.6.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-24750

Impact

Calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.

Patches

Patched in v6.6.1

Workarounds

Make sure to always consume the incoming body.

CVE-2024-24758

Impact

Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers.

Patches

This is patched in v5.28.3 and v6.6.1

Workarounds

There are no known workarounds.

References


Release Notes

nodejs/undici (undici)

v6.6.1

Compare Source

⚠️ Security Release ⚠️

Details on the vulnerabilities fixed will be shared in the next couple of days.

What's Changed

Full Changelog: nodejs/undici@v6.6.0...v6.6.1

v6.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.5.0...v6.6.0

v6.5.0

Compare Source

What's Changed

Full Changelog: nodejs/undici@v6.4.0...v6.5.0

v6.4.0

Compare Source

What's Changed
New Contributors

Full Changelog: nodejs/undici@v6.3.0...v6.4.0

v6.3.0

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.2.1...v6.3.0

v6.2.1

Compare Source

What's Changed

Full Changelog: nodejs/undici@v6.2.0...v6.2.1

v6.2.0

Compare Source

What's Changed

Full Changelog: nodejs/undici@v6.1.0...v6.2.0

v6.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.0.1...v6.1.0


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 16, 2024
Copy link

nx-cloud bot commented Feb 16, 2024

Copy link

codecov bot commented Feb 16, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (88e5ab0) 65.23% compared to head (b6f776c) 65.14%.

Additional details and impacted files
@@            Coverage Diff             @@
##           canary    #5828      +/-   ##
==========================================
- Coverage   65.23%   65.14%   -0.10%     
==========================================
  Files         348      348              
  Lines       19670    19670              
  Branches     1661     1660       -1     
==========================================
- Hits        12832    12814      -18     
- Misses       6617     6635      +18     
  Partials      221      221              
Flag Coverage Δ
server-test 71.35% <ø> (-0.13%) ⬇️
unittest 46.78% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot force-pushed the renovate/npm-undici-vulnerability branch from ee0fa99 to 682cef2 Compare February 20, 2024 04:10
Copy link

graphite-app bot commented Feb 20, 2024

Merge activity

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`6.0.1` -> `6.6.1`](https://renovatebot.com/diffs/npm/undici/6.0.1/6.6.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/6.0.1/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/6.0.1/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

### GitHub Vulnerability Alerts

#### [CVE-2024-24750](https://togithub.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw)

### Impact

Calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.

### Patches

Patched in v6.6.1

### Workarounds

Make sure to always consume the incoming body.

#### [CVE-2024-24758](https://togithub.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3)

### Impact

Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authorization` headers.

### Patches

This is patched in v5.28.3 and v6.6.1

### Workarounds

There are no known workarounds.

### References

- https://fetch.spec.whatwg.org/#authentication-entries
- GHSA-wqq4-5wpv-mx2g

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v6.6.1`](https://togithub.com/nodejs/undici/releases/tag/v6.6.1)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.6.0...v6.6.1)

#### ⚠️ Security Release ⚠️

Details on the vulnerabilities fixed will be shared in the next couple of days.

#### What's Changed

-   fix: flaky debug test by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2687](https://togithub.com/nodejs/undici/pull/2687)
-   build(deps): bump github/codeql-action from 3.22.12 to 3.23.2 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2688](https://togithub.com/nodejs/undici/pull/2688)
-   build(deps): bump actions/dependency-review-action from 3.1.0 to 4.0.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2689](https://togithub.com/nodejs/undici/pull/2689)
-   fix: ci pipeline warnings by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2685](https://togithub.com/nodejs/undici/pull/2685)
-   perf: optimize Iterator by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2692](https://togithub.com/nodejs/undici/pull/2692)

**Full Changelog**: nodejs/undici@v6.6.0...v6.6.1

### [`v6.6.0`](https://togithub.com/nodejs/undici/releases/tag/v6.6.0)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.5.0...v6.6.0)

#### What's Changed

-   add webSocket example by [@&#8203;mertcanaltin](https://togithub.com/mertcanaltin) in [https://github.com/nodejs/undici/pull/2626](https://togithub.com/nodejs/undici/pull/2626)
-   chore: remove atomic-sleep as dev dependency by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2648](https://togithub.com/nodejs/undici/pull/2648)
-   chore: remove semver as dev dependency by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2646](https://togithub.com/nodejs/undici/pull/2646)
-   chore: remove table as dev dependency by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2649](https://togithub.com/nodejs/undici/pull/2649)
-   chore: remove delay as dev dependency by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2647](https://togithub.com/nodejs/undici/pull/2647)
-   chore: reduce noise in test-logs test/issue-2349.js by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2655](https://togithub.com/nodejs/undici/pull/2655)
-   chore: fix faketimer warning in test/request-timeout.js by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2656](https://togithub.com/nodejs/undici/pull/2656)
-   chore: reduce noise in test logs test/client-node-max-header-size.js by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2654](https://togithub.com/nodejs/undici/pull/2654)
-   refactor: use fromInnerResponse by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2635](https://togithub.com/nodejs/undici/pull/2635)
-   fix: support deflate raw responses by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2650](https://togithub.com/nodejs/undici/pull/2650)
-   Support building for externally shared js builtins by [@&#8203;mochaaP](https://togithub.com/mochaaP) in [https://github.com/nodejs/undici/pull/2643](https://togithub.com/nodejs/undici/pull/2643)
-   fix: typo clampAndCoarsenConnectionTimingInfo by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2653](https://togithub.com/nodejs/undici/pull/2653)
-   chore: use 'node:'-prefix for requiring node core modules by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2662](https://togithub.com/nodejs/undici/pull/2662)
-   build(deps-dev): bump husky from 8.0.3 to 9.0.7 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2667](https://togithub.com/nodejs/undici/pull/2667)
-   build(deps-dev): bump cronometro from 1.2.0 to 2.0.2 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2668](https://togithub.com/nodejs/undici/pull/2668)
-   remove timers/promises import by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2665](https://togithub.com/nodejs/undici/pull/2665)
-   chore: fix various codesmells by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2669](https://togithub.com/nodejs/undici/pull/2669)
-   chore: remove this alias in agent.js by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2671](https://togithub.com/nodejs/undici/pull/2671)
-   chore: use optional chaining by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2666](https://togithub.com/nodejs/undici/pull/2666)
-   chore: small perf improvements by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2661](https://togithub.com/nodejs/undici/pull/2661)
-   implement spec changes from a while ago by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2676](https://togithub.com/nodejs/undici/pull/2676)
-   websocket: fix close when no closing code is received by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2680](https://togithub.com/nodejs/undici/pull/2680)
-   fix: make ci less flaky by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2684](https://togithub.com/nodejs/undici/pull/2684)

#### New Contributors

-   [@&#8203;mochaaP](https://togithub.com/mochaaP) made their first contribution in [https://github.com/nodejs/undici/pull/2643](https://togithub.com/nodejs/undici/pull/2643)

**Full Changelog**: nodejs/undici@v6.5.0...v6.6.0

### [`v6.5.0`](https://togithub.com/nodejs/undici/releases/tag/v6.5.0)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.4.0...v6.5.0)

#### What's Changed

-   build(deps-dev): bump jsdom from 23.2.0 to 24.0.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2632](https://togithub.com/nodejs/undici/pull/2632)
-   feat: Implement EventSource by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2608](https://togithub.com/nodejs/undici/pull/2608)
-   fix: readable body by [@&#8203;ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2642](https://togithub.com/nodejs/undici/pull/2642)

**Full Changelog**: nodejs/undici@v6.4.0...v6.5.0

### [`v6.4.0`](https://togithub.com/nodejs/undici/releases/tag/v6.4.0)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.3.0...v6.4.0)

##### What's Changed

-   refactor: version cleanup by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2605](https://togithub.com/nodejs/undici/pull/2605)
-   cacheStorage: separate matchAll logic by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2599](https://togithub.com/nodejs/undici/pull/2599)
-   cleanup index by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2598](https://togithub.com/nodejs/undici/pull/2598)
-   feat: port `balanced-pool`, `ca-fingerprint`, `client-abort` tests to `node:test` by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2584](https://togithub.com/nodejs/undici/pull/2584)
-   ci: unpin nodejs workflow version by [@&#8203;dominykas](https://togithub.com/dominykas) in [https://github.com/nodejs/undici/pull/2434](https://togithub.com/nodejs/undici/pull/2434)
-   test([#&#8203;2600](https://togithub.com/nodejs/undici/issues/2600)): Flaky debug test by [@&#8203;metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2607](https://togithub.com/nodejs/undici/pull/2607)
-   fix: h2 hang issue with empty body by [@&#8203;timursevimli](https://togithub.com/timursevimli) in [https://github.com/nodejs/undici/pull/2601](https://togithub.com/nodejs/undici/pull/2601)
-   Fix tests for Node.js v21 by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2609](https://togithub.com/nodejs/undici/pull/2609)
-   perf(cache): avoid Request and Response initialization by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2610](https://togithub.com/nodejs/undici/pull/2610)
-   Add more libraries to benchmarks by [@&#8203;mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2614](https://togithub.com/nodejs/undici/pull/2614)
-   feat: port `client-connect`, `client-dispatch`, `client-errors` test to `node:test` by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2591](https://togithub.com/nodejs/undici/pull/2591)
-   exit with 1 if WPT runner has unexpected errors by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2621](https://togithub.com/nodejs/undici/pull/2621)
-   Fix tests for Node.js v20.11.0 by [@&#8203;mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2618](https://togithub.com/nodejs/undici/pull/2618)
-   fix(mock-agent): split set-cookie by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2619](https://togithub.com/nodejs/undici/pull/2619)
-   feat: implement throwOnMaxRedirect option for RedirectHandler by [@&#8203;mertcanaltin](https://togithub.com/mertcanaltin) in [https://github.com/nodejs/undici/pull/2563](https://togithub.com/nodejs/undici/pull/2563)
-   test: fix flaky debug test by [@&#8203;metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2613](https://togithub.com/nodejs/undici/pull/2613)
-   fix: hide statusOutput if empty in handleRunnerCompletion by [@&#8203;Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2624](https://togithub.com/nodejs/undici/pull/2624)
-   docs: Fix typo in Debug.md by [@&#8203;Skn0tt](https://togithub.com/Skn0tt) in [https://github.com/nodejs/undici/pull/2625](https://togithub.com/nodejs/undici/pull/2625)
-   fix(cache): set AbortSignal by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2612](https://togithub.com/nodejs/undici/pull/2612)
-   Use correct http Agent for node-fetch, axios, got and request by [@&#8203;mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2629](https://togithub.com/nodejs/undici/pull/2629)

##### New Contributors

-   [@&#8203;timursevimli](https://togithub.com/timursevimli) made their first contribution in [https://github.com/nodejs/undici/pull/2601](https://togithub.com/nodejs/undici/pull/2601)
-   [@&#8203;mertcanaltin](https://togithub.com/mertcanaltin) made their first contribution in [https://github.com/nodejs/undici/pull/2563](https://togithub.com/nodejs/undici/pull/2563)
-   [@&#8203;Skn0tt](https://togithub.com/Skn0tt) made their first contribution in [https://github.com/nodejs/undici/pull/2625](https://togithub.com/nodejs/undici/pull/2625)

**Full Changelog**: nodejs/undici@v6.3.0...v6.4.0

### [`v6.3.0`](https://togithub.com/nodejs/undici/releases/tag/v6.3.0)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.2.1...v6.3.0)

#### What's Changed

-   Clear all timeout on destroy and close by [@&#8203;mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2535](https://togithub.com/nodejs/undici/pull/2535)
-   ConnectOptions should include 'origin' field by [@&#8203;dvoytenko](https://togithub.com/dvoytenko) in [https://github.com/nodejs/undici/pull/2532](https://togithub.com/nodejs/undici/pull/2532)
-   perf: avoid toLowerCase call by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2537](https://togithub.com/nodejs/undici/pull/2537)
-   revert [`a1a8136`](https://togithub.com/nodejs/undici/commit/a1a8136) by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2539](https://togithub.com/nodejs/undici/pull/2539)
-   docs: add Util to sidebar by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2529](https://togithub.com/nodejs/undici/pull/2529)
-   fix: call explicitly unregister by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2534](https://togithub.com/nodejs/undici/pull/2534)
-   fix: check the content-type of invalid formData by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2541](https://togithub.com/nodejs/undici/pull/2541)
-   Add request examples. by [@&#8203;autopulated](https://togithub.com/autopulated) in [https://github.com/nodejs/undici/pull/2380](https://togithub.com/nodejs/undici/pull/2380)
-   fix(HTTP/2): handle consumption of aborted request by [@&#8203;metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2387](https://togithub.com/nodejs/undici/pull/2387)
-   chore: update tst test by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2538](https://togithub.com/nodejs/undici/pull/2538)
-   fix(fetch): do not abort fetch on redirect by [@&#8203;angelyan](https://togithub.com/angelyan) in [https://github.com/nodejs/undici/pull/2545](https://togithub.com/nodejs/undici/pull/2545)
-   drop verifyVersion in scripts by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2549](https://togithub.com/nodejs/undici/pull/2549)
-   types: remove unused Client and Pool types by [@&#8203;RafaelGSS](https://togithub.com/RafaelGSS) in [https://github.com/nodejs/undici/pull/2557](https://togithub.com/nodejs/undici/pull/2557)
-   lib: fix Host header when CONNECT ProxyAgent by [@&#8203;RafaelGSS](https://togithub.com/RafaelGSS) in [https://github.com/nodejs/undici/pull/2556](https://togithub.com/nodejs/undici/pull/2556)
-   feat: port cookies tests to node runner by [@&#8203;pmarchini](https://togithub.com/pmarchini) in [https://github.com/nodejs/undici/pull/2547](https://togithub.com/nodejs/undici/pull/2547)
-   feat: port webidl tests to node test runner by [@&#8203;ilteoood](https://togithub.com/ilteoood) in [https://github.com/nodejs/undici/pull/2554](https://togithub.com/nodejs/undici/pull/2554)
-   perf: Improve percentDecode by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2562](https://togithub.com/nodejs/undici/pull/2562)
-   Fix parseHashWithOptions regex by [@&#8203;flapenna](https://togithub.com/flapenna) in [https://github.com/nodejs/undici/pull/2561](https://togithub.com/nodejs/undici/pull/2561)
-   feat: port diagnostic-channel tests to node test runner by [@&#8203;ilteoood](https://togithub.com/ilteoood) in [https://github.com/nodejs/undici/pull/2559](https://togithub.com/nodejs/undici/pull/2559)
-   feat: port websocket tests to node test runner by [@&#8203;ilteoood](https://togithub.com/ilteoood) in [https://github.com/nodejs/undici/pull/2553](https://togithub.com/nodejs/undici/pull/2553)
-   build(deps-dev): bump tsd from 0.29.0 to 0.30.1 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2551](https://togithub.com/nodejs/undici/pull/2551)
-   build(deps): bump actions/setup-node from 4.0.0 to 4.0.1 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2572](https://togithub.com/nodejs/undici/pull/2572)
-   build(deps): bump github/codeql-action from 2.22.5 to 3.22.12 by [@&#8203;dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2574](https://togithub.com/nodejs/undici/pull/2574)
-   Update `@matteo.collina/tspl` to 0.1.1 by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2576](https://togithub.com/nodejs/undici/pull/2576)
-   mark wpt as failing by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2581](https://togithub.com/nodejs/undici/pull/2581)
-   feat: port `abort-controller.js` tests to `node:test` runner by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2564](https://togithub.com/nodejs/undici/pull/2564)
-   fix data url test by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2580](https://togithub.com/nodejs/undici/pull/2580)
-   feat: port `async_hooks.js` tests to `node:test` runner by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2568](https://togithub.com/nodejs/undici/pull/2568)
-   feat: port `agent.js` tests to `node:test` runner by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2566](https://togithub.com/nodejs/undici/pull/2566)
-   feat: port `abort-event-emitter.js` tests to `node:test` runnner by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2565](https://togithub.com/nodejs/undici/pull/2565)
-   feat: port first half of fetch tests to node test runner by [@&#8203;anurag-roy](https://togithub.com/anurag-roy) in [https://github.com/nodejs/undici/pull/2569](https://togithub.com/nodejs/undici/pull/2569)
-   perf: bypass method validation by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2583](https://togithub.com/nodejs/undici/pull/2583)
-   fetch: warn when using patch method by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2577](https://togithub.com/nodejs/undici/pull/2577)
-   feat: port `autoselectfamily.js` tests to `node:test` runner by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2570](https://togithub.com/nodejs/undici/pull/2570)
-   feat: port remaining fetch tests to node test runner by [@&#8203;anurag-roy](https://togithub.com/anurag-roy) in [https://github.com/nodejs/undici/pull/2587](https://togithub.com/nodejs/undici/pull/2587)
-   fix: use isArrayBuffer instead of isAnyArrayBuffer by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2586](https://togithub.com/nodejs/undici/pull/2586)
-   Feat/migrate tests to node runner by [@&#8203;pmarchini](https://togithub.com/pmarchini) in [https://github.com/nodejs/undici/pull/2593](https://togithub.com/nodejs/undici/pull/2593)
-   abort request with reason if one is provided by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2592](https://togithub.com/nodejs/undici/pull/2592)
-   feat: port tst test to node test runner by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2595](https://togithub.com/nodejs/undici/pull/2595)
-   feat([#&#8203;2191](https://togithub.com/nodejs/undici/issues/2191)): Add support for `NODE_DEBUG` by [@&#8203;metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2585](https://togithub.com/nodejs/undici/pull/2585)
-   cacheStorage: fix bugs make wpts pass by [@&#8203;KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2596](https://togithub.com/nodejs/undici/pull/2596)
-   fix: non-object error in abort throws bad error by [@&#8203;atlowChemi](https://togithub.com/atlowChemi) in [https://github.com/nodejs/undici/pull/2597](https://togithub.com/nodejs/undici/pull/2597)
-   fix: add test helper for closing server as promise by [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) in [https://github.com/nodejs/undici/pull/2604](https://togithub.com/nodejs/undici/pull/2604)

#### New Contributors

-   [@&#8203;dvoytenko](https://togithub.com/dvoytenko) made their first contribution in [https://github.com/nodejs/undici/pull/2532](https://togithub.com/nodejs/undici/pull/2532)
-   [@&#8203;autopulated](https://togithub.com/autopulated) made their first contribution in [https://github.com/nodejs/undici/pull/2380](https://togithub.com/nodejs/undici/pull/2380)
-   [@&#8203;angelyan](https://togithub.com/angelyan) made their first contribution in [https://github.com/nodejs/undici/pull/2545](https://togithub.com/nodejs/undici/pull/2545)
-   [@&#8203;pmarchini](https://togithub.com/pmarchini) made their first contribution in [https://github.com/nodejs/undici/pull/2547](https://togithub.com/nodejs/undici/pull/2547)
-   [@&#8203;ilteoood](https://togithub.com/ilteoood) made their first contribution in [https://github.com/nodejs/undici/pull/2554](https://togithub.com/nodejs/undici/pull/2554)
-   [@&#8203;flapenna](https://togithub.com/flapenna) made their first contribution in [https://github.com/nodejs/undici/pull/2561](https://togithub.com/nodejs/undici/pull/2561)
-   [@&#8203;sosukesuzuki](https://togithub.com/sosukesuzuki) made their first contribution in [https://github.com/nodejs/undici/pull/2576](https://togithub.com/nodejs/undici/pull/2576)
-   [@&#8203;anurag-roy](https://togithub.com/anurag-roy) made their first contribution in [https://github.com/nodejs/undici/pull/2569](https://togithub.com/nodejs/undici/pull/2569)

**Full Changelog**: nodejs/undici@v6.2.1...v6.3.0

### [`v6.2.1`](https://togithub.com/nodejs/undici/releases/tag/v6.2.1)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.2.0...v6.2.1)

##### What's Changed

-   perf: use tree by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2528](https://togithub.com/nodejs/undici/pull/2528)
-   chore: reduce dependencies by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2533](https://togithub.com/nodejs/undici/pull/2533)
-   Remove timers in agent.js by [@&#8203;mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2536](https://togithub.com/nodejs/undici/pull/2536)

**Full Changelog**: nodejs/undici@v6.2.0...v6.2.1

### [`v6.2.0`](https://togithub.com/nodejs/undici/releases/tag/v6.2.0)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.1.0...v6.2.0)

#### What's Changed

-   Remove FinalizationRegistry from Agent by [@&#8203;mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2530](https://togithub.com/nodejs/undici/pull/2530)

**Full Changelog**: nodejs/undici@v6.1.0...v6.2.0

### [`v6.1.0`](https://togithub.com/nodejs/undici/releases/tag/v6.1.0)

[Compare Source](https://togithub.com/nodejs/undici/compare/v6.0.1...v6.1.0)

#### What's Changed

-   fix: more sensible stack trace from dump error by [@&#8203;ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2503](https://togithub.com/nodejs/undici/pull/2503)
-   refactor: remove some node compat by [@&#8203;ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2502](https://togithub.com/nodejs/undici/pull/2502)
-   refactor: version cleanup by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2507](https://togithub.com/nodejs/undici/pull/2507)
-   perf(fetch): Improve fetch of detaurl by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2479](https://togithub.com/nodejs/undici/pull/2479)
-   feat: expose parseHeader by [@&#8203;ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2511](https://togithub.com/nodejs/undici/pull/2511)
-   perf(fetch): optimize call `dispatch` by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2493](https://togithub.com/nodejs/undici/pull/2493)
-   perf(util/parseHeaders): If the header name is buffer by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2501](https://togithub.com/nodejs/undici/pull/2501)
-   perf: twice faster method check by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2495](https://togithub.com/nodejs/undici/pull/2495)
-   refactor: remove Error.captureStackTrace by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2509](https://togithub.com/nodejs/undici/pull/2509)
-   perf: Improve processHeader by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2513](https://togithub.com/nodejs/undici/pull/2513)
-   perf: reduce `String#toLowerCase` call by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2516](https://togithub.com/nodejs/undici/pull/2516)
-   perf: optimize consumeEnd by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2510](https://togithub.com/nodejs/undici/pull/2510)
-   perf: reduce tst built time by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2517](https://togithub.com/nodejs/undici/pull/2517)
-   feat: allow customization of build environment by [@&#8203;khardix](https://togithub.com/khardix) in [https://github.com/nodejs/undici/pull/2403](https://togithub.com/nodejs/undici/pull/2403)
-   fix: clear cache by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2519](https://togithub.com/nodejs/undici/pull/2519)
-   feat: Add resource timing entries for connection, request and response by [@&#8203;ToshB](https://togithub.com/ToshB) in [https://github.com/nodejs/undici/pull/2481](https://togithub.com/nodejs/undici/pull/2481)
-   Call fg.unregister() after a dispatcher is done, adds UNDICI_NO_FG to… by [@&#8203;mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2527](https://togithub.com/nodejs/undici/pull/2527)
-   feat: expose headerNameToString by [@&#8203;tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2525](https://togithub.com/nodejs/undici/pull/2525)

#### New Contributors

-   [@&#8203;khardix](https://togithub.com/khardix) made their first contribution in [https://github.com/nodejs/undici/pull/2403](https://togithub.com/nodejs/undici/pull/2403)

**Full Changelog**: nodejs/undici@v6.0.1...v6.1.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5In0=-->
@Brooooooklyn Brooooooklyn force-pushed the renovate/npm-undici-vulnerability branch from 682cef2 to b6f776c Compare February 20, 2024 06:14
Copy link
Contributor Author

renovate bot commented Feb 20, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@graphite-app graphite-app bot merged commit b6f776c into canary Feb 20, 2024
39 of 41 checks passed
@graphite-app graphite-app bot deleted the renovate/npm-undici-vulnerability branch February 20, 2024 06:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

1 participant