Bump undici from 5.15.1 to 5.20.0
Created by: dependabot[bot]
Bumps undici from 5.15.1 to 5.20.0.
Release notes
Sourced from undici's releases.
v5.20.0
What's Changed
- perf: improve cookie parsing performance by
@KhafraDev
in nodejs/undici#1931- fix: disable websocket wpts in ci :( by
@KhafraDev
in nodejs/undici#1932- fix: Allow “undefined“ as value in headers by
@pan93412
in nodejs/undici#1929- feat: Support autoSelectFamily when connecting. by
@ShogunPanda
in nodejs/undici#1914- fix: copy cookies when cloning haders by
@KhafraDev
in nodejs/undici#1936- test: more logs in wpt runner by
@KhafraDev
in nodejs/undici#1933- feat: change headersTimeout and bodyTimeout to 300s by
@kyrylkov
in nodejs/undici#1937Full Changelog: https://github.com/nodejs/undici/compare/v5.19.1...v5.20.0
v5.19.1
⚠ ️ Security Release⚠ ️
- Regular Expression Denial of Service in Headers with CVE-2023-24807
- CRLF Injection in Nodejs ‘undici’ via host with CVE-2023-23936
This release is part of the Node.js security release train: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
v5.19.0
What's Changed
- fix(fetch): raise AbortSignal max event listeners by
@KhafraDev
in nodejs/undici#1910- fix: content-disposition header parsing by
@climba03003
in nodejs/undici#1911- fix: remove test by
@KhafraDev
in nodejs/undici#1916- feat: add Headers.prototype.getSetCookie by
@KhafraDev
in nodejs/undici#1915- fix(headers): clone getSetCookie list & add getSetCookie type by
@KhafraDev
in nodejs/undici#1917- doc(mock): update out-of-date reply documentation by
@p9f
in nodejs/undici#1913- fix(types): add missing keepAlive params by
@SkeLLLa
in nodejs/undici#1918- Make the fetch() abort test pass locally, on Linux and Mac, Node 18/19. by
@mcollina
in nodejs/undici#1927New Contributors
@climba03003
made their first contribution in nodejs/undici#1911@p9f
made their first contribution in nodejs/undici#1913Full Changelog: https://github.com/nodejs/undici/compare/v5.18.0...v5.19.0
v5.18.0
What's Changed
- Add ability to set TCP keepalive by
@xconverge
in nodejs/undici#1904- use faster timers by
@ronag
in nodejs/undici#1908- fix: ensure header value is a string by
@ronag
in nodejs/undici#1899Full Changelog: https://github.com/nodejs/undici/compare/v5.17.1...v5.18.0
v5.17.1
What's Changed
- fix: bad buffer slice (https://github.com/nodejs/undici/commit/d2be675575512794dcd41b9683b209fc15368154)
... (truncated)
Commits
-
28b9dea
Bumped v5.20.0 -
30dafe3
feat: change headersTimeout and bodyTimeout to 300s (#1937) -
eaf4dc9
test: more logs in wpt runner (#1933) -
8b8bfa7
fix: copy cookies when cloning haders (#1936) -
eae6807
feat: Support autoSelectFamily when connecting. (#1914) -
c2387e8
fix: Allow “undefined“ as value in headers (#1929) -
f73ec63
fix: disable websocket wpts in ci :( (#1932) -
2971280
perf: improve cookie parsing performance (#1931) -
984d53b
Bumped v5.19.1 -
6c32c0f
lint fixes - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)