chore(deps): update dependency undici to v7#95
Open
tradeshift-renovate[bot] wants to merge 4 commits intomainfrom
Open
chore(deps): update dependency undici to v7#95tradeshift-renovate[bot] wants to merge 4 commits intomainfrom
tradeshift-renovate[bot] wants to merge 4 commits intomainfrom
Conversation
tradeshift-renovate bot added dependencies 
tssecurity approved these changes Nov 27, 2024
tradeshiftcicomponents force-pushed the main branch from 7e4c5ac to 7eab6e3 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from dd7c28d to 38a2c9d Compare tradeshiftcicomponents force-pushed the main branch from 7eab6e3 to 7b95ec3 Compare tradeshiftcicomponents force-pushed the main branch 2 times, most recently from 899a436 to 15cd0c0 Compare tradeshiftcicomponents force-pushed the main branch from 15cd0c0 to 5a8e92d Compare tradeshiftcicomponents force-pushed the main branch 2 times, most recently from 961a838 to 199a065 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from 38a2c9d to aa42b6d Compare tradeshiftcicomponents force-pushed the main branch from 199a065 to ef9255e Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from aa42b6d to d448536 Compare tradeshiftcicomponents force-pushed the main branch from ef9255e to 4f489d9 Compare tradeshiftcicomponents force-pushed the main branch from 4f489d9 to 3a45d62 Compare tradeshiftcicomponents force-pushed the main branch from 3a45d62 to e167fef Compare tradeshiftcicomponents force-pushed the main branch from e167fef to fad2a4b Compare tradeshiftcicomponents force-pushed the main branch 2 times, most recently from 32d3584 to d7d935a Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from d448536 to 6694d80 Compare tradeshiftcicomponents force-pushed the main branch from d7d935a to 3a77295 Compare tradeshiftcicomponents force-pushed the main branch from 3a77295 to 23a6388 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from 6694d80 to 583e6e3 Compare tradeshiftcicomponents force-pushed the main branch 2 times, most recently from 4c0d0bb to b7dd623 Compare tradeshiftcicomponents force-pushed the main branch from b7dd623 to 2441979 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from 583e6e3 to 0ec81a5 Compare tradeshiftcicomponents force-pushed the main branch from 2441979 to e953142 Compare tradeshiftcicomponents force-pushed the main branch from e953142 to a9110a2 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from e7f0b7e to 215d7f9 Compare tradeshiftcicomponents force-pushed the main branch 2 times, most recently from 94dd34d to 6f46d1b Compare tradeshiftcicomponents force-pushed the main branch from 6f46d1b to 4090a33 Compare tradeshiftcicomponents force-pushed the main branch from 4090a33 to 70ba8a2 Compare tradeshiftcicomponents force-pushed the main branch 2 times, most recently from 205c39a to b970022 Compare tradeshiftcicomponents force-pushed the main branch from b970022 to 4d386a6 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from 215d7f9 to e13c808 Compare tradeshiftcicomponents force-pushed the main branch from 4d386a6 to d7ff59a Compare tradeshiftcicomponents force-pushed the main branch from d7ff59a to 826c867 Compare tradeshiftcicomponents force-pushed the main branch from 826c867 to a9c8e70 Compare tradeshiftcicomponents force-pushed the main branch from a9c8e70 to a079b7b Compare tradeshiftcicomponents force-pushed the main branch from a079b7b to 7fd0dd9 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from e13c808 to 3072ee5 Compare tradeshiftcicomponents force-pushed the main branch from 7fd0dd9 to 548d32a Compare tradeshiftcicomponents force-pushed the main branch from 548d32a to db644fe Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from 3072ee5 to e76456f Compare tradeshiftcicomponents force-pushed the main branch from db644fe to 9feb3ea Compare tradeshiftcicomponents force-pushed the main branch from 9feb3ea to c733fea Compare tradeshiftcicomponents force-pushed the main branch 2 times, most recently from a819553 to 8dc4d68 Compare 
This PR changes the ownership of this repo to SRE, as the developer productivity team doesn't exist anymore.
tradeshiftcicomponents force-pushed the main branch from 8dc4d68 to 3187923 Compare tradeshift-renovate bot force-pushed the renovate/undici-7.x branch from e76456f to b6f9b82 Compare tradeshiftcicomponents force-pushed the main branch from 3187923 to 4614fd8 Compare Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^6.24.0->^7.24.3Release Notes
nodejs/undici (undici)
v7.24.3Compare Source
What's Changed
Full Changelog: nodejs/undici@v7.24.2...v7.24.3
v7.24.2Compare Source
What's Changed
Full Changelog: nodejs/undici@v7.24.1...v7.24.2
v7.24.1Compare Source
What's Changed
Full Changelog: nodejs/undici@v7.24.0...v7.24.1
v7.24.0Compare Source
Undici v7.24.0 Security Release Notes
This release addresses multiple security vulnerabilities in Undici.
Upgrade guidance
All users on v7 should upgrade to v7.24.0 or later.
Fixed advisories
GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
Inconsistent interpretation of HTTP requests (request/response smuggling class issue).
GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
Malicious WebSocket 64-bit frame length handling could crash the client.
GHSA-phc3-fgpg-7m6h / CVE-2026-2581 (Medium)
Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).
GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
CRLF injection via the
upgradeoption.GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
Unhandled exception from invalid
server_max_window_bitsin WebSocket permessage-deflate negotiation.GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
Unbounded memory consumption in WebSocket permessage-deflate decompression.
Affected and patched ranges
7.0.0 < 7.24.0, patched7.24.07.0.0 < 7.24.0, patched7.24.0>= 7.17.0 < 7.24.0, patched7.24.07.0.0 < 7.24.0, patched7.24.07.0.0 < 7.24.0, patched7.24.07.0.0 < 7.24.0, patched7.24.0References
v7.23.0Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v7.22.0...v7.23.0
v7.22.0Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v7.21.0...v7.22.0
v7.21.0Compare Source
What's Changed
closemethod to WebSocketStream interface by @piotr-cz in https://github.com/nodejs/undici/pull/4802New Contributors
Full Changelog: nodejs/undici@v7.20.0...v7.21.0
v7.20.0Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v7.19.2...v7.20.0
v7.19.2Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v7.19.1...v7.19.2
v7.19.1Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v7.19.0...v7.19.1
v7.19.0Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v7.18.2...v7.19.0
v7.18.2Compare Source
This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.
What's Changed
Full Changelog: nodejs/undici@v7.18.1...v7.18.2
v7.18.1Compare Source
What's Changed
Full Changelog: nodejs/undici@v7.18.0...v7.18.1
v7.18.0Compare Source
What's Changed
Full Changelog: nodejs/undici@v7.17.0...v7.18.0
v7.17.0Compare Source
What's Changed
'node:'prefix for requiring node built-ins by @Uzlopak in https://github.com/nodejs/undici/pull/4547statusinResponse.redirectby @gineika in https://github.com/nodejs/undici/pull/4591304 not modifiedreply upon revalidation did not update cache. by @daan944 in https://github.com/nodejs/undici/pull/4617New Contributors
Full Changelog: nodejs/undici@v7.16.0...v7.17.0
v7.16.0Compare Source
What's Changed
[kClose]and[kDestroy], only return Promise by @Uzlopak in https://github.com/nodejs/undici/pull/4450client.connect()sync by @Uzlopak in https://github.com/nodejs/undici/pull/4455BodyReadable.dumpby @Uzlopak in https://github.com/nodejs/undici/pull/4459[]instead of new Array(0) by @Uzlopak in https://github.com/nodejs/undici/pull/4435Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻️ Rebasing: Never, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.