Bump undici from 5.7.0 to 5.8.0
Created by: dependabot[bot]
Bumps undici from 5.7.0 to 5.8.0.
Release notes
Sourced from undici's releases.
v5.8.0
⚠ ️ Security Fixes⚠ ️
- CRLF injection in request path, method, and headers https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc, CVE CVE-2022-31150, reported by
@Haxatron- Cookies uncleared on cross-host / cross-origin redirect https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp, CVE CVE-2022-31150, reported by
@HaxatronWhat's Changed
- Drop PR title validation by
@mcollinain nodejs/undici#1543- chore: exclude windows node 16 by
@mcollinain nodejs/undici#1542- feat: use weighted round robin in balancedPool by
@jodevsain nodejs/undici#1069- Fix up
excludein CI by@dominykasin nodejs/undici#1544- fix(mock utils): set Readable.abort by
@KhafraDevin nodejs/undici#1549- fix(body mixin): only allow Uint8Array chunks by
@KhafraDevin nodejs/undici#1550- docs: updated proxy docs - renamed already used const proxy to proxyServer by
@dancastilloin nodejs/undici#1552New Contributors
@jodevsamade their first contribution in nodejs/undici#1069@dancastillomade their first contribution in nodejs/undici#1552Full Changelog: https://github.com/nodejs/undici/compare/v5.7.0...v5.7.1
Commits
-
26f60b7Bumped v5.8.0 -
0a5bee9Merge pull request from GHSA-q768-x9m6-m9qp -
a29a151Merge pull request from GHSA-3cvr-822r-rqcc -
722976cdocs: updated proxy docs - renamed already used const proxy to proxyServer (#... -
b6af4e6fix(body mixin): only allow Uint8Array chunks (#1550) -
6c9e634fix(mock utils): set Readable.abort (#1549) -
22e2f39ci: fix upexclude(#1544) -
99205ecfeat: use weighted round robin in balancedPool (#1069) -
5b57e8cchore: exclude windows node 16 (#1542) -
93e31a2Drop PR title validation (#1543) - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)