snync
snync copied to clipboard
snyk-labs
[Snyk] Upgrade undici from 5.10.0 to 5.29.0
Snyk has created this PR to upgrade undici from 5.10.0 to 5.29.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
-
The recommended version is 49 versions ahead of your current version.
-
The recommended version was released 3 months ago.
Issues fixed by the recommended upgrade:
| Issue | Score | Exploit Maturity | |
|---|---|---|---|
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-UNDICI-3323845 |
76 | Proof of Concept |
|
Insecure Randomness SNYK-JS-UNDICI-8641354 |
76 | Proof of Concept |
 |
CRLF Injection SNYK-JS-UNDICI-3323844 |
76 | Proof of Concept |
 |
Missing Release of Memory after Effective Lifetime SNYK-JS-UNDICI-10176064 |
76 | Proof of Concept |
|
Information Exposure SNYK-JS-UNDICI-5962466 |
76 | No Known Exploit |
|
Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336 |
76 | No Known Exploit |
|
Improper Access Control SNYK-JS-UNDICI-6564963 |
76 | No Known Exploit |
|
Improper Authorization SNYK-JS-UNDICI-6564964 |
76 | No Known Exploit |
Release notes
Package name: undici
-
5.29.0 - 2025-03-19
What's Changed
- Fix tests in v5.x for Node 20 by @ mcollina in #4104
- Removed clients with unrecoverable errors from the Pool #4088
Full Changelog: v5.28.5...v5.29.0
-
5.28.5 - 2025-01-16
⚠️ Security Release⚠️ Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).
Full Changelog: v5.28.4...v5.28.5
- 5.28.4 - 2024-04-02
- 5.28.3 - 2024-02-05
- 5.28.2 - 2023-11-30
- 5.28.1 - 2023-11-27
- 5.28.0 - 2023-11-24
- 5.27.2 - 2023-11-03
- 5.27.1 - 2023-11-03
- 5.27.0 - 2023-10-26
- 5.26.5 - 2023-10-23
- 5.26.4 - 2023-10-19
- 5.26.3 - 2023-10-11
- 5.26.2 - 2023-10-11
- 5.26.1 - 2023-10-11
- 5.26.0 - 2023-10-11
- 5.25.4 - 2023-10-03
- 5.25.3 - 2023-10-01
- 5.25.2 - 2023-09-22
- 5.25.1 - 2023-09-20
- 5.25.0 - 2023-09-20
- 5.24.0 - 2023-09-08
- 5.24.0-test.6 - 2023-09-20
- 5.24.0-test.5 - 2023-09-19
- 5.24.0-test.4 - 2023-09-19
- 5.24.0-test.3 - 2023-09-19
- 5.24.0-test.2 - 2023-09-19
- 5.24.0-test.1 - 2023-09-19
- 5.24.0-test.0 - 2023-09-19
- 5.23.0 - 2023-08-03
- 5.22.1 - 2023-05-11
- 5.22.0 - 2023-04-20
- 5.21.2 - 2023-04-09
- 5.21.1 - 2023-04-08
- 5.21.0 - 2023-03-13
- 5.20.0 - 2023-02-18
- 5.19.1 - 2023-02-13
- 5.19.0 - 2023-02-13
- 5.18.0 - 2023-02-06
- 5.17.1 - 2023-02-04
- 5.17.0 - 2023-02-04
- 5.16.0 - 2023-01-23
- 5.15.2 - 2023-01-22
- 5.15.1 - 2023-01-19
- 5.15.0 - 2023-01-11
- 5.14.0 - 2022-12-08
- 5.13.0 - 2022-11-25
- 5.12.0 - 2022-10-27
- 5.11.0 - 2022-10-03
- 5.10.0 - 2022-08-23
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- This PR was automatically created by Snyk using the credentials of a real user.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
