taco
taco copied to clipboard
prototypsthlm
Bump undici and @sveltejs/kit
Bumps undici to 5.28.4 and updates ancestor dependency @sveltejs/kit. These dependencies need to be updated together.
Updates undici from 5.26.5 to 5.28.4
Release notes
Sourced from undici's releases.
v5.28.4
:warning: Security Release :warning:
- Fixes https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
- Fixes https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 CVE-2024-30261
Full Changelog: https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4
v5.28.3
⚠️ Security Release ⚠️
Fixes:
Full Changelog: https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3
v5.28.2
What's Changed
- fix: remove optional chainning for compatible with Nodejs12 and below by
@bugbin nodejs/undici#2470- fix: remove
node:prefix by@tsctxin nodejs/undici#2471- perf: avoid Headers initialization by
@tsctxin nodejs/undici#2468- fix: handle SharedArrayBuffer correctly by
@tsctxin nodejs/undici#2466- fix: Add
nulltype tosignalinRequestInitby@gebshin nodejs/undici#2455- fix: correctly handle data URL with hashes. by
@tsctxin nodejs/undici#2475- fix: check response for timinginfo allow flag by
@ToshBin nodejs/undici#2477- Make call to onBodySent conditional in RetryHandler by
@MzUgMin nodejs/undici#2478- refactor: better integrity check by
@tsctxin nodejs/undici#2462- fix: Added support for inline URL username:password proxy auth by
@matt-wayin nodejs/undici#2473- build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by
@dependabotin nodejs/undici#2472- build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by
@dependabotin nodejs/undici#2405- build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by
@dependabotin nodejs/undici#2396- build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by
@dependabotin nodejs/undici#2395- build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by
@dependabotin nodejs/undici#2392- build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by
@dependabotin nodejs/undici#2389- build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by
@dependabotin nodejs/undici#2302New Contributors
@bugbmade their first contribution in nodejs/undici#2470@gebshmade their first contribution in nodejs/undici#2455@ToshBmade their first contribution in nodejs/undici#2477@MzUgMmade their first contribution in nodejs/undici#2478@matt-waymade their first contribution in nodejs/undici#2473Full Changelog: https://github.com/nodejs/undici/compare/v5.28.1...v5.28.2
v5.28.1
What's Changed
- perf: Improve
normalizeMethodby@tsctxin nodejs/undici#2456- fix: dispatch error handling by
@ronagin nodejs/undici#2459
... (truncated)
Commits
fb98306Bumped v5.28.42b39440Merge pull request from GHSA-9qxr-qj54-h67264e3402Merge pull request from GHSA-m4v8-wqvr-p9f7723c4e7Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"0e9d54bskip failing test due to Node.js changese71cb4cBumped v5.28.320c65b8Fix tests for Node.js v20.11.0 (#2618)8ec52cdFix tests for Node.js v21 (#2609)d3aa574Merge pull request from GHSA-3787-6prv-h9w39a14e5fBumped v5.28.2- Additional commits viewable in compare view
Updates @sveltejs/kit from 1.27.2 to 1.30.4
Release notes
Sourced from @sveltejs/kit's releases.
@sveltejs/kit@1.30.4Patch Changes
- chore(deps): upgrade and unpin undici (#11860)
Changelog
Sourced from @sveltejs/kit's changelog.
1.30.4
Patch Changes
- chore(deps): upgrade and unpin undici (#11860)
1.30.3
Patch Changes
- fix: correct documentation for beforeNavigate (#11300)
1.30.2
Patch Changes
- fix: revert recent 'correctly return 415' and 'correctly return 404' changes (#11295)
1.30.1
Patch Changes
fix: prerendered root page with
paths.baseconfig uses correct trailing slash option (#10763)fix: correctly return 404 when a form action is not found (#11278)
1.30.0
Minor Changes
- feat: inline
response.arrayBuffer()during ssr (#10535)Patch Changes
fix: allow
"false"value for preload link options (#10555)fix: call worker
unrefinstead ofterminate(#10120)fix: correctly analyse exported server API methods during build (#11019)
fix: avoid error when back navigating before page is initialized (#10636)
fix: allow service-worker.js to import assets (#9285)
fix: distinguish better between not-found and internal-error (#11131)
1.29.1
Patch Changes
... (truncated)
Commits
a6c8f21Version Packages (#11862)9b8e731chore(deps): upgrade and unpin undici (#11860)a3c4ddbchore: upgrade to prettier 3.1.1 (#11304)9ae5943Version Packages (#11302)f82df6cfix: correct documentation forbeforeNavigate(#11300)99e4bfbVersion Packages (#11296)86a1357fix: revert recent error changes (#11295)b2b1951Version Packages (#11288)5b81a21fix: action not found should return 404 (#11278)5b1d1abfix: prevent incorrect trailing slash redirect for prerendered root page when...- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Your Render PR Server URL is https://taco-dev-prototyp-se-pr-170.onrender.com.
Follow its progress at https://dashboard.render.com/web/srv-co7d6lv109ks73e6fu90.
![render[bot] avatar](https://avatars.githubusercontent.com/in/14658?v=4 "Published by a pub.dev verified publisher"){kind=small}