From 39c90a4428c1fed26491df6dfebb8c76e023f4d8 Mon Sep 17 00:00:00 2001 From: renovate <29139614+renovate@users.noreply.github.com> Date: Mon, 8 Apr 2024 01:42:52 +0000 Subject: [PATCH] chore: bump up undici version to v6.11.1 [SECURITY] (#6457) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`6.6.2` -> `6.11.1`](https://renovatebot.com/diffs/npm/undici/6.6.2/6.11.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/6.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/6.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/6.6.2/6.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/6.6.2/6.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-30260](https://togithub.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7) ### Impact Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. ### Patches This has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75. Fixes has been released in v5.28.4 and v6.11.1. ### Workarounds use `fetch()` or disable `maxRedirections`. ### References Linzi Shang reported this. * https://hackerone.com/reports/2408074 * https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3 #### [CVE-2024-30261](https://togithub.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672) ### Impact If an attacker can alter the `integrity` option passed to `fetch()`, they can let `fetch()` accept requests as valid even if they have been tampered. ### Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1. ### Workarounds Ensure that `integrity` cannot be tampered with. ### References https://hackerone.com/reports/2377760 --- ### Release Notes
nodejs/undici (undici) ### [`v6.11.1`](https://togithub.com/nodejs/undici/compare/v6.11.0...6df3c738d03dc4014a26640316bf699950d62024) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.11.0...v6.11.1) ### [`v6.11.0`](https://togithub.com/nodejs/undici/compare/v6.10.2...ee5f892f3955eaca37730ed30349153ba203e9cd) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.10.2...v6.11.0) ### [`v6.10.2`](https://togithub.com/nodejs/undici/releases/tag/v6.10.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.10.1...v6.10.2) ##### What's Changed - Do not fail test if streams support typed arrays by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2978](https://togithub.com/nodejs/undici/pull/2978) - fix(fetch): properly redirect non-ascii location header url by [@​Xvezda](https://togithub.com/Xvezda) in [https://github.com/nodejs/undici/pull/2971](https://togithub.com/nodejs/undici/pull/2971) - perf: Remove double-stringify in setCookie by [@​peterver](https://togithub.com/peterver) in [https://github.com/nodejs/undici/pull/2980](https://togithub.com/nodejs/undici/pull/2980) - \[fix [#​2982](https://togithub.com/nodejs/undici/issues/2982)] use DispatcherInterceptor type for Dispatcher#Compose by [@​clovis-guillemot](https://togithub.com/clovis-guillemot) in [https://github.com/nodejs/undici/pull/2983](https://togithub.com/nodejs/undici/pull/2983) - fix: make EventSource properties enumerable by [@​MattBidewell](https://togithub.com/MattBidewell) in [https://github.com/nodejs/undici/pull/2987](https://togithub.com/nodejs/undici/pull/2987) - docs: ✏️ fixed benchmark links by [@​benhalverson](https://togithub.com/benhalverson) in [https://github.com/nodejs/undici/pull/2991](https://togithub.com/nodejs/undici/pull/2991) - fix([#​2986](https://togithub.com/nodejs/undici/issues/2986)): bad start check by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2992](https://togithub.com/nodejs/undici/pull/2992) - fix(H2 Client): bind stream 'data' listener only after received 'response' event by [@​St3ffGv4](https://togithub.com/St3ffGv4) in [https://github.com/nodejs/undici/pull/2985](https://togithub.com/nodejs/undici/pull/2985) - feat: added search input by [@​benhalverson](https://togithub.com/benhalverson) in [https://github.com/nodejs/undici/pull/2993](https://togithub.com/nodejs/undici/pull/2993) - chore: validate responses can be consumed without a Content-Length or… by [@​jacob-ebey](https://togithub.com/jacob-ebey) in [https://github.com/nodejs/undici/pull/2995](https://togithub.com/nodejs/undici/pull/2995) - fix error message by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2998](https://togithub.com/nodejs/undici/pull/2998) - Revert "perf: reuse TextDecoder instance ([#​2863](https://togithub.com/nodejs/undici/issues/2863))" by [@​panva](https://togithub.com/panva) in [https://github.com/nodejs/undici/pull/2999](https://togithub.com/nodejs/undici/pull/2999) - test: remove only by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/3001](https://togithub.com/nodejs/undici/pull/3001) ##### New Contributors - [@​Xvezda](https://togithub.com/Xvezda) made their first contribution in [https://github.com/nodejs/undici/pull/2971](https://togithub.com/nodejs/undici/pull/2971) - [@​peterver](https://togithub.com/peterver) made their first contribution in [https://github.com/nodejs/undici/pull/2980](https://togithub.com/nodejs/undici/pull/2980) - [@​clovis-guillemot](https://togithub.com/clovis-guillemot) made their first contribution in [https://github.com/nodejs/undici/pull/2983](https://togithub.com/nodejs/undici/pull/2983) - [@​MattBidewell](https://togithub.com/MattBidewell) made their first contribution in [https://github.com/nodejs/undici/pull/2987](https://togithub.com/nodejs/undici/pull/2987) - [@​benhalverson](https://togithub.com/benhalverson) made their first contribution in [https://github.com/nodejs/undici/pull/2991](https://togithub.com/nodejs/undici/pull/2991) - [@​St3ffGv4](https://togithub.com/St3ffGv4) made their first contribution in [https://github.com/nodejs/undici/pull/2985](https://togithub.com/nodejs/undici/pull/2985) - [@​jacob-ebey](https://togithub.com/jacob-ebey) made their first contribution in [https://github.com/nodejs/undici/pull/2995](https://togithub.com/nodejs/undici/pull/2995) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.10.0...v6.10.2 ### [`v6.10.1`](https://togithub.com/nodejs/undici/compare/v6.10.0...dd3918fee4f90e02fb93ff1bc04e707144041938) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.10.0...v6.10.1) ### [`v6.10.0`](https://togithub.com/nodejs/undici/releases/tag/v6.10.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.9.0...v6.10.0) #### What's Changed - test: fix flakyness of issue-803 test by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2960](https://togithub.com/nodejs/undici/pull/2960) - Cleanup format by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2959](https://togithub.com/nodejs/undici/pull/2959) - Chore: run tests daily against node nightly by [@​mweberxyz](https://togithub.com/mweberxyz) in [https://github.com/nodejs/undici/pull/2969](https://togithub.com/nodejs/undici/pull/2969) - fix: fix retry handler option by [@​acommodari](https://togithub.com/acommodari) in [https://github.com/nodejs/undici/pull/2962](https://togithub.com/nodejs/undici/pull/2962) - build(deps): bump node from `4999fa1` to `577f8eb` in /build by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2974](https://togithub.com/nodejs/undici/pull/2974) - feat(TS): add types for composed dispatchers by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2967](https://togithub.com/nodejs/undici/pull/2967) - fix: count for error response and network errors by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2966](https://togithub.com/nodejs/undici/pull/2966) #### New Contributors - [@​mweberxyz](https://togithub.com/mweberxyz) made their first contribution in [https://github.com/nodejs/undici/pull/2969](https://togithub.com/nodejs/undici/pull/2969) - [@​acommodari](https://togithub.com/acommodari) made their first contribution in [https://github.com/nodejs/undici/pull/2962](https://togithub.com/nodejs/undici/pull/2962) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.9.0...v6.10.0 ### [`v6.9.0`](https://togithub.com/nodejs/undici/releases/tag/v6.9.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.8.0...v6.9.0) #### What's Changed - feat: add new dispatch compose by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2826](https://togithub.com/nodejs/undici/pull/2826) - ci: add macos-latest to test-matrix by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2952](https://togithub.com/nodejs/undici/pull/2952) - types: align RequestInit.body type with lib.dom.ts by [@​jdufresne](https://togithub.com/jdufresne) in [https://github.com/nodejs/undici/pull/2956](https://togithub.com/nodejs/undici/pull/2956) - ci: pin versions of github actions by [@​UlisesGascon](https://togithub.com/UlisesGascon) in [https://github.com/nodejs/undici/pull/2957](https://togithub.com/nodejs/undici/pull/2957) - fetch: improve output for FormData, Response, Request by [@​mertcanaltin](https://togithub.com/mertcanaltin) in [https://github.com/nodejs/undici/pull/2955](https://togithub.com/nodejs/undici/pull/2955) - perf: optimize collectASequenceOfBytes by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2958](https://togithub.com/nodejs/undici/pull/2958) #### New Contributors - [@​jdufresne](https://togithub.com/jdufresne) made their first contribution in [https://github.com/nodejs/undici/pull/2956](https://togithub.com/nodejs/undici/pull/2956) - [@​UlisesGascon](https://togithub.com/UlisesGascon) made their first contribution in [https://github.com/nodejs/undici/pull/2957](https://togithub.com/nodejs/undici/pull/2957) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.8.0...v6.9.0 ### [`v6.8.0`](https://togithub.com/nodejs/undici/releases/tag/v6.8.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.7.1...v6.8.0) #### What's Changed - fix: send correct SNI for proxy connections by [@​chrros95](https://togithub.com/chrros95) in [https://github.com/nodejs/undici/pull/2939](https://togithub.com/nodejs/undici/pull/2939) - build(deps): bump node from `8bf9240` to `7bfef1d` in /build by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2937](https://togithub.com/nodejs/undici/pull/2937) - fetch: improve util.inspect output for web specifications by [@​mertcanaltin](https://togithub.com/mertcanaltin) in [https://github.com/nodejs/undici/pull/2938](https://togithub.com/nodejs/undici/pull/2938) - ci: fix broken ci on windows and node v21 because of libuv bug by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2941](https://togithub.com/nodejs/undici/pull/2941) - perf: improve getResolveErrorBodyCallback by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2940](https://togithub.com/nodejs/undici/pull/2940) - fix: don't assign kAgent twice by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2942](https://togithub.com/nodejs/undici/pull/2942) - perf: dump immediatly if known size exceeds limit by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2882](https://togithub.com/nodejs/undici/pull/2882) - build(deps): bump node from `7bfef1d` to `4999fa1` in /build by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2946](https://togithub.com/nodejs/undici/pull/2946) - try to fix windows failure by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2950](https://togithub.com/nodejs/undici/pull/2950) - perf: improve parsing form-data by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2944](https://togithub.com/nodejs/undici/pull/2944) #### New Contributors - [@​chrros95](https://togithub.com/chrros95) made their first contribution in [https://github.com/nodejs/undici/pull/2939](https://togithub.com/nodejs/undici/pull/2939) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.7.1...v6.8.0 ### [`v6.7.1`](https://togithub.com/nodejs/undici/releases/tag/v6.7.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.7.0...v6.7.1) #### What's Changed - fetch: use EOL of os-module by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2915](https://togithub.com/nodejs/undici/pull/2915) - ci: only send codecov from ubuntu and node by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2914](https://togithub.com/nodejs/undici/pull/2914) - tests: improve skip for unix.js tests, remove skipped tests by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2916](https://togithub.com/nodejs/undici/pull/2916) - chore: fix typo in isHistoryNavigation comments by [@​kachick](https://togithub.com/kachick) in [https://github.com/nodejs/undici/pull/2920](https://togithub.com/nodejs/undici/pull/2920) - fix(benchmark): set body correctly by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2918](https://togithub.com/nodejs/undici/pull/2918) - chore: increase test coverage to 100% for /lib/api/api-request.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2912](https://togithub.com/nodejs/undici/pull/2912) - fix: chunksDecode cuts off 3 characters at the end if having BOM by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2922](https://togithub.com/nodejs/undici/pull/2922) - docs: clarify URI parsing behavior of ProxyAgent constructor by [@​rossilor95](https://togithub.com/rossilor95) in [https://github.com/nodejs/undici/pull/2893](https://togithub.com/nodejs/undici/pull/2893) - implement sync formdata parser by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2911](https://togithub.com/nodejs/undici/pull/2911) - Fix docs links and add examples to sidebar by [@​tastypackets](https://togithub.com/tastypackets) in [https://github.com/nodejs/undici/pull/2895](https://togithub.com/nodejs/undici/pull/2895) - doc: update diagnostics channel request headers type change by [@​jessezhang91](https://togithub.com/jessezhang91) in [https://github.com/nodejs/undici/pull/2925](https://togithub.com/nodejs/undici/pull/2925) - perf: optimize getResolveErrorBodyCallback by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2921](https://togithub.com/nodejs/undici/pull/2921) - override request dispatcher from init by [@​matthieusieben](https://togithub.com/matthieusieben) in [https://github.com/nodejs/undici/pull/2928](https://togithub.com/nodejs/undici/pull/2928) - add busboy tests by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2924](https://togithub.com/nodejs/undici/pull/2924) - fix(benchmark): make it fair by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2929](https://togithub.com/nodejs/undici/pull/2929) - Revert "chore: remove no-simd wasm" by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2935](https://togithub.com/nodejs/undici/pull/2935) - build(deps): bump node from `d3271e4` to `8bf9240` in /build by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2936](https://togithub.com/nodejs/undici/pull/2936) - Flip link between docs and README by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2933](https://togithub.com/nodejs/undici/pull/2933) #### New Contributors - [@​kachick](https://togithub.com/kachick) made their first contribution in [https://github.com/nodejs/undici/pull/2920](https://togithub.com/nodejs/undici/pull/2920) - [@​tastypackets](https://togithub.com/tastypackets) made their first contribution in [https://github.com/nodejs/undici/pull/2895](https://togithub.com/nodejs/undici/pull/2895) - [@​jessezhang91](https://togithub.com/jessezhang91) made their first contribution in [https://github.com/nodejs/undici/pull/2925](https://togithub.com/nodejs/undici/pull/2925) - [@​matthieusieben](https://togithub.com/matthieusieben) made their first contribution in [https://github.com/nodejs/undici/pull/2928](https://togithub.com/nodejs/undici/pull/2928) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.7.0...v6.7.1 ### [`v6.7.0`](https://togithub.com/nodejs/undici/releases/tag/v6.7.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.6.2...v6.7.0) #### What's Changed - test: remove t.diagnostics() calls in push-dont-push.js test by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2715](https://togithub.com/nodejs/undici/pull/2715) - fix: fix flaky debug test by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2714](https://togithub.com/nodejs/undici/pull/2714) - fix: HTTP2 tweaks by [@​metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2711](https://togithub.com/nodejs/undici/pull/2711) - test: improve cookie tests by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2693](https://togithub.com/nodejs/undici/pull/2693) - test: response.url after redirect is set to target url by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2716](https://togithub.com/nodejs/undici/pull/2716) - chore: remove mocha and chai by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2696](https://togithub.com/nodejs/undici/pull/2696) - test: replace t.pass with t.ok by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2721](https://togithub.com/nodejs/undici/pull/2721) - perf: remove redundant operation in FormData by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2726](https://togithub.com/nodejs/undici/pull/2726) - Add support for passing iterable objects as headers by [@​JaoodxD](https://togithub.com/JaoodxD) in [https://github.com/nodejs/undici/pull/2708](https://togithub.com/nodejs/undici/pull/2708) - chore: refine esbuild & node detection by [@​mochaaP](https://togithub.com/mochaaP) in [https://github.com/nodejs/undici/pull/2677](https://togithub.com/nodejs/undici/pull/2677) - chore: rephrase some comments by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2717](https://togithub.com/nodejs/undici/pull/2717) - test: replace t.type with t.ok and instanceof by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2720](https://togithub.com/nodejs/undici/pull/2720) - remove useless options in web streams by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2729](https://togithub.com/nodejs/undici/pull/2729) - Let's add superagent to the benchmark. closes [#​2730](https://togithub.com/nodejs/undici/issues/2730) by [@​eddienubes](https://togithub.com/eddienubes) in [https://github.com/nodejs/undici/pull/2731](https://togithub.com/nodejs/undici/pull/2731) - convert node build to latin1 by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2673](https://togithub.com/nodejs/undici/pull/2673) - simplify formData body parsing by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2735](https://togithub.com/nodejs/undici/pull/2735) - chore: migrate a batch of tests to node test runner no. 1 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2719](https://togithub.com/nodejs/undici/pull/2719) - chore: migrate a batch of tests to node test runner no. 2 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2737](https://togithub.com/nodejs/undici/pull/2737) - chore: migrate a batch of tests to node test runner no. 4 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2739](https://togithub.com/nodejs/undici/pull/2739) - chore: migrate a batch of tests to node test runner no. 5 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2740](https://togithub.com/nodejs/undici/pull/2740) - chore: migrate a batch of tests to node test runner no. 3 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2738](https://togithub.com/nodejs/undici/pull/2738) - chore: migrate a batch of tests to node test runner no. 6 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2741](https://togithub.com/nodejs/undici/pull/2741) - chore: migrate a batch of tests to node test runner no. 8 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2744](https://togithub.com/nodejs/undici/pull/2744) - chore: migrate a batch of tests to node test runner no. 7 by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2742](https://togithub.com/nodejs/undici/pull/2742) - build(deps-dev): bump cronometro from 2.0.2 to 3.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2749](https://togithub.com/nodejs/undici/pull/2749) - perf: always use the same prototype Iterator by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2743](https://togithub.com/nodejs/undici/pull/2743) - chore: migrate a batch of tests to node test runner no. 9, remove tap by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2746](https://togithub.com/nodejs/undici/pull/2746) - chore: remove usage of http-errors in proxy example by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2753](https://togithub.com/nodejs/undici/pull/2753) - fix: dont ship wasm files of llhttp via npm by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2752](https://togithub.com/nodejs/undici/pull/2752) - fix: handle request body as late as possible by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2734](https://togithub.com/nodejs/undici/pull/2734) - perf(tree): avoid recursive calls by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2755](https://togithub.com/nodejs/undici/pull/2755) - docs: fix favicon by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2758](https://togithub.com/nodejs/undici/pull/2758) - chore: use mermaid engine and mermaid in markdown by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2759](https://togithub.com/nodejs/undici/pull/2759) - chore: remove sinon dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2767](https://togithub.com/nodejs/undici/pull/2767) - tests: skip test/node-test/debug on node 21.6.2 and windows by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2765](https://togithub.com/nodejs/undici/pull/2765) - chore: improve usage of skip in tests by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2761](https://togithub.com/nodejs/undici/pull/2761) - feat: improve mock error breadcrumbs by [@​rossilor95](https://togithub.com/rossilor95) in [https://github.com/nodejs/undici/pull/2774](https://togithub.com/nodejs/undici/pull/2774) - expose MessageEvent in fetch bundle by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2770](https://togithub.com/nodejs/undici/pull/2770) - test: always exit with 0 when running in Node's Daily WPT Report CI job by [@​panva](https://togithub.com/panva) in [https://github.com/nodejs/undici/pull/2778](https://togithub.com/nodejs/undici/pull/2778) - fix: add node prefix for util to fix issue in env with min version node 18 by [@​riderx](https://togithub.com/riderx) in [https://github.com/nodejs/undici/pull/2775](https://togithub.com/nodejs/undici/pull/2775) - perf: improve perf of parseRawHeaders by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2781](https://togithub.com/nodejs/undici/pull/2781) - fix: make mock-agent.js test more resilient by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2780](https://togithub.com/nodejs/undici/pull/2780) - chore: make some test run even without internet connection by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2786](https://togithub.com/nodejs/undici/pull/2786) - mock: improve validateReplyParameters by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2783](https://togithub.com/nodejs/undici/pull/2783) - perf: improve TernarySearchTree by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2782](https://togithub.com/nodejs/undici/pull/2782) - fix: convert HeadersInit to sequence/dictionary correctly by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2784](https://togithub.com/nodejs/undici/pull/2784) - chore: improve getFieldValue by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2785](https://togithub.com/nodejs/undici/pull/2785) - Add RetryHandler to sidebar by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2797](https://togithub.com/nodejs/undici/pull/2797) - Add RetryAgent by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2798](https://togithub.com/nodejs/undici/pull/2798) - build(deps): bump step-security/harden-runner from 2.6.0 to 2.7.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2690](https://togithub.com/nodejs/undici/pull/2690) - build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2393](https://togithub.com/nodejs/undici/pull/2393) - build(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2799](https://togithub.com/nodejs/undici/pull/2799) - build(deps): bump node from 20-alpine to 21-alpine in /build by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2803](https://togithub.com/nodejs/undici/pull/2803) - perf: improve sort algorithm by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2756](https://togithub.com/nodejs/undici/pull/2756) - refactor: move web stuff into their own folder by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2793](https://togithub.com/nodejs/undici/pull/2793) - `s/ dispactgher/dispatcher/` by [@​steveluscher](https://togithub.com/steveluscher) in [https://github.com/nodejs/undici/pull/2807](https://togithub.com/nodejs/undici/pull/2807) - Use paralellelRequests instead of connections to calculate req/sec in benchmarks by [@​mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2800](https://togithub.com/nodejs/undici/pull/2800) - Split out documentation into separate directory by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2788](https://togithub.com/nodejs/undici/pull/2788) - build(deps): bump fastify/github-action-merge-dependabot from 3.9.1 to 3.10.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2820](https://togithub.com/nodejs/undici/pull/2820) - build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2821](https://togithub.com/nodejs/undici/pull/2821) - build(deps): bump github/codeql-action from 3.23.2 to 3.24.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2818](https://togithub.com/nodejs/undici/pull/2818) - build(deps): bump actions/setup-node from 4.0.1 to 4.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2819](https://togithub.com/nodejs/undici/pull/2819) - fix: move CNAME and .nojekyll to root by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2822](https://togithub.com/nodejs/undici/pull/2822) - remove all fetchParam event handlers by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2823](https://togithub.com/nodejs/undici/pull/2823) - feat: refactor ProxyAgent constructor to also accept single URL argument by [@​rossilor95](https://togithub.com/rossilor95) in [https://github.com/nodejs/undici/pull/2810](https://togithub.com/nodejs/undici/pull/2810) - fix: isCTLExcludingHtab by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2790](https://togithub.com/nodejs/undici/pull/2790) - refactor: move files into logical folders by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2813](https://togithub.com/nodejs/undici/pull/2813) - refactor: move fixed-queeu to dispatcher and rm node folder by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2827](https://togithub.com/nodejs/undici/pull/2827) - chore: create package.json in benchmarks by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2766](https://togithub.com/nodejs/undici/pull/2766) - build(deps): bump github/codeql-action from 3.24.4 to 3.24.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2829](https://togithub.com/nodejs/undici/pull/2829) - chore: use lts for pubish types workflow by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2830](https://togithub.com/nodejs/undici/pull/2830) - add dispatcher option to Request by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2831](https://togithub.com/nodejs/undici/pull/2831) - fix url referrer wpt by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2832](https://togithub.com/nodejs/undici/pull/2832) - refactor: remove own sort logic by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2834](https://togithub.com/nodejs/undici/pull/2834) - fix(fetch): prevent crash when `fetch` is aborted with `null` as the `AbortSignal's` `reason` by [@​steveluscher](https://togithub.com/steveluscher) in [https://github.com/nodejs/undici/pull/2833](https://togithub.com/nodejs/undici/pull/2833) - refactor: avoid http2 dynamic dispatch in socket handlers by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2839](https://togithub.com/nodejs/undici/pull/2839) - build(deps-dev): bump proxy from 1.0.2 to 2.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2137](https://togithub.com/nodejs/undici/pull/2137) - perf(tree): reduce overhead of build TernarySearchTree by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2840](https://togithub.com/nodejs/undici/pull/2840) - webidl: implement resizable arraybuffer checks by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2094](https://togithub.com/nodejs/undici/pull/2094) - websocket server only needs to reply with a single subprotocol by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2845](https://togithub.com/nodejs/undici/pull/2845) - unite webidl stringification by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2843](https://togithub.com/nodejs/undici/pull/2843) - fix: deflake connect-timeout test by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2851](https://togithub.com/nodejs/undici/pull/2851) - fix: coverage reporting by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2763](https://togithub.com/nodejs/undici/pull/2763) - fix: pipelining logic is not relevant for h2 by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2850](https://togithub.com/nodejs/undici/pull/2850) - processBody doesn't need to return a promise by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2858](https://togithub.com/nodejs/undici/pull/2858) - refactor: split client into client-h1/h2 by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2848](https://togithub.com/nodejs/undici/pull/2848) - ci: fix concurrency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2862](https://togithub.com/nodejs/undici/pull/2862) - perf: improve performance of isValidSubprotocol by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2861](https://togithub.com/nodejs/undici/pull/2861) - perf: reuse TextDecoder instance by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2863](https://togithub.com/nodejs/undici/pull/2863) - chore: restructure benchmarks, use kebab-case by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2864](https://togithub.com/nodejs/undici/pull/2864) - cookies: improve perf of toIMFDate by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2867](https://togithub.com/nodejs/undici/pull/2867) - cookies: fix validateCookiePath by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2866](https://togithub.com/nodejs/undici/pull/2866) - refactor: move out more h2 from core client by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2860](https://togithub.com/nodejs/undici/pull/2860) - mock: improve test coverage of buildHeadersFromArray by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2872](https://togithub.com/nodejs/undici/pull/2872) - fix: remove broken build request hack by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2874](https://togithub.com/nodejs/undici/pull/2874) - chore: filenames should use kebab-case by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2873](https://togithub.com/nodejs/undici/pull/2873) - refactor: split out last h1 specific code from core by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2876](https://togithub.com/nodejs/undici/pull/2876) - fix: make pipelining limit work for h2 by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2875](https://togithub.com/nodejs/undici/pull/2875) - fix: http2 doesn't have pipelining queue by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2878](https://togithub.com/nodejs/undici/pull/2878) - fix: minor connect cleanup by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2877](https://togithub.com/nodejs/undici/pull/2877) - Request headers types by [@​JaoodxD](https://togithub.com/JaoodxD) in [https://github.com/nodejs/undici/pull/2879](https://togithub.com/nodejs/undici/pull/2879) - ci: remove concurrency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2880](https://togithub.com/nodejs/undici/pull/2880) - fix: prefer queueMicrotask by [@​ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2881](https://togithub.com/nodejs/undici/pull/2881) - chore: remove no-simd wasm by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2871](https://togithub.com/nodejs/undici/pull/2871) - cookies: improve validateCookieValue by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2883](https://togithub.com/nodejs/undici/pull/2883) - cookies: improve validateCookieName by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2884](https://togithub.com/nodejs/undici/pull/2884) - Properly parse set-cookie header using http2 by [@​jeanp413](https://togithub.com/jeanp413) in [https://github.com/nodejs/undici/pull/2886](https://togithub.com/nodejs/undici/pull/2886) - doc deprecate bodymixin.formData by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2892](https://togithub.com/nodejs/undici/pull/2892) - perf: optimize check invalid field-vchar by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2889](https://togithub.com/nodejs/undici/pull/2889) - build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2897](https://togithub.com/nodejs/undici/pull/2897) - fix issue 2898 by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2900](https://togithub.com/nodejs/undici/pull/2900) - tests: ignore catch block when requiring crypto module by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2901](https://togithub.com/nodejs/undici/pull/2901) - websocket: remove dead code in parseCloseBody by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2902](https://togithub.com/nodejs/undici/pull/2902) - fix: tests dont need process.exit by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2909](https://togithub.com/nodejs/undici/pull/2909) - chore: remove proxyquire by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2906](https://togithub.com/nodejs/undici/pull/2906) - chore: remove import-fresh as devDependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2908](https://togithub.com/nodejs/undici/pull/2908) - perf(headers): a single set-cookie by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2903](https://togithub.com/nodejs/undici/pull/2903) - websocket: improve .close() by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2865](https://togithub.com/nodejs/undici/pull/2865) - feat: add sending data benchmark by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2905](https://togithub.com/nodejs/undici/pull/2905) - ci: integrate workflows into nodejs.yml by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2899](https://togithub.com/nodejs/undici/pull/2899) #### New Contributors - [@​JaoodxD](https://togithub.com/JaoodxD) made their first contribution in [https://github.com/nodejs/undici/pull/2708](https://togithub.com/nodejs/undici/pull/2708) - [@​eddienubes](https://togithub.com/eddienubes) made their first contribution in [https://github.com/nodejs/undici/pull/2731](https://togithub.com/nodejs/undici/pull/2731) - [@​riderx](https://togithub.com/riderx) made their first contribution in [https://github.com/nodejs/undici/pull/2775](https://togithub.com/nodejs/undici/pull/2775) - [@​steveluscher](https://togithub.com/steveluscher) made their first contribution in [https://github.com/nodejs/undici/pull/2807](https://togithub.com/nodejs/undici/pull/2807) - [@​jeanp413](https://togithub.com/jeanp413) made their first contribution in [https://github.com/nodejs/undici/pull/2886](https://togithub.com/nodejs/undici/pull/2886) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.6.2...v6.7.0
--- ### Configuration πŸ“… **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. β™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. πŸ”• **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE). --- yarn.lock | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/yarn.lock b/yarn.lock index 6dc9399197a81..418f98ea1d43e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -34554,20 +34554,18 @@ __metadata: linkType: hard "undici@npm:^5.28.2": - version: 5.28.3 - resolution: "undici@npm:5.28.3" + version: 5.28.4 + resolution: "undici@npm:5.28.4" dependencies: "@fastify/busboy": "npm:^2.0.0" - checksum: 10/779856ce14ba6907c0759df8e4babd61608b1f502569d44de7dd1d014afb7c67a0a2997b4f706e0daff8a55d87ee2f25b830b195fc0202cb6fbd25abe2d941eb + checksum: 10/a666a9f5ac4270c659fafc33d78b6b5039a0adbae3e28f934774c85dcc66ea91da907896f12b414bd6f578508b44d5dc206fa636afa0e49a4e1c9e99831ff065 languageName: node linkType: hard "undici@npm:^6.6.2": - version: 6.6.2 - resolution: "undici@npm:6.6.2" - dependencies: - "@fastify/busboy": "npm:^2.0.0" - checksum: 10/e08ac9c279d4e4ee1249d30e6e0671f008e156d8ef224bbe3329ef5c5e10197a9e9dbf87c14e44deaffe2802c10bee66c8687d60ff07179b2e18cd5ef454b5c6 + version: 6.11.1 + resolution: "undici@npm:6.11.1" + checksum: 10/129480684630e5723b7f4a946c1d9f8120f9b5697cb2032d791d1e3d2898a90eed0ed63c6ef5641502569dca0112759948564354a932c8172fc96845aaf2dd28 languageName: node linkType: hard