Update dependency undici to v5.26.2 #89

mend-for-github-com · 2024-03-07T09:06:33Z

This PR contains the following updates:

Package	Type	Update	Change
undici (source)	dependencies	minor	`5.20.0` -> `5.26.2`
undici (source)	dependencies	minor	`5.22.1` -> `5.26.2`

By merging this PR, the issue #56 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Low	3.5	CVE-2023-45143

nodejs/undici (undici)

Compare Source

Security Release, CVE-2023-45143.

Compare Source

Full Changelog: nodejs/undici@v5.26.0...v5.26.1

Compare Source

Full Changelog: nodejs/undici@v5.23.4...v5.26.0

Compare Source

Compare Source

Full Changelog: nodejs/undici@v5.25.2...v5.25.3

Compare Source

Full Changelog: nodejs/undici@v5.25.1...v5.25.2

Compare Source

Full Changelog: nodejs/undici@v5.25.0...v5.25.1

Compare Source

Full Changelog: nodejs/undici@v5.24.0...v5.25.0

Compare Source

Full Changelog: nodejs/undici@v5.23.0...v5.24.0

Compare Source

bump engines to node >= 16 by @ronag in https://github.com/nodejs/undici/pull/2119
Revert "bump engines to node >= 16 (#2119)" by @ronag in https://github.com/nodejs/undici/pull/2121
fetch: set referrer properly by @KhafraDev in https://github.com/nodejs/undici/pull/2125
fix: support truncated gzip by @jimmywarting in https://github.com/nodejs/undici/pull/2126
workflow: apply security best practices by @step-security-bot in https://github.com/nodejs/undici/pull/2130
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in https://github.com/nodejs/undici/pull/2135
build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by @dependabot in https://github.com/nodejs/undici/pull/2133
build(deps): bump node from 18-alpine to 20-alpine in /build by @dependabot in https://github.com/nodejs/undici/pull/2131
build(deps): bump pkgjs/action from 0.1.6 to 0.1.7 by @dependabot in https://github.com/nodejs/undici/pull/2136
build(deps): bump actions/checkout from 3.1.0 to 3.5.2 by @dependabot in https://github.com/nodejs/undici/pull/2132
build(deps-dev): bump jsdom from 21.1.2 to 22.1.0 by @dependabot in https://github.com/nodejs/undici/pull/2142
build(deps): bump fastify/github-action-merge-dependabot from 3.7.0 to 3.8.0 by @dependabot in https://github.com/nodejs/undici/pull/2148
fix(pr): use correct pr template file by @AugustinMauroy in https://github.com/nodejs/undici/pull/2141
Additional WebSocket send tests to cover all payload size categories by @jawj in https://github.com/nodejs/undici/pull/2149
fix: reverse decompression order of "Content-Encoding" encodings (fixes #2158) by @rychkog in https://github.com/nodejs/undici/pull/2159
fix: keep running WPTs if a test times out by @KhafraDev in https://github.com/nodejs/undici/pull/2165
feat: add build environment info by @mhdawson in https://github.com/nodejs/undici/pull/2168
fix: forward error reason to fetch controller by @KhafraDev in https://github.com/nodejs/undici/pull/2172
stricter types for bodymixin.json by @KhafraDev in https://github.com/nodejs/undici/pull/2181
chore: Renable autoSelectFamily tests. by @ShogunPanda in https://github.com/nodejs/undici/pull/2180
build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @dependabot in https://github.com/nodejs/undici/pull/2147
build(deps): bump github/codeql-action from 2.3.2 to 2.20.3 by @dependabot in https://github.com/nodejs/undici/pull/2185
fix: fetch resource timing performance entry names should be strings by @GaryWilber in https://github.com/nodejs/undici/pull/2188
build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in https://github.com/nodejs/undici/pull/2176
build(deps): bump fastify/github-action-merge-dependabot from 3.8.0 to 3.9.0 by @dependabot in https://github.com/nodejs/undici/pull/2177
build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in https://github.com/nodejs/undici/pull/2178
build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by @dependabot in https://github.com/nodejs/undici/pull/2175
test: fix autoselectfamily on platforms without IPv6 support by @LiviaMedeiros in https://github.com/nodejs/undici/pull/2197
fix: make multipart/form-data boundary string more consistent by @LiviaMedeiros in https://github.com/nodejs/undici/pull/2196
docs: add proxy agent options docs by @dancastillo in https://github.com/nodejs/undici/pull/2193
build(deps): bump github/codeql-action from 2.20.3 to 2.21.2 by @dependabot in https://github.com/nodejs/undici/pull/2205
feat: make use of addAbortListener where applicable by @atlowChemi in https://github.com/nodejs/undici/pull/2195

Full Changelog: nodejs/undici@v5.22.1...v5.23.0

Compare Source

Full Changelog: nodejs/undici@v5.22.0...v5.22.1

Compare Source

Full Changelog: nodejs/undici@v5.21.2...v5.22.0

Compare Source

Full Changelog: nodejs/undici@v5.21.1...v5.21.2

Compare Source

Full Changelog: nodejs/undici@v5.21.0...v5.21.1

Compare Source

Full Changelog: nodejs/undici@v5.20.0...v5.21.0

If you want to rebase/retry this PR, check this box

mend-for-github-com bot added the security fix Security fix generated by Mend label Mar 7, 2024

mend-for-github-com bot changed the title ~~Update dependency undici to v5.26.2~~ Update dependency undici to v5.26.2 - autoclosed Mar 7, 2024

mend-for-github-com bot closed this Mar 7, 2024

mend-for-github-com bot deleted the whitesource-remediate/undici-5.x-lockfile branch March 7, 2024 09:15

mend-for-github-com bot changed the title ~~Update dependency undici to v5.26.2 - autoclosed~~ Update dependency undici to v5.26.2 Mar 7, 2024

mend-for-github-com bot reopened this Mar 7, 2024

mend-for-github-com bot restored the whitesource-remediate/undici-5.x-lockfile branch March 7, 2024 09:24

mend-for-github-com bot force-pushed the whitesource-remediate/undici-5.x-lockfile branch from 0a653ea to 03dcff7 Compare March 7, 2024 09:27

mend-for-github-com bot mentioned this pull request Mar 7, 2024

Update dependency http-server to ^0.13.0 #83

Open

1 task

mend-for-github-com bot force-pushed the whitesource-remediate/undici-5.x-lockfile branch from 03dcff7 to 5be7a6f Compare March 11, 2024 06:49

Update dependency undici to v5.26.2

50b6897

mend-for-github-com bot force-pushed the whitesource-remediate/undici-5.x-lockfile branch from 5be7a6f to 50b6897 Compare March 11, 2024 08:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency undici to v5.26.2 #89

Update dependency undici to v5.26.2 #89

Update dependency undici to v5.26.2 #89

Are you sure you want to change the base?

Update dependency undici to v5.26.2 #89

Uh oh!

Conversation

mend-for-github-com bot commented Mar 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

Notable Changes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

Uh oh!

Uh oh!

mend-for-github-com bot commented Mar 7, 2024 •

edited

Loading