Bump undici from 5.7.0 to 5.8.0
Created by: dependabot[bot]
Bumps undici from 5.7.0 to 5.8.0.
Release notes
Sourced from undici's releases.
v5.8.0
⚠ ️ Security Fixes⚠ ️
- CRLF injection in request path, method, and headers https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc, CVE CVE-2022-31150, reported by
@Haxatron
- Cookies uncleared on cross-host / cross-origin redirect https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp, CVE CVE-2022-31150, reported by
@Haxatron
What's Changed
- Drop PR title validation by
@mcollina
in nodejs/undici#1543- chore: exclude windows node 16 by
@mcollina
in nodejs/undici#1542- feat: use weighted round robin in balancedPool by
@jodevsa
in nodejs/undici#1069- Fix up
exclude
in CI by@dominykas
in nodejs/undici#1544- fix(mock utils): set Readable.abort by
@KhafraDev
in nodejs/undici#1549- fix(body mixin): only allow Uint8Array chunks by
@KhafraDev
in nodejs/undici#1550- docs: updated proxy docs - renamed already used const proxy to proxyServer by
@dancastillo
in nodejs/undici#1552New Contributors
@jodevsa
made their first contribution in nodejs/undici#1069@dancastillo
made their first contribution in nodejs/undici#1552Full Changelog: https://github.com/nodejs/undici/compare/v5.7.0...v5.7.1
Commits
-
26f60b7
Bumped v5.8.0 -
0a5bee9
Merge pull request from GHSA-q768-x9m6-m9qp -
a29a151
Merge pull request from GHSA-3cvr-822r-rqcc -
722976c
docs: updated proxy docs - renamed already used const proxy to proxyServer (#... -
b6af4e6
fix(body mixin): only allow Uint8Array chunks (#1550) -
6c9e634
fix(mock utils): set Readable.abort (#1549) -
22e2f39
ci: fix upexclude
(#1544) -
99205ec
feat: use weighted round robin in balancedPool (#1069) -
5b57e8c
chore: exclude windows node 16 (#1542) -
93e31a2
Drop PR title validation (#1543) - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)