apollo-datasource-http icon indicating copy to clipboard operation
apollo-datasource-http copied to clipboard

Published 20 hours ago verified publisher icon StarpTech

[Security] Upgrade Undici dependency to latest version

Open Dieman89 opened this issue 3 years ago • 0 comments

Detailed paths

Introduced through: › [email protected][email protected] Fix: Upgrade to [email protected]

Overview

undici is an An HTTP/1.1 client, written from scratch for Node.js

Affected versions of this package are vulnerable to Improper Certificate Validation due to Undici.ProxyAgent missing verification of the remote server's certificate, which leads to exposure of all the requests and responses data to the proxy.

Dieman89 avatar Jun 24 '22 09:06 Dieman89