search

Secreto31126 / whatsapp-api-js

A TypeScript server agnostic Whatsapp's Official API framework
MIT License
128 stars 31 forks source link

chore(deps): undici v6.6.1 [security] #302

Closed renovate[bot] closed 4 months ago

renovate[bot] commented 5 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
undici (source) 6.5.0 -> 6.6.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-24750

Impact

Calling fetch(url) and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak.

Patches

Patched in v6.6.1

Workarounds

Make sure to always consume the incoming body.

CVE-2024-24758

Impact

Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers.

Patches

This is patched in v5.28.3 and v6.6.1

Workarounds

There are no known workarounds.

References

Release Notes

nodejs/undici (undici) ### [`v6.6.1`](https://togithub.com/nodejs/undici/releases/tag/v6.6.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.6.0...v6.6.1) #### ⚠️ Security Release ⚠️ Details on the vulnerabilities fixed will be shared in the next couple of days. #### What's Changed - fix: flaky debug test by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2687](https://togithub.com/nodejs/undici/pull/2687) - build(deps): bump github/codeql-action from 3.22.12 to 3.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2688](https://togithub.com/nodejs/undici/pull/2688) - build(deps): bump actions/dependency-review-action from 3.1.0 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2689](https://togithub.com/nodejs/undici/pull/2689) - fix: ci pipeline warnings by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2685](https://togithub.com/nodejs/undici/pull/2685) - perf: optimize Iterator by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2692](https://togithub.com/nodejs/undici/pull/2692) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.6.0...v6.6.1 ### [`v6.6.0`](https://togithub.com/nodejs/undici/releases/tag/v6.6.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v6.5.0...v6.6.0) #### What's Changed - add webSocket example by [@​mertcanaltin](https://togithub.com/mertcanaltin) in [https://github.com/nodejs/undici/pull/2626](https://togithub.com/nodejs/undici/pull/2626) - chore: remove atomic-sleep as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2648](https://togithub.com/nodejs/undici/pull/2648) - chore: remove semver as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2646](https://togithub.com/nodejs/undici/pull/2646) - chore: remove table as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2649](https://togithub.com/nodejs/undici/pull/2649) - chore: remove delay as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2647](https://togithub.com/nodejs/undici/pull/2647) - chore: reduce noise in test-logs test/issue-2349.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2655](https://togithub.com/nodejs/undici/pull/2655) - chore: fix faketimer warning in test/request-timeout.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2656](https://togithub.com/nodejs/undici/pull/2656) - chore: reduce noise in test logs test/client-node-max-header-size.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2654](https://togithub.com/nodejs/undici/pull/2654) - refactor: use fromInnerResponse by [@​tsctx](https://togithub.com/tsctx) in [https://github.com/nodejs/undici/pull/2635](https://togithub.com/nodejs/undici/pull/2635) - fix: support deflate raw responses by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2650](https://togithub.com/nodejs/undici/pull/2650) - Support building for externally shared js builtins by [@​mochaaP](https://togithub.com/mochaaP) in [https://github.com/nodejs/undici/pull/2643](https://togithub.com/nodejs/undici/pull/2643) - fix: typo clampAndCoarsenConnectionTimingInfo by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2653](https://togithub.com/nodejs/undici/pull/2653) - chore: use 'node:'-prefix for requiring node core modules by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2662](https://togithub.com/nodejs/undici/pull/2662) - build(deps-dev): bump husky from 8.0.3 to 9.0.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2667](https://togithub.com/nodejs/undici/pull/2667) - build(deps-dev): bump cronometro from 1.2.0 to 2.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2668](https://togithub.com/nodejs/undici/pull/2668) - remove timers/promises import by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2665](https://togithub.com/nodejs/undici/pull/2665) - chore: fix various codesmells by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2669](https://togithub.com/nodejs/undici/pull/2669) - chore: remove this alias in agent.js by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2671](https://togithub.com/nodejs/undici/pull/2671) - chore: use optional chaining by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2666](https://togithub.com/nodejs/undici/pull/2666) - chore: small perf improvements by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2661](https://togithub.com/nodejs/undici/pull/2661) - implement spec changes from a while ago by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2676](https://togithub.com/nodejs/undici/pull/2676) - websocket: fix close when no closing code is received by [@​KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2680](https://togithub.com/nodejs/undici/pull/2680) - fix: make ci less flaky by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2684](https://togithub.com/nodejs/undici/pull/2684) #### New Contributors - [@​mochaaP](https://togithub.com/mochaaP) made their first contribution in [https://github.com/nodejs/undici/pull/2643](https://togithub.com/nodejs/undici/pull/2643) **Full Changelog**: https://github.com/nodejs/undici/compare/v6.5.0...v6.6.0
github-actions[bot] commented 5 months ago

Visit the preview URL for this PR (updated for commit e4d274c):

https://whatsappapijs--pr302-renovate-npm-undici-5qkn74jo.web.app

(expires Mon, 26 Feb 2024 02:50:52 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: 80a8dc4ceea5c783aae1d47b75797ee5b6c2f4be