Bump undici and wrangler

[dependabot[bot]]

Bumps undici to 5.20.0 and updates ancestor dependency wrangler. These dependencies need to be updated together.

Updates undici from 5.9.1 to 5.20.0

Release notes

Sourced from undici's releases.

v5.20.0

What's Changed

• perf: improve cookie parsing performance by @​KhafraDev in nodejs/undici#1931
• fix: disable websocket wpts in ci :( by @​KhafraDev in nodejs/undici#1932
• fix: Allow “undefined“ as value in headers by @​pan93412 in nodejs/undici#1929
• feat: Support autoSelectFamily when connecting. by @​ShogunPanda in nodejs/undici#1914
• fix: copy cookies when cloning haders by @​KhafraDev in nodejs/undici#1936
• test: more logs in wpt runner by @​KhafraDev in nodejs/undici#1933
• feat: change headersTimeout and bodyTimeout to 300s by @​kyrylkov in nodejs/undici#1937

Full Changelog: https://github.com/nodejs/undici/compare/v5.19.1...v5.20.0

v5.19.1

⚠️ Security Release ⚠️

• Regular Expression Denial of Service in Headers with CVE-2023-24807
• CRLF Injection in Nodejs ‘undici’ via host with CVE-2023-23936

This release is part of the Node.js security release train: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

v5.19.0

What's Changed

• fix(fetch): raise AbortSignal max event listeners by @​KhafraDev in nodejs/undici#1910
• fix: content-disposition header parsing by @​climba03003 in nodejs/undici#1911
• fix: remove test by @​KhafraDev in nodejs/undici#1916
• feat: add Headers.prototype.getSetCookie by @​KhafraDev in nodejs/undici#1915
• fix(headers): clone getSetCookie list & add getSetCookie type by @​KhafraDev in nodejs/undici#1917
• doc(mock): update out-of-date reply documentation by @​p9f in nodejs/undici#1913
• fix(types): add missing keepAlive params by @​SkeLLLa in nodejs/undici#1918
• Make the fetch() abort test pass locally, on Linux and Mac, Node 18/19. by @​mcollina in nodejs/undici#1927

New Contributors

• @​climba03003 made their first contribution in nodejs/undici#1911
• @​p9f made their first contribution in nodejs/undici#1913

Full Changelog: https://github.com/nodejs/undici/compare/v5.18.0...v5.19.0

v5.18.0

What's Changed

• Add ability to set TCP keepalive by @​xconverge in nodejs/undici#1904
• use faster timers by @​ronag in nodejs/undici#1908
• fix: ensure header value is a string by @​ronag in nodejs/undici#1899

Full Changelog: https://github.com/nodejs/undici/compare/v5.17.1...v5.18.0

v5.17.1

What's Changed

• fix: bad buffer slice (https://github.com/nodejs/undici/commit/d2be675575512794dcd41b9683b209fc15368154)

... (truncated)

Commits

• 28b9dea Bumped v5.20.0
• 30dafe3 feat: change headersTimeout and bodyTimeout to 300s (#1937)
• eaf4dc9 test: more logs in wpt runner (#1933)
• 8b8bfa7 fix: copy cookies when cloning haders (#1936)
• eae6807 feat: Support autoSelectFamily when connecting. (#1914)
• c2387e8 fix: Allow “undefined“ as value in headers (#1929)
• f73ec63 fix: disable websocket wpts in ci :( (#1932)
• 2971280 perf: improve cookie parsing performance (#1931)
• 984d53b Bumped v5.19.1
• 6c32c0f lint fixes
• Additional commits viewable in compare view

Updates wrangler from 2.4.4 to 2.13.0

Release notes

Sourced from wrangler's releases.

wrangler@2.13.0

Minor Changes

• #2905 6fd06241 Thanks @​edevil! - feat: support external imports from cloudflare:... prefixed modules

  Going forward Workers will be providing built-in modules (similar to node:...) that can be imported using the cloudflare:... prefix. This change adds support to the Wrangler bundler to mark these imports as external.

• #2607 163dccf4 Thanks @​jspspike@gmail.com! - feature: add wrangler deployment view and wrangler rollback subcommands

wrangler deployments view [deployment-id] will get the details of a deployment, including bindings and usage model information. This information can be used to help debug bad deployments.

wrangler rollback [deployment-id] will rollback to a specific deployment in the runtime. This will be useful in situations like recovering from a bad deployment quickly while resolving issues. If a deployment id is not specified wrangler will rollback to the previous deployment. This rollback only changes the code in the runtime and doesn't affect any code or configurations in a developer's local setup.

wrangler deployments list will list the 10 most recent deployments. This command originally existed as wrangler deployments

example of view <deployment-id> output:

Deployment ID: 07d7143d-0284-427e-ba22-2d5e6e91b479
Created on:    2023-03-02T21:05:15.622446Z
Author:        jspspike@gmail.com
Source:        Upload from Wrangler 🤠
------------------------------------------------------------
Author ID:          e5a3ca86e08fb0940d3a05691310bb42
Usage Model:        bundled
Handlers:           fetch
Compatibility Date: 2022-10-03
--------------------------bindings--------------------------
[[r2_buckets]]
binding = "MY_BUCKET"
bucket_name = "testr2"
[[kv_namespaces]]
id = "79300c6d17eb4180a07270f450efe53f"
binding = "yeee"

• #2859 ace46939 Thanks @​jbwcloudflare! - feature: add support for Queue Consumer concurrency

  Consumer concurrency allows a consumer Worker processing messages from a queue to automatically scale out horizontally in order to keep up with the rate that messages are being written to a queue. The new max_concurrency setting can be used to limit the maximum number of concurrent consumer Worker invocations.

Patch Changes

• #2838 9fa6b167 Thanks @​mrbbot! - fix: display cause when local D1 migrations fail to apply

... (truncated)

Changelog

Sourced from wrangler's changelog.

2.13.0

Minor Changes

• #2905 6fd06241 Thanks @​edevil! - feat: support external imports from cloudflare:... prefixed modules

  Going forward Workers will be providing built-in modules (similar to node:...) that can be imported using the cloudflare:... prefix. This change adds support to the Wrangler bundler to mark these imports as external.

• #2607 163dccf4 Thanks @​jspspike@gmail.com! - feature: add wrangler deployment view and wrangler rollback subcommands

wrangler deployments view [deployment-id] will get the details of a deployment, including bindings and usage model information. This information can be used to help debug bad deployments.

wrangler rollback [deployment-id] will rollback to a specific deployment in the runtime. This will be useful in situations like recovering from a bad deployment quickly while resolving issues. If a deployment id is not specified wrangler will rollback to the previous deployment. This rollback only changes the code in the runtime and doesn't affect any code or configurations in a developer's local setup.

wrangler deployments list will list the 10 most recent deployments. This command originally existed as wrangler deployments

example of view <deployment-id> output:

Deployment ID: 07d7143d-0284-427e-ba22-2d5e6e91b479
Created on:    2023-03-02T21:05:15.622446Z
Author:        jspspike@gmail.com
Source:        Upload from Wrangler 🤠
------------------------------------------------------------
Author ID:          e5a3ca86e08fb0940d3a05691310bb42
Usage Model:        bundled
Handlers:           fetch
Compatibility Date: 2022-10-03
--------------------------bindings--------------------------
[[r2_buckets]]
binding = "MY_BUCKET"
bucket_name = "testr2"
[[kv_namespaces]]
id = "79300c6d17eb4180a07270f450efe53f"
binding = "yeee"

• #2859 ace46939 Thanks @​jbwcloudflare! - feature: add support for Queue Consumer concurrency

  Consumer concurrency allows a consumer Worker processing messages from a queue to automatically scale out horizontally in order to keep up with the rate that messages are being written to a queue. The new max_concurrency setting can be used to limit the maximum number of concurrent consumer Worker invocations.

Patch Changes

• #2838 9fa6b167 Thanks @​mrbbot! - fix: display cause when local D1 migrations fail to apply

... (truncated)

Commits

• 2496a42 Remove changeset and update changelog (#2926)
• d6ab185 Version Packages (#2904)
• 9fa6b16 Display cause when local D1 migrations fail to apply (#2838)
• 163dccf [Wrangler] Added sub commands in the deployments (#2607)
• 6fd0624 allow cloudflare-specific js module (#2905)
• 9996ac4 Fix in toml not working (#2902)
• ace4693 Add support for Queue Consumer concurrency (#2859)
• f61de1d Version Packages (#2879)
• 8b81abd wrangler: remove unwanted logging from test runs (#2857)
• e33bea9 Fix debug logging for Pages upload (#2884)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ehharvey/Attendance/network/alerts).