cli
cli copied to clipboard
Published
20 hours ago •
fluencelabs
fluencelabs
chore(deps): update dependency undici to v6.19.2 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| undici (source) | 6.16.0 -> 6.19.2 |
GitHub Vulnerability Alerts
CVE-2024-38372
Impact
Depending on network and process conditions of a fetch() request, response.arrayBuffer() might include portion of memory from the Node.js process.
Patches
This has been patched in v6.19.2.
Workarounds
There are no known workaround.
References
https://github.com/nodejs/undici/issues/3337 https://github.com/nodejs/undici/issues/3328 https://github.com/nodejs/undici/pull/3338 https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36
Release Notes
nodejs/undici (undici)
v6.19.2
What's Changed
- fix #3337 by @KhafraDev in https://github.com/nodejs/undici/pull/3338
- build: use
huskyashusky installis deprecated by @jazelly in https://github.com/nodejs/undici/pull/3340 - fix: interceptors.d.ts has no default export by @Uzlopak in https://github.com/nodejs/undici/pull/3332
Full Changelog: https://github.com/nodejs/undici/compare/v6.19.1...v6.19.2
v6.19.1
What's Changed
- don't append empty origin by @KhafraDev in https://github.com/nodejs/undici/pull/3335
Full Changelog: https://github.com/nodejs/undici/compare/v6.19.0...v6.19.1
v6.19.0
What's Changed
- build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in https://github.com/nodejs/undici/pull/3305
- build(deps): bump codecov/codecov-action from 4.3.1 to 4.4.1 by @dependabot in https://github.com/nodejs/undici/pull/3303
- build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in https://github.com/nodejs/undici/pull/3304
- build(deps): bump github/codeql-action from 3.25.3 to 3.25.7 by @dependabot in https://github.com/nodejs/undici/pull/3306
- build(deps): bump node from
9e8f45ftodd7e693in /build by @dependabot in https://github.com/nodejs/undici/pull/3309 - build(deps): bump node from
dd7e693toe6d4495in /build by @dependabot in https://github.com/nodejs/undici/pull/3313 - remove websocket experimental warning by @KhafraDev in https://github.com/nodejs/undici/pull/3311
- perf: optimization of request instantiation by @tsctx in https://github.com/nodejs/undici/pull/3107
- perf: convert object to params by @DarkGL in https://github.com/nodejs/undici/pull/3302
- build(deps-dev): bump borp from 0.14.0 to 0.15.0 by @dependabot in https://github.com/nodejs/undici/pull/3320
- build(deps-dev): bump c8 from 9.1.0 to 10.0.0 by @dependabot in https://github.com/nodejs/undici/pull/3321
- fix: add missing error classes to types by @maxbeatty in https://github.com/nodejs/undici/pull/3316
- export interceptor to type def file by @jakecastelli in https://github.com/nodejs/undici/pull/3318
- build(deps): bump node from
e6d4495to075a5ccin /build by @dependabot in https://github.com/nodejs/undici/pull/3326 - doc: clearify the behaviour of
bodyTimeoutin the request by @jakecastelli in https://github.com/nodejs/undici/pull/3324 - feature: support pre-shared sessions by @tastypackets in https://github.com/nodejs/undici/pull/3325
New Contributors
- @maxbeatty made their first contribution in https://github.com/nodejs/undici/pull/3316
- @jakecastelli made their first contribution in https://github.com/nodejs/undici/pull/3318
Full Changelog: https://github.com/nodejs/undici/compare/v6.18.2...v6.19.0
v6.18.2
v6.18.1
What's Changed
- docs: Update references to dispatcher in docs by @haikyuu in https://github.com/nodejs/undici/pull/3281
- fix: compatibility for global headers by @tsctx in https://github.com/nodejs/undici/pull/3286
- websocket: pre-calculated length by @tsctx in https://github.com/nodejs/undici/pull/3284
- ci: fix autobahn workflow by @Uzlopak in https://github.com/nodejs/undici/pull/3291
- revert: "websocket: pre-calculated length" by @KhafraDev in https://github.com/nodejs/undici/pull/3290
- websocket: use FixedQueue instead of Set by @tsctx in https://github.com/nodejs/undici/pull/3283
New Contributors
- @haikyuu made their first contribution in https://github.com/nodejs/undici/pull/3281
Full Changelog: https://github.com/nodejs/undici/compare/v6.18.0...v6.18.1
v6.18.0
What's Changed
- permessage-deflate decompression support in websocket by @KhafraDev in https://github.com/nodejs/undici/pull/3263
- fix: Fix server closing in tests. by @ShogunPanda in https://github.com/nodejs/undici/pull/3279
Full Changelog: https://github.com/nodejs/undici/compare/v6.17.0...v6.18.0
v6.17.0
What's Changed
- fetch: fix captureStackTrace by @Uzlopak in https://github.com/nodejs/undici/pull/3227
- fetch: fix wpt test request-upload.any.js by @Uzlopak in https://github.com/nodejs/undici/pull/3234
- websocket: don't clone buffer by @tsctx in https://github.com/nodejs/undici/pull/3240
- Remove unecessary async from writeBuffer by @DarkGL in https://github.com/nodejs/undici/pull/3245
- refactor websocket control frame handling by @KhafraDev in https://github.com/nodejs/undici/pull/3241
- fix parsing continuation frames in websocket by @KhafraDev in https://github.com/nodejs/undici/pull/3247
- ci: node nightly test should use node 23 by @Uzlopak in https://github.com/nodejs/undici/pull/3248
- Add test to verify if the connection is correctly aborted on cancel by @mcollina in https://github.com/nodejs/undici/pull/3219
- Autobahn suite by @KhafraDev in https://github.com/nodejs/undici/pull/3251
- websocket: fix 6 autobahn tests by @KhafraDev in https://github.com/nodejs/undici/pull/3254
- websocket: checkout correct commit in autobahn workflow by @Uzlopak in https://github.com/nodejs/undici/pull/3258
- Cleanup websocket by @KhafraDev in https://github.com/nodejs/undici/pull/3257
- websocket: autobahn workflow should fail on error by @Uzlopak in https://github.com/nodejs/undici/pull/3259
- add bodymixin bytes by @KhafraDev in https://github.com/nodejs/undici/pull/3262
- perf: avoid buffer cloning by @tsctx in https://github.com/nodejs/undici/pull/3264
- feat: dump interceptor by @metcoder95 in https://github.com/nodejs/undici/pull/3118
- use private properties in Headers by @KhafraDev in https://github.com/nodejs/undici/pull/3269
- Revert "websocket: autobahn workflow should fail on error" by @Uzlopak in https://github.com/nodejs/undici/pull/3270
- build(deps): bump node from
487dc5dto9e8f45fin /build by @dependabot in https://github.com/nodejs/undici/pull/3271
New Contributors
- @DarkGL made their first contribution in https://github.com/nodejs/undici/pull/3245
Full Changelog: https://github.com/nodejs/undici/compare/v6.16.1...v6.17.0
v6.16.1
What's Changed
- fix some typos by @Uzlopak in https://github.com/nodejs/undici/pull/3217
- websocket: move codeblock in parseCloseBody by @Uzlopak in https://github.com/nodejs/undici/pull/3215
- fetch: enable wpt test request-referrer.any.js by @Uzlopak in https://github.com/nodejs/undici/pull/3223
- fetch: wpt add /fetch/api/resources/cache.py to server.mjs by @Uzlopak in https://github.com/nodejs/undici/pull/3225
- add pipe support for wpt server by @KhafraDev in https://github.com/nodejs/undici/pull/3228
- test: reduce the number of requests in
fire-and-forget.jsby @tsctx in https://github.com/nodejs/undici/pull/3229 - ci: add node 22 in ci test matrix, use 22 for coverage by @Uzlopak in https://github.com/nodejs/undici/pull/3226
- fetch: don't set an invalid origin header by @KhafraDev in https://github.com/nodejs/undici/pull/3235
- fail wpt runner if expected failures does not match actual by @KhafraDev in https://github.com/nodejs/undici/pull/3236
- fix: ignore content-length when dumping HEAD by @ronag in https://github.com/nodejs/undici/pull/3222
Full Changelog: https://github.com/nodejs/undici/compare/v6.16.0...v6.16.1
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}