search

mercurius-js / mercurius

Implement GraphQL servers and gateways with Fastify
https://mercurius.dev/
MIT License
2.34k stars 234 forks source link

fix: updates undici to keep up with latest security release #1099

Closed asciidisco closed 5 months ago

asciidisco commented 5 months ago

Updates undici to keep up with latest security related release of the 5.x.x. version branch, see undici release info for more information.

npm audit output:

undici  <=5.28.3
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - https://github.com/advisories/GHSA-m4v8-wqvr-p9f7
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - https://github.com/advisories/GHSA-9qxr-qj54-h672
asciidisco commented 5 months ago

@mcollina Thanks. Yeah, as it wasn't ranged I did not want to re-introduce that. I think you pinned it because of the Node 16 compat with this commit

You know unidici way better than I do, but I believe it's semver at the heart, so ranging should be fine.