fix(deps): update dependency undici to v5.19.1 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
undici (source)	5.8.2 -> 5.19.1

GitHub Vulnerability Alerts

CVE-2023-23936

Impact

undici library does not protect host HTTP header from CRLF injection vulnerabilities.

Patches

This issue was patched in Undici v5.19.1.

Workarounds

Sanitize the headers.host string before passing to undici.

References

Reported at https://hackerone.com/reports/1820955.

Credits

Thank you to Zhipeng Zhang (@​timon8) for reporting this vulnerability.

CVE-2023-24807

Impact

The Headers.set() and Headers.append() methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize() utility function.

Patches

This vulnerability was patched in v5.19.1.

Workarounds

There is no workaround. Please update to an unaffected version.

References

• https://hackerone.com/bugs?report_id=1784449

Credits

Carter Snook reported this vulnerability.

---

Release Notes

nodejs/undici (undici)

v5.19.1

Compare Source

⚠️ Security Release ⚠️

• Regular Expression Denial of Service in Headers with CVE-2023-24807
• CRLF Injection in Nodejs ‘undici’ via host with CVE-2023-23936

This release is part of the Node.js security release train: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

v5.19.0

Compare Source

What's Changed

• fix(fetch): raise AbortSignal max event listeners by @​KhafraDev in https://github.com/nodejs/undici/pull/1910
• fix: content-disposition header parsing by @​climba03003 in https://github.com/nodejs/undici/pull/1911
• fix: remove test by @​KhafraDev in https://github.com/nodejs/undici/pull/1916
• feat: add Headers.prototype.getSetCookie by @​KhafraDev in https://github.com/nodejs/undici/pull/1915
• fix(headers): clone getSetCookie list & add getSetCookie type by @​KhafraDev in https://github.com/nodejs/undici/pull/1917
• doc(mock): update out-of-date reply documentation by @​p9f in https://github.com/nodejs/undici/pull/1913
• fix(types): add missing keepAlive params by @​SkeLLLa in https://github.com/nodejs/undici/pull/1918
• Make the fetch() abort test pass locally, on Linux and Mac, Node 18/19. by @​mcollina in https://github.com/nodejs/undici/pull/1927

New Contributors

• @​climba03003 made their first contribution in https://github.com/nodejs/undici/pull/1911
• @​p9f made their first contribution in https://github.com/nodejs/undici/pull/1913

Full Changelog: nodejs/undici@v5.18.0...v5.19.0

v5.18.0

Compare Source

What's Changed

• Add ability to set TCP keepalive by @​xconverge in https://github.com/nodejs/undici/pull/1904
• use faster timers by @​ronag in https://github.com/nodejs/undici/pull/1908
• fix: ensure header value is a string by @​ronag in https://github.com/nodejs/undici/pull/1899

Full Changelog: nodejs/undici@v5.17.1...v5.18.0

v5.17.1

Compare Source

What's Changed

• fix: bad buffer slice (nodejs/undici@d2be675)

Full Changelog: nodejs/undici@v5.17.0...v5.17.1

v5.17.0

Compare Source

What's Changed

• fix(wpts): Blob is a global getter in >=v19.x.x by @​KhafraDev in https://github.com/nodejs/undici/pull/1880
• doc: fix anchor links dispatcher.stream by @​RafaelGSS in https://github.com/nodejs/undici/pull/1881
• wpt: make runner more resilient by @​KhafraDev in https://github.com/nodejs/undici/pull/1884
• Make test pass in v19.x by @​mcollina in https://github.com/nodejs/undici/pull/1879
• Correct the type of DispatchOptions["headers"] by @​pan93412 in https://github.com/nodejs/undici/pull/1896
• perf(content-type parser): faster string collector by @​KhafraDev in https://github.com/nodejs/undici/pull/1894
• feat: expose content-type parser by @​KhafraDev in https://github.com/nodejs/undici/pull/1895
• fix(types): Update DispatchOptions type for missing "blocking" by @​xconverge in https://github.com/nodejs/undici/pull/1889
• fix(types): update error type definitions by @​rafaelcr in https://github.com/nodejs/undici/pull/1888
• fix: ensure connection header is a string by @​ronag in https://github.com/nodejs/undici/pull/1900
• fix: throw if invalid content-type header by @​ronag in https://github.com/nodejs/undici/pull/1901
• fix(fetch): use semicolon for Cookie header delimiter by @​KhafraDev in https://github.com/nodejs/undici/pull/1906
• Use FastBuffer by @​ronag in https://github.com/nodejs/undici/pull/1907

New Contributors

• @​pan93412 made their first contribution in https://github.com/nodejs/undici/pull/1896
• @​rafaelcr made their first contribution in https://github.com/nodejs/undici/pull/1888

Full Changelog: nodejs/undici@v5.16.0...v5.17.0

v5.16.0

Compare Source

What's Changed

• Add feature to specify custom headers for proxies by @​Sebmaster in https://github.com/nodejs/undici/pull/1877

New Contributors

• @​Sebmaster made their first contribution in https://github.com/nodejs/undici/pull/1877

Full Changelog: nodejs/undici@v5.15.2...v5.16.0

v5.15.2

Compare Source

v5.15.1

Compare Source

What's Changed

• fix(websocket): simplify typedarray copying by @​KhafraDev in https://github.com/nodejs/undici/pull/1854
• fix: wpts on node v18.13.0+ by @​KhafraDev in https://github.com/nodejs/undici/pull/1859
• perf: allow keep alive for HEAD requests by @​ronag in https://github.com/nodejs/undici/pull/1858
• fix: flaky abort test by @​KhafraDev in https://github.com/nodejs/undici/pull/1863

Full Changelog: nodejs/undici@v5.15.0...v5.15.1

v5.15.0

Compare Source

What's Changed

• [types] update ProxyAgent Options (timeout) by @​sosoba in https://github.com/nodejs/undici/pull/1801
• feat: implement websockets by @​KhafraDev in https://github.com/nodejs/undici/pull/1795
• feat(websocket): handle ping/pong frames & fix fragmented frames by @​KhafraDev in https://github.com/nodejs/undici/pull/1809
• docs: add basic fetch & company docs by @​KhafraDev in https://github.com/nodejs/undici/pull/1810
• make formdata body immutable and encode it only once by @​jimmywarting in https://github.com/nodejs/undici/pull/1814
• test: add regression test for #​1814 by @​KhafraDev in https://github.com/nodejs/undici/pull/1815
• feat(websocket): only consume necessary bytes by @​KhafraDev in https://github.com/nodejs/undici/pull/1812
• websocket: use Buffer.allocUnsafe by @​KhafraDev in https://github.com/nodejs/undici/pull/1817
• build(deps-dev): bump @​sinonjs/fake-timers from 9.1.2 to 10.0.2 by @​dependabot in https://github.com/nodejs/undici/pull/1819
• fix(websocket): deprecation warning & 64-bit unsigned int body length by @​KhafraDev in https://github.com/nodejs/undici/pull/1818
• Use nodejs.stream.destroyed symbol by @​ronag in https://github.com/nodejs/undici/pull/1816
• fetch: removal of redundant condition by @​debadree25 in https://github.com/nodejs/undici/pull/1821
• fix(request): request headers array by @​jd-carroll in https://github.com/nodejs/undici/pull/1807
• fix(websocket): validate payload length received by @​KhafraDev in https://github.com/nodejs/undici/pull/1822
• fix(websocket): run parser in loop, instead of recursively by @​KhafraDev in https://github.com/nodejs/undici/pull/1828
• fix(fetch): weaker refs by @​ronag in https://github.com/nodejs/undici/pull/1824
• websocket: add tests for opening handshake by @​KhafraDev in https://github.com/nodejs/undici/pull/1831
• websocket: add tests for constructor, close, and send by @​KhafraDev in https://github.com/nodejs/undici/pull/1832
• websocket: more test coverage by @​KhafraDev in https://github.com/nodejs/undici/pull/1833
• fix(WPTs): flaky abort test by @​KhafraDev in https://github.com/nodejs/undici/pull/1835
• wpt: add test by @​KhafraDev in https://github.com/nodejs/undici/pull/1836
• fix: don't send keep-alive if we want reset by @​ronag in https://github.com/nodejs/undici/pull/1846
• fetch: update body consume to match spec by @​KhafraDev in https://github.com/nodejs/undici/pull/1847
• feat: allow connection header in request by @​metcoder95 in https://github.com/nodejs/undici/pull/1829
• feat: add cookie parsing ability by @​KhafraDev in https://github.com/nodejs/undici/pull/1848
• fix(cookie): add docs & expose in node v16 by @​KhafraDev in https://github.com/nodejs/undici/pull/1849
• fix(cookies): work with global Headers by @​KhafraDev in https://github.com/nodejs/undici/pull/1850
• docs(Dispatcher): adjust documentation for reset flag by @​metcoder95 in https://github.com/nodejs/undici/pull/1852
• Fix broken interceptor test by @​mcollina in https://github.com/nodejs/undici/pull/1853

New Contributors

• @​sosoba made their first contribution in https://github.com/nodejs/undici/pull/1801
• @​debadree25 made their first contribution in https://github.com/nodejs/undici/pull/1821
• @​jd-carroll made their first contribution in https://github.com/nodejs/undici/pull/1807

Full Changelog: nodejs/undici@v5.14.0...v5.15.0

v5.14.0

Compare Source

What's Changed

• fetch: implement https://github.com/whatwg/fetch/pull/1544 by @​KhafraDev in https://github.com/nodejs/undici/pull/1780
• fix(fetch): set content-length header for FormData body by @​KhafraDev in https://github.com/nodejs/undici/pull/1785
• fix(fetch): parse multipart/form-data non-ASCII field names by @​repsac-by in https://github.com/nodejs/undici/pull/1786
• fix(fetch): connection is cancelled when redirecting by @​KhafraDev in https://github.com/nodejs/undici/pull/1787
• build(deps-dev): bump sinon from 14.0.2 to 15.0.0 by @​dependabot in https://github.com/nodejs/undici/pull/1788
• wpt: update response-static-error.any.js by @​KhafraDev in https://github.com/nodejs/undici/pull/1789
• fix: connect option types by @​Kaciras in https://github.com/nodejs/undici/pull/1790
• fix(fetch): send headers in the case that they were sent by @​KhafraDev in https://github.com/nodejs/undici/pull/1784
• fetch: prefer global over lazy loading by @​KhafraDev in https://github.com/nodejs/undici/pull/1793
• perf: reduce number of native calls from fetch.body by @​anonrig in https://github.com/nodejs/undici/pull/1792
• perf: improve isomorphic decode performance by @​anonrig in https://github.com/nodejs/undici/pull/1791
• More correct filereader event firing by @​KhafraDev in https://github.com/nodejs/undici/pull/1796
• build(deps-dev): bump tsd from 0.24.1 to 0.25.0 by @​dependabot in https://github.com/nodejs/undici/pull/1797
• feat(fetch): add in native File class support by @​KhafraDev in https://github.com/nodejs/undici/pull/1779
• perf: Keep weak reference to session for re-use by @​ronag in https://github.com/nodejs/undici/pull/1802

New Contributors

• @​Kaciras made their first contribution in https://github.com/nodejs/undici/pull/1790

Full Changelog: nodejs/undici@v5.13.0...v5.14.0

v5.13.0

Compare Source

What's Changed

• fix(wpt): move formdata tests to correct folder by @​KhafraDev in https://github.com/nodejs/undici/pull/1739
• fix(fetch): set Symbol.toStringTag properly on classes by @​KhafraDev in https://github.com/nodejs/undici/pull/1742
• fetch: implement isomorphic encoding by @​KhafraDev in https://github.com/nodejs/undici/pull/1741
• fetch: implement isomorphic decoding by @​KhafraDev in https://github.com/nodejs/undici/pull/1743
• fetch: update extractBody to better match spec by @​KhafraDev in https://github.com/nodejs/undici/pull/1745
• chore(docs/assets): compress image by @​Fdawgs in https://github.com/nodejs/undici/pull/1749
• feat: implement 8.2 Set request’s referrer policy on redirect by @​metcoder95 in https://github.com/nodejs/undici/pull/1717
• fetch: remove duplicate checks by @​KhafraDev in https://github.com/nodejs/undici/pull/1751
• webidl: small changes by @​KhafraDev in https://github.com/nodejs/undici/pull/1754
• webidl: add argumentLengthCheck guard by @​KhafraDev in https://github.com/nodejs/undici/pull/1755
• feat(MockInterceptor): allow async reply callbacks by @​KhafraDev in https://github.com/nodejs/undici/pull/1758
• Fix filereader types by @​KhafraDev in https://github.com/nodejs/undici/pull/1762
• types: Refine internal TS export/imports to be more robust by @​kibertoad in https://github.com/nodejs/undici/pull/1769
• fix: remove unnecessary toLowerCase by @​anonrig in https://github.com/nodejs/undici/pull/1771
• perf: simplify isValidHeaderName by @​anonrig in https://github.com/nodejs/undici/pull/1772
• fetch(HeadersList): s/has/contains by @​KhafraDev in https://github.com/nodejs/undici/pull/1775
• fix(fetch): match spec text by @​KhafraDev in https://github.com/nodejs/undici/pull/1777
• wpt: add gzip-body.any.js by @​KhafraDev in https://github.com/nodejs/undici/pull/1778
• feat: more informative error messages by @​benmccann in https://github.com/nodejs/undici/pull/1781
• perf(fetch): simplify url serializer by @​anonrig in https://github.com/nodejs/undici/pull/1774
• fix(fetch): remove unnecessary encode operation by @​anonrig in https://github.com/nodejs/undici/pull/1773
• chore(doc/fetch) update doc for fetch duplex (#​1760) by @​zizifn in https://github.com/nodejs/undici/pull/1765

New Contributors

• @​benmccann made their first contribution in https://github.com/nodejs/undici/pull/1781
• @​zizifn made their first contribution in https://github.com/nodejs/undici/pull/1765

Full Changelog: nodejs/undici@v5.12.0...v5.13.0

v5.12.0

Compare Source

This release includes significant improvements to fetch code coverage and spec compliance as well as a new option to limit response body size.

What's Changed

• feat(fetch): add Request{Init}.duplex and add WPTs by @​KhafraDev in https://github.com/nodejs/undici/pull/1681
• feat: add response WPTs by @​KhafraDev in https://github.com/nodejs/undici/pull/1684
• fix(wpt): broken test by @​KhafraDev in https://github.com/nodejs/undici/pull/1683
• feat: add in Header WPTs by @​KhafraDev in https://github.com/nodejs/undici/pull/1685
• feat(WPTs): add in idlharness.any.js test by @​KhafraDev in https://github.com/nodejs/undici/pull/1689
• feat: add all File WPTs by @​KhafraDev in https://github.com/nodejs/undici/pull/1687
• chore: fixed typos by @​TimShilov in https://github.com/nodejs/undici/pull/1695
• feat: implement spec-compliant body mixins by @​KhafraDev in https://github.com/nodejs/undici/pull/1694
• fix(fetch): use structuredClone in clone body steps by @​KhafraDev in https://github.com/nodejs/undici/pull/1697
• feat: add in fetch/api/basic WPTs by @​KhafraDev in https://github.com/nodejs/undici/pull/1698
• fix: allow cloned stream to be unref'd by @​KhafraDev in https://github.com/nodejs/undici/pull/1700
• feat: add stream-safe-creation.any.js WPT by @​KhafraDev in https://github.com/nodejs/undici/pull/1701
• feat: add minesniff WPTs by @​KhafraDev in https://github.com/nodejs/undici/pull/1702
• feat: make File's type more strict by @​KhafraDev in https://github.com/nodejs/undici/pull/1703
• fix(fetch): re-calculate iterator after each iteration by @​KhafraDev in https://github.com/nodejs/undici/pull/1706
• wpt: add scheme-blob.sub.any.js by @​KhafraDev in https://github.com/nodejs/undici/pull/1707
• wpt: add remaining fetch/api/basic tests by @​KhafraDev in https://github.com/nodejs/undici/pull/1708
• feat: add parameter to ProxyAgent options, which is type of authentication by @​oooshima in https://github.com/nodejs/undici/pull/1705
• feat: add support for localaddress by @​metcoder95 in https://github.com/nodejs/undici/pull/1659
• feat: add abort reason support by @​KhafraDev in https://github.com/nodejs/undici/pull/1686
• wpt: add remaining fetch/api tests by @​KhafraDev in https://github.com/nodejs/undici/pull/1712
• feat: implement FileReader by @​KhafraDev in https://github.com/nodejs/undici/pull/1690
• wpt: remove tests that now succeed after implementing FileReader by @​KhafraDev in https://github.com/nodejs/undici/pull/1713
• wpt: run tests in parallel (2.5x speed improvement) by @​KhafraDev in https://github.com/nodejs/undici/pull/1714
• wpt: add two tests by @​KhafraDev in https://github.com/nodejs/undici/pull/1719
• wpt: add FormData wpts by @​KhafraDev in https://github.com/nodejs/undici/pull/1722
• fetch: implement new spec changes by @​KhafraDev in https://github.com/nodejs/undici/pull/1721
• fix(fetch): set default param value for Response.json by @​KhafraDev in https://github.com/nodejs/undici/pull/1723
• fix(redirect): Ignore query config after redirection by @​IlyasShabi in https://github.com/nodejs/undici/pull/1724
• fix: accept close as message complete by @​ronag in https://github.com/nodejs/undici/pull/1726
• update llhttp to the latest version v8.1.0 by @​HassanBahati in https://github.com/nodejs/undici/pull/1718
• docs: change master to main for links in the nodejs org by @​RaisinTen in https://github.com/nodejs/undici/pull/1728
• wpt: update scheme-blob.sub.any.js by @​KhafraDev in https://github.com/nodejs/undici/pull/1731
• fix(fetch): remove terminated event listener on redirect by @​KhafraDev in https://github.com/nodejs/undici/pull/1715
• fetch: update spec by @​KhafraDev in https://github.com/nodejs/undici/pull/1732
• wpt: fail runner if expected failures don't fail by @​KhafraDev in https://github.com/nodejs/undici/pull/1736
• feat(Client): add max response size option by @​mateonunez in https://github.com/nodejs/undici/pull/1729

New Contributors

• @​TimShilov made their first contribution in https://github.com/nodejs/undici/pull/1695
• @​oooshima made their first contribution in https://github.com/nodejs/undici/pull/1705
• @​IlyasShabi made their first contribution in https://github.com/nodejs/undici/pull/1724
• @​HassanBahati made their first contribution in https://github.com/nodejs/undici/pull/1718

Full Changelog: nodejs/undici@v5.11.0...v5.12.0

v5.11.0

Compare Source

What's Changed

• feat: capture error stack traces by @​sidwebworks in https://github.com/nodejs/undici/pull/1619
• fix(fetch): hangs on a stream response with manual redirect by @​feugy in https://github.com/nodejs/undici/pull/1627
• fix(fetch): decode response body when Location is set on non-3xx response by @​GertSallaerts in https://github.com/nodejs/undici/pull/1628
• fix: circular dependencies in fetch by @​KhafraDev in https://github.com/nodejs/undici/pull/1630
• fix: Convert logical nullish assignment for backward compatibility by @​avanelli in https://github.com/nodejs/undici/pull/1625
• feat(fetch): allow setting base urls by @​KhafraDev in https://github.com/nodejs/undici/pull/1631
• feat: export some fetch utilities by @​KhafraDev in https://github.com/nodejs/undici/pull/1632
• build(deps-dev): bump jest from 28.1.3 to 29.0.2 by @​dependabot in https://github.com/nodejs/undici/pull/1635
• build(deps-dev): bump tsd from 0.22.0 to 0.23.0 by @​dependabot in https://github.com/nodejs/undici/pull/1637
• Extensible DispatchHandler by @​arontsang in https://github.com/nodejs/undici/pull/1338
• mock: use http.STATUS_CODES by @​KhafraDev in https://github.com/nodejs/undici/pull/1641
• fix(fetch): allow third-party FormData/Blob bodies by @​mrbbot in https://github.com/nodejs/undici/pull/1643
• fix(docs): MockPoolInterceptOptions.method is optional by @​KhafraDev in https://github.com/nodejs/undici/pull/1648
• docs: make examples uniform by @​Nicholaiii in https://github.com/nodejs/undici/pull/1647
• fix: Fix docs link name to PoolOptions by @​silverwind in https://github.com/nodejs/undici/pull/1651
• ci: re-enable testing in Node.js 12 by @​dominykas in https://github.com/nodejs/undici/pull/1646
• feat(fetch): better errors messages for body-mixin methods by @​KhafraDev in https://github.com/nodejs/undici/pull/1654
• build(deps-dev): bump tsd from 0.23.0 to 0.24.1 by @​dependabot in https://github.com/nodejs/undici/pull/1657
• types: remove old signature by @​KhafraDev in https://github.com/nodejs/undici/pull/1658
• feat: WPT runner by @​KhafraDev in https://github.com/nodejs/undici/pull/1662
• Flag interceptors as experimental by @​mcollina in https://github.com/nodejs/undici/pull/1667
• feat(WPTRunner): parse META tags by @​KhafraDev in https://github.com/nodejs/undici/pull/1664
• Passing correct host header to proxy in ProxyAgent by @​protometa in https://github.com/nodejs/undici/pull/1624
• feat: add support for multipart/form-data by @​cameron-robey in https://github.com/nodejs/undici/pull/1606
• feat(fetch#Request): Implements determineRequestReferrer by @​metcoder95 in https://github.com/nodejs/undici/pull/1236
• fix: multipart/form-data base64 parsing by @​repsac-by in https://github.com/nodejs/undici/pull/1668
• perf: add query parameter to benchmark by @​anonrig in https://github.com/nodejs/undici/pull/1676
• fix(fetch): multiple data: url fixes & move tests to wpt runner by @​KhafraDev in https://github.com/nodejs/undici/pull/1678
• feat(util): use node:querystring for buildURL by @​KhafraDev in https://github.com/nodejs/undici/pull/1677

New Contributors

• @​sidwebworks made their first contribution in https://github.com/nodejs/undici/pull/1619
• @​feugy made their first contribution in https://github.com/nodejs/undici/pull/1627
• @​GertSallaerts made their first contribution in https://github.com/nodejs/undici/pull/1628
• @​avanelli made their first contribution in https://github.com/nodejs/undici/pull/1625
• @​arontsang made their first contribution in https://github.com/nodejs/undici/pull/1338
• @​Nicholaiii made their first contribution in https://github.com/nodejs/undici/pull/1647
• @​silverwind made their first contribution in https://github.com/nodejs/undici/pull/1651
• @​protometa made their first contribution in https://github.com/nodejs/undici/pull/1624
• @​cameron-robey made their first contribution in https://github.com/nodejs/undici/pull/1606
• @​repsac-by made their first contribution in https://github.com/nodejs/undici/pull/1668
• @​anonrig made their first contribution in https://github.com/nodejs/undici/pull/1676

Full Changelog: nodejs/undici@v5.10.0...v5.11.0

v5.10.0

Compare Source

What's Changed

• fix(fetch): allow custom implementation of AbortSignal by @​SukkaW in https://github.com/nodejs/undici/pull/1608
• fix: make mock intercept agnostic to query key ordering by @​James1x0 in https://github.com/nodejs/undici/pull/1607
• fix: support ArrayBufferView and ArrayBuffer as body by @​LiviaMedeiros in https://github.com/nodejs/undici/pull/1584
• fix: allow third party AbortControllers by @​KhafraDev in https://github.com/nodejs/undici/pull/1609
• feat(fetch): implement spec compliant integrity checks by @​KhafraDev in https://github.com/nodejs/undici/pull/1613
• avoid body reordering on really fast lines by @​mcollina in https://github.com/nodejs/undici/pull/1615
• fix: use FinalizationRegistry compat if global is missing by @​Kikobeats in https://github.com/nodejs/undici/pull/1545

New Contributors

• @​SukkaW made their first contribution in https://github.com/nodejs/undici/pull/1608
• @​James1x0 made their first contribution in https://github.com/nodejs/undici/pull/1607

Full Changelog: nodejs/undici@v5.9.1...v5.10.0

v5.9.1

What's Changed

• fix: don't timeout while waiting for client to send request (#​1604)
• Fix array headers by @​mateonunez in https://github.com/nodejs/undici/pull/1598
• fix(fetch): implement fully read body algorithm by @​KhafraDev in https://github.com/nodejs/undici/pull/1597
• fix: add support for integrity option to Fetch by @​jelmervdl in https://github.com/nodejs/undici/pull/1596
• fix(File): respect typed array byteOffset and byteLength by @​mrbbot in https://github.com/nodejs/undici/pull/1601

New Contributors

• @​mateonunez made their first contribution in https://github.com/nodejs/undici/pull/1598
• @​jelmervdl made their first contribution in https://github.com/nodejs/undici/pull/1596
• @​mrbbot made their first contribution in https://github.com/nodejs/undici/pull/1601

Full Changelog: nodejs/undici@v5.8.2...v5.9.1

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.