vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| celestia | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Aug 6, 2024 7:55am |
| celestia-ebjh | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Aug 6, 2024 7:55am |
This PR contains the following updates:
5.23.0->5.28.4GitHub Vulnerability Alerts
CVE-2023-45143
Impact
Undici clears Authorization headers on cross-origin redirects, but does not clear
Cookieheaders. By design,cookieheaders are forbidden request headers, disallowing them to be set inRequestInit.headersin browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch.As such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site.
Patches
This was patched in e041de359221ebeae04c469e8aff4145764e6d76, which is included in version 5.26.2.
CVE-2024-24758
Impact
Undici already cleared Authorization headers on cross-origin redirects, but did not clear
Proxy-Authorizationheaders.Patches
This is patched in v5.28.3 and v6.6.1
Workarounds
There are no known workarounds.
References
CVE-2024-30261
Impact
If an attacker can alter the
integrityoption passed tofetch(), they can letfetch()accept requests as valid even if they have been tampered.Patches
Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1.
Workarounds
Ensure that
integritycannot be tampered with.References
https://hackerone.com/reports/2377760
CVE-2024-30260
Impact
Undici cleared Authorization and Proxy-Authorization headers for
fetch(), but did not clear them forundici.request().Patches
This has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75. Fixes has been released in v5.28.4 and v6.11.1.
Workarounds
use
fetch()or disablemaxRedirections.References
Linzi Shang reported this.
Release Notes
nodejs/undici (undici)
### [`v5.28.4`](https://redirect.github.com/nodejs/undici/releases/tag/v5.28.4) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.28.3...v5.28.4) #### :warning: Security Release :warning: - Fixes https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 CVE-2024-30260 - Fixes https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 CVE-2024-30261 **Full Changelog**: https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 ### [`v5.28.3`](https://redirect.github.com/nodejs/undici/releases/tag/v5.28.3) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.28.2...v5.28.3) #### ⚠️ Security Release ⚠️ Details on the vulnerabilities fixed will be shared in the next couple of days. **Full Changelog**: https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3 ### [`v5.28.2`](https://redirect.github.com/nodejs/undici/releases/tag/v5.28.2) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.28.1...v5.28.2) #### What's Changed - fix: remove optional chainning for compatible with Nodejs12 and below by [@bugb](https://redirect.github.com/bugb) in [https://github.com/nodejs/undici/pull/2470](https://redirect.github.com/nodejs/undici/pull/2470) - fix: remove `node:` prefix by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2471](https://redirect.github.com/nodejs/undici/pull/2471) - perf: avoid Headers initialization by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2468](https://redirect.github.com/nodejs/undici/pull/2468) - fix: handle SharedArrayBuffer correctly by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2466](https://redirect.github.com/nodejs/undici/pull/2466) - fix: Add `null` type to `signal` in `RequestInit` by [@gebsh](https://redirect.github.com/gebsh) in [https://github.com/nodejs/undici/pull/2455](https://redirect.github.com/nodejs/undici/pull/2455) - fix: correctly handle data URL with hashes. by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2475](https://redirect.github.com/nodejs/undici/pull/2475) - fix: check response for timinginfo allow flag by [@ToshB](https://redirect.github.com/ToshB) in [https://github.com/nodejs/undici/pull/2477](https://redirect.github.com/nodejs/undici/pull/2477) - Make call to onBodySent conditional in RetryHandler by [@MzUgM](https://redirect.github.com/MzUgM) in [https://github.com/nodejs/undici/pull/2478](https://redirect.github.com/nodejs/undici/pull/2478) - refactor: better integrity check by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2462](https://redirect.github.com/nodejs/undici/pull/2462) - fix: Added support for inline URL username:password proxy auth by [@matt-way](https://redirect.github.com/matt-way) in [https://github.com/nodejs/undici/pull/2473](https://redirect.github.com/nodejs/undici/pull/2473) - build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2472](https://redirect.github.com/nodejs/undici/pull/2472) - build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2405](https://redirect.github.com/nodejs/undici/pull/2405) - build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2396](https://redirect.github.com/nodejs/undici/pull/2396) - build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2395](https://redirect.github.com/nodejs/undici/pull/2395) - build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2392](https://redirect.github.com/nodejs/undici/pull/2392) - build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2389](https://redirect.github.com/nodejs/undici/pull/2389) - build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2302](https://redirect.github.com/nodejs/undici/pull/2302) #### New Contributors - [@bugb](https://redirect.github.com/bugb) made their first contribution in [https://github.com/nodejs/undici/pull/2470](https://redirect.github.com/nodejs/undici/pull/2470) - [@gebsh](https://redirect.github.com/gebsh) made their first contribution in [https://github.com/nodejs/undici/pull/2455](https://redirect.github.com/nodejs/undici/pull/2455) - [@ToshB](https://redirect.github.com/ToshB) made their first contribution in [https://github.com/nodejs/undici/pull/2477](https://redirect.github.com/nodejs/undici/pull/2477) - [@MzUgM](https://redirect.github.com/MzUgM) made their first contribution in [https://github.com/nodejs/undici/pull/2478](https://redirect.github.com/nodejs/undici/pull/2478) - [@matt-way](https://redirect.github.com/matt-way) made their first contribution in [https://github.com/nodejs/undici/pull/2473](https://redirect.github.com/nodejs/undici/pull/2473) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.28.1...v5.28.2 ### [`v5.28.1`](https://redirect.github.com/nodejs/undici/releases/tag/v5.28.1) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.28.0...v5.28.1) #### What's Changed - perf: Improve `normalizeMethod` by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2456](https://redirect.github.com/nodejs/undici/pull/2456) - fix: dispatch error handling by [@ronag](https://redirect.github.com/ronag) in [https://github.com/nodejs/undici/pull/2459](https://redirect.github.com/nodejs/undici/pull/2459) - perf(request): optimize if headers are given by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2454](https://redirect.github.com/nodejs/undici/pull/2454) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.28.0...v5.28.1 ### [`v5.28.0`](https://redirect.github.com/nodejs/undici/releases/tag/v5.28.0) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.27.2...v5.28.0) #### What's Changed - fix(parseHeaders): util.parseHeaders handle correctly array of buffer… by [@mdoria12](https://redirect.github.com/mdoria12) in [https://github.com/nodejs/undici/pull/2398](https://redirect.github.com/nodejs/undici/pull/2398) - docs: add license to undici-types by [@dancastillo](https://redirect.github.com/dancastillo) in [https://github.com/nodejs/undici/pull/2401](https://redirect.github.com/nodejs/undici/pull/2401) - perf: optimize Readable.dump by [@ronag](https://redirect.github.com/ronag) in [https://github.com/nodejs/undici/pull/2402](https://redirect.github.com/nodejs/undici/pull/2402) - perf(headers): Improve Headers by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2397](https://redirect.github.com/nodejs/undici/pull/2397) - test: re-enable conditional WPT Report for websockets by [@panva](https://redirect.github.com/panva) in [https://github.com/nodejs/undici/pull/2407](https://redirect.github.com/nodejs/undici/pull/2407) - fix: delay abort on 'close' by [@ronag](https://redirect.github.com/ronag) in [https://github.com/nodejs/undici/pull/2408](https://redirect.github.com/nodejs/undici/pull/2408) - refactor: use `substring` instead of `substr` by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2411](https://redirect.github.com/nodejs/undici/pull/2411) - add additional http2 test with fetch by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2419](https://redirect.github.com/nodejs/undici/pull/2419) - fix: HTTPToken check by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2410](https://redirect.github.com/nodejs/undici/pull/2410) - perf: optimize HeadersList.get by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2420](https://redirect.github.com/nodejs/undici/pull/2420) - properly handle pseudo-headers in fetch by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2422](https://redirect.github.com/nodejs/undici/pull/2422) - perf(headers): if the guard is immutable by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2424](https://redirect.github.com/nodejs/undici/pull/2424) - fix(mock-agent): send stream body by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2425](https://redirect.github.com/nodejs/undici/pull/2425) - build(deps): bump github/codeql-action from 2.21.5 to 2.22.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2394](https://redirect.github.com/nodejs/undici/pull/2394) - feat([#2264](https://redirect.github.com/nodejs/undici/issues/2264)): Expose Retry Handler by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2281](https://redirect.github.com/nodejs/undici/pull/2281) - fix: implement `Headers#set` correctly by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2432](https://redirect.github.com/nodejs/undici/pull/2432) - fix: implement `Headers#delete` correctly by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2430](https://redirect.github.com/nodejs/undici/pull/2430) - test: update websocket wpt availability by [@panva](https://redirect.github.com/panva) in [https://github.com/nodejs/undici/pull/2437](https://redirect.github.com/nodejs/undici/pull/2437) - fix: type comment position by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2443](https://redirect.github.com/nodejs/undici/pull/2443) - fix: `onHeaders` type declaration by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2444](https://redirect.github.com/nodejs/undici/pull/2444) - remove http2 status pseudo header from headers by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2438](https://redirect.github.com/nodejs/undici/pull/2438) - docs: Clarify `path` matching in `intercept()` by [@oliversalzburg](https://redirect.github.com/oliversalzburg) in [https://github.com/nodejs/undici/pull/2426](https://redirect.github.com/nodejs/undici/pull/2426) - fix: set-cookie clone by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2446](https://redirect.github.com/nodejs/undici/pull/2446) - docs: fix typo in maxConcurrentStreams by [@tniessen](https://redirect.github.com/tniessen) in [https://github.com/nodejs/undici/pull/2450](https://redirect.github.com/nodejs/undici/pull/2450) - refactor: remove leftovers by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2451](https://redirect.github.com/nodejs/undici/pull/2451) - refactor: add missing new operator by [@tsctx](https://redirect.github.com/tsctx) in [https://github.com/nodejs/undici/pull/2452](https://redirect.github.com/nodejs/undici/pull/2452) #### New Contributors - [@mdoria12](https://redirect.github.com/mdoria12) made their first contribution in [https://github.com/nodejs/undici/pull/2398](https://redirect.github.com/nodejs/undici/pull/2398) - [@tsctx](https://redirect.github.com/tsctx) made their first contribution in [https://github.com/nodejs/undici/pull/2397](https://redirect.github.com/nodejs/undici/pull/2397) - [@oliversalzburg](https://redirect.github.com/oliversalzburg) made their first contribution in [https://github.com/nodejs/undici/pull/2426](https://redirect.github.com/nodejs/undici/pull/2426) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.27.2...v5.28.0 ### [`v5.27.2`](https://redirect.github.com/nodejs/undici/releases/tag/v5.27.2) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.27.1...v5.27.2) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.27.1...v5.27.2 ### [`v5.27.1`](https://redirect.github.com/nodejs/undici/releases/tag/v5.27.1) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.27.0...v5.27.1) #### What's Changed - add regression test by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2376](https://redirect.github.com/nodejs/undici/pull/2376) - fix: define conditions when content-length should be sent by [@pxue](https://redirect.github.com/pxue) in [https://github.com/nodejs/undici/pull/2305](https://redirect.github.com/nodejs/undici/pull/2305) - refactor: removed unnecessary default by [@nikelborm](https://redirect.github.com/nikelborm) in [https://github.com/nodejs/undici/pull/2381](https://redirect.github.com/nodejs/undici/pull/2381) - fix: stream body handling by [@ronag](https://redirect.github.com/ronag) in [https://github.com/nodejs/undici/pull/2391](https://redirect.github.com/nodejs/undici/pull/2391) #### New Contributors - [@pxue](https://redirect.github.com/pxue) made their first contribution in [https://github.com/nodejs/undici/pull/2305](https://redirect.github.com/nodejs/undici/pull/2305) - [@nikelborm](https://redirect.github.com/nikelborm) made their first contribution in [https://github.com/nodejs/undici/pull/2381](https://redirect.github.com/nodejs/undici/pull/2381) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.27.0...v5.27.1 ### [`v5.27.0`](https://redirect.github.com/nodejs/undici/releases/tag/v5.27.0) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.26.5...v5.27.0) #### What's Changed - Use sets and reusable TextEncoder/TextDecoder instances by [@kibertoad](https://redirect.github.com/kibertoad) in [https://github.com/nodejs/undici/pull/2368](https://redirect.github.com/nodejs/undici/pull/2368) - feat: forward onRequestSent to handler by [@ronag](https://redirect.github.com/ronag) in [https://github.com/nodejs/undici/pull/2375](https://redirect.github.com/nodejs/undici/pull/2375) - skip bundle test on node 16 by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2377](https://redirect.github.com/nodejs/undici/pull/2377) - fix windows CI by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2379](https://redirect.github.com/nodejs/undici/pull/2379) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.26.5...v5.27.0 ### [`v5.26.5`](https://redirect.github.com/nodejs/undici/releases/tag/v5.26.5) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.26.4...v5.26.5) #### What's Changed - Drop race condition in connect-timeout test by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2360](https://redirect.github.com/nodejs/undici/pull/2360) - Remove a couple of unnecessary async functions by [@kibertoad](https://redirect.github.com/kibertoad) in [https://github.com/nodejs/undici/pull/2367](https://redirect.github.com/nodejs/undici/pull/2367) - Update namespace type with Fetch exports by [@Ethan-Arrowood](https://redirect.github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2361](https://redirect.github.com/nodejs/undici/pull/2361) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.26.4...v5.26.5 ### [`v5.26.4`](https://redirect.github.com/nodejs/undici/releases/tag/v5.26.4) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.26.3...v5.26.4) #### What's Changed - use esbuild define/hooks by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2342](https://redirect.github.com/nodejs/undici/pull/2342) - fix request's arrayBuffer returning uint8 instead of arraybuffer by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2344](https://redirect.github.com/nodejs/undici/pull/2344) - fix: skip readMore call if parser is null or undefined by [@iiAku](https://redirect.github.com/iiAku) in [https://github.com/nodejs/undici/pull/2346](https://redirect.github.com/nodejs/undici/pull/2346) - test: first attempt for flaky fix by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2337](https://redirect.github.com/nodejs/undici/pull/2337) - test: only include WebSocket in WPT Report where it's landed by [@panva](https://redirect.github.com/panva) in [https://github.com/nodejs/undici/pull/2351](https://redirect.github.com/nodejs/undici/pull/2351) - Update DispatchInterceptor.md by [@Uzlopak](https://redirect.github.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2354](https://redirect.github.com/nodejs/undici/pull/2354) - fix: Avoid error for stream() being aborted by [@BobNobrain](https://redirect.github.com/BobNobrain) in [https://github.com/nodejs/undici/pull/2355](https://redirect.github.com/nodejs/undici/pull/2355) - fix names with esbuild by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2359](https://redirect.github.com/nodejs/undici/pull/2359) #### New Contributors - [@iiAku](https://redirect.github.com/iiAku) made their first contribution in [https://github.com/nodejs/undici/pull/2346](https://redirect.github.com/nodejs/undici/pull/2346) - [@Uzlopak](https://redirect.github.com/Uzlopak) made their first contribution in [https://github.com/nodejs/undici/pull/2354](https://redirect.github.com/nodejs/undici/pull/2354) - [@BobNobrain](https://redirect.github.com/BobNobrain) made their first contribution in [https://github.com/nodejs/undici/pull/2355](https://redirect.github.com/nodejs/undici/pull/2355) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.26.3...v5.26.4 ### [`v5.26.3`](https://redirect.github.com/nodejs/undici/compare/12a62187d45f332cf39dd405f7c52b759cf40cdd...227b9bedf233f741b86dda4ae9d1c7ad69f5d75c) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.26.2...v5.26.3) ### [`v5.26.2`](https://redirect.github.com/nodejs/undici/releases/tag/v5.26.2) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.26.1...v5.26.2) Security Release, CVE-2023-45143. ### [`v5.26.1`](https://redirect.github.com/nodejs/undici/releases/tag/v5.26.1) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.26.0...v5.26.1) #### What's Changed - Fix publish undici-types once and for all! by [@Ethan-Arrowood](https://redirect.github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2338](https://redirect.github.com/nodejs/undici/pull/2338) - Fix node detection omfg by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2341](https://redirect.github.com/nodejs/undici/pull/2341) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.26.0...v5.26.1 ### [`v5.26.0`](https://redirect.github.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://redirect.github.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@Ethan-Arrowood](https://redirect.github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2309](https://redirect.github.com/nodejs/undici/pull/2309) - change default header to `node` by [@Ethan-Arrowood](https://redirect.github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2310](https://redirect.github.com/nodejs/undici/pull/2310) - chore: change order of the pseudo-headers by [@kyrylodolynskyi](https://redirect.github.com/kyrylodolynskyi) in [https://github.com/nodejs/undici/pull/2308](https://redirect.github.com/nodejs/undici/pull/2308) - fix: Agent.Options.factory should accept URL object or string as parameter by [@nicole0707](https://redirect.github.com/nicole0707) in [https://github.com/nodejs/undici/pull/2295](https://redirect.github.com/nodejs/undici/pull/2295) - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2312](https://redirect.github.com/nodejs/undici/pull/2312) - test: handle npm ignore-scripts settings by [@panva](https://redirect.github.com/panva) in [https://github.com/nodejs/undici/pull/2313](https://redirect.github.com/nodejs/undici/pull/2313) - feat: respect `--max-http-header-size` Node.js flag by [@balazsorban44](https://redirect.github.com/balazsorban44) in [https://github.com/nodejs/undici/pull/2234](https://redirect.github.com/nodejs/undici/pull/2234) - fix([#2311](https://redirect.github.com/nodejs/undici/issues/2311)): End stream after body sent by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2314](https://redirect.github.com/nodejs/undici/pull/2314) - disallow setting host header in fetch by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2322](https://redirect.github.com/nodejs/undici/pull/2322) - \[StepSecurity] ci: Harden GitHub Actions by [@step-security-bot](https://redirect.github.com/step-security-bot) in [https://github.com/nodejs/undici/pull/2325](https://redirect.github.com/nodejs/undici/pull/2325) - fix fetch with coverage enabled by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2330](https://redirect.github.com/nodejs/undici/pull/2330) - Fix stuck when using http2 POST Buffer by [@binsee](https://redirect.github.com/binsee) in [https://github.com/nodejs/undici/pull/2336](https://redirect.github.com/nodejs/undici/pull/2336) - fix: 🏷️ add allowH2 to BuildOptions by [@binsee](https://redirect.github.com/binsee) in [https://github.com/nodejs/undici/pull/2334](https://redirect.github.com/nodejs/undici/pull/2334) - fix: 🐛 fix process http2 header by [@binsee](https://redirect.github.com/binsee) in [https://github.com/nodejs/undici/pull/2332](https://redirect.github.com/nodejs/undici/pull/2332) #### New Contributors - [@kyrylodolynskyi](https://redirect.github.com/kyrylodolynskyi) made their first contribution in [https://github.com/nodejs/undici/pull/2308](https://redirect.github.com/nodejs/undici/pull/2308) - [@nicole0707](https://redirect.github.com/nicole0707) made their first contribution in [https://github.com/nodejs/undici/pull/2295](https://redirect.github.com/nodejs/undici/pull/2295) - [@balazsorban44](https://redirect.github.com/balazsorban44) made their first contribution in [https://github.com/nodejs/undici/pull/2234](https://redirect.github.com/nodejs/undici/pull/2234) - [@binsee](https://redirect.github.com/binsee) made their first contribution in [https://github.com/nodejs/undici/pull/2336](https://redirect.github.com/nodejs/undici/pull/2336) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.23.4...v5.26.0 ### [`v5.25.4`](https://redirect.github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) ### [`v5.25.3`](https://redirect.github.com/nodejs/undici/releases/tag/v5.25.3) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.25.2...v5.25.3) #### What's Changed - perf: improve parse-url implementation by [@anonrig](https://redirect.github.com/anonrig) in [https://github.com/nodejs/undici/pull/2286](https://redirect.github.com/nodejs/undici/pull/2286) - test: enable websockets inclusion in WPTReport by [@panva](https://redirect.github.com/panva) in [https://github.com/nodejs/undici/pull/2284](https://redirect.github.com/nodejs/undici/pull/2284) - remove npm run test from pre-commit hook by [@dancastillo](https://redirect.github.com/dancastillo) in [https://github.com/nodejs/undici/pull/2296](https://redirect.github.com/nodejs/undici/pull/2296) - perf: use [@fastify/busboy](https://redirect.github.com/fastify/busboy) by [@gurgunday](https://redirect.github.com/gurgunday) in [https://github.com/nodejs/undici/pull/2211](https://redirect.github.com/nodejs/undici/pull/2211) - Disable finalizationregistry if node code cov by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2298](https://redirect.github.com/nodejs/undici/pull/2298) #### New Contributors - [@gurgunday](https://redirect.github.com/gurgunday) made their first contribution in [https://github.com/nodejs/undici/pull/2211](https://redirect.github.com/nodejs/undici/pull/2211) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.25.2...v5.25.3 ### [`v5.25.2`](https://redirect.github.com/nodejs/undici/releases/tag/v5.25.2) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.25.1...v5.25.2) #### What's Changed - Add Khaf to releasers by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2276](https://redirect.github.com/nodejs/undici/pull/2276) - fix: fix request with readable mode is object by [@killagu](https://redirect.github.com/killagu) in [https://github.com/nodejs/undici/pull/2279](https://redirect.github.com/nodejs/undici/pull/2279) - fix loading websockets when node is built w/ --without-ssl by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2282](https://redirect.github.com/nodejs/undici/pull/2282) #### New Contributors - [@killagu](https://redirect.github.com/killagu) made their first contribution in [https://github.com/nodejs/undici/pull/2279](https://redirect.github.com/nodejs/undici/pull/2279) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.25.1...v5.25.2 ### [`v5.25.1`](https://redirect.github.com/nodejs/undici/releases/tag/v5.25.1) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.25.0...v5.25.1) #### What's Changed - Add publish types script by [@Ethan-Arrowood](https://redirect.github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2273](https://redirect.github.com/nodejs/undici/pull/2273) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.25.0...v5.25.1 ### [`v5.25.0`](https://redirect.github.com/nodejs/undici/releases/tag/v5.25.0) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.24.0...v5.25.0) #### What's Changed - fix: h2 without body by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2258](https://redirect.github.com/nodejs/undici/pull/2258) - ci: remove duplicated runs by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2265](https://redirect.github.com/nodejs/undici/pull/2265) - improve documentation of timeouts by making the units clear in all places by [@mcfedr](https://redirect.github.com/mcfedr) in [https://github.com/nodejs/undici/pull/2266](https://redirect.github.com/nodejs/undici/pull/2266) - expose websocket in node bundle by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2217](https://redirect.github.com/nodejs/undici/pull/2217) - test: fix Fetch/HTTP2 tests by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2263](https://redirect.github.com/nodejs/undici/pull/2263) - fix undici when node is built with --without-ssl by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2272](https://redirect.github.com/nodejs/undici/pull/2272) - fix: Fix type definition for Client Interceptors by [@ComradeCow](https://redirect.github.com/ComradeCow) in [https://github.com/nodejs/undici/pull/2269](https://redirect.github.com/nodejs/undici/pull/2269) - Fix http2 agent by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2275](https://redirect.github.com/nodejs/undici/pull/2275) #### New Contributors - [@ComradeCow](https://redirect.github.com/ComradeCow) made their first contribution in [https://github.com/nodejs/undici/pull/2269](https://redirect.github.com/nodejs/undici/pull/2269) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.24.0...v5.25.0 ### [`v5.24.0`](https://redirect.github.com/nodejs/undici/releases/tag/v5.24.0) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v5.23.0...v5.24.0) #### Notable Changes - feat: Add H2 support by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2061](https://redirect.github.com/nodejs/undici/pull/2061) #### What's Changed - build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2203](https://redirect.github.com/nodejs/undici/pull/2203) - better stack trace for body.json by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2215](https://redirect.github.com/nodejs/undici/pull/2215) - allow http & https websocket urls by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2218](https://redirect.github.com/nodejs/undici/pull/2218) - build(deps-dev): bump [@sinonjs/fake-timers](https://redirect.github.com/sinonjs/fake-timers) from 10.3.0 to 11.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2221](https://redirect.github.com/nodejs/undici/pull/2221) - fix: pass ProxyAgent proxy status code error by [@NBNGaming](https://redirect.github.com/NBNGaming) in [https://github.com/nodejs/undici/pull/2162](https://redirect.github.com/nodejs/undici/pull/2162) - fix failing test by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2223](https://redirect.github.com/nodejs/undici/pull/2223) - docs: update MockPool.md intercept method description by [@capaj](https://redirect.github.com/capaj) in [https://github.com/nodejs/undici/pull/2220](https://redirect.github.com/nodejs/undici/pull/2220) - Update wpts by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2226](https://redirect.github.com/nodejs/undici/pull/2226) - build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2240](https://redirect.github.com/nodejs/undici/pull/2240) - build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2237](https://redirect.github.com/nodejs/undici/pull/2237) - build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to 3.9.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2236](https://redirect.github.com/nodejs/undici/pull/2236) - build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2241](https://redirect.github.com/nodejs/undici/pull/2241) - build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2238](https://redirect.github.com/nodejs/undici/pull/2238) - fix: aborting request with non-object error by [@KhafraDev](https://redirect.github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2243](https://redirect.github.com/nodejs/undici/pull/2243) - fix: preserve file path when parsing formdata by [@jimmywarting](https://redirect.github.com/jimmywarting) in [https://github.com/nodejs/undici/pull/2245](https://redirect.github.com/nodejs/undici/pull/2245) - build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/nodejs/undici/pull/2246](https://redirect.github.com/nodejs/undici/pull/2246) - Updated benchmarks by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2250](https://redirect.github.com/nodejs/undici/pull/2250) - Fix fetch in node v20.6.0 by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2251](https://redirect.github.com/nodejs/undici/pull/2251) - Maybe fix v20 by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2252](https://redirect.github.com/nodejs/undici/pull/2252) - feat: Add H2 support by [@metcoder95](https://redirect.github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2061](https://redirect.github.com/nodejs/undici/pull/2061) - docs: fix tables in README by [@regseb](https://redirect.github.com/regseb) in [https://github.com/nodejs/undici/pull/2254](https://redirect.github.com/nodejs/undici/pull/2254) - Fix http2 fetch test by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/2253](https://redirect.github.com/nodejs/undici/pull/2253) #### New Contributors - [@NBNGaming](https://redirect.github.com/NBNGaming) made their first contribution in [https://github.com/nodejs/undici/pull/2162](https://redirect.github.com/nodejs/undici/pull/2162) - [@capaj](https://redirect.github.com/capaj) made their first contribution in [https://github.com/nodejs/undici/pull/2220](https://redirect.github.com/nodejs/undici/pull/2220) - [@regseb](https://redirect.github.com/regseb) made their first contribution in [https://github.com/nodejs/undici/pull/2254](https://redirect.github.com/nodejs/undici/pull/2254) **Full Changelog**: https://github.com/nodejs/undici/compare/v5.23.0...v5.24.0Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.