-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency undici to v5.28.3 [SECURITY] - abandoned #4905
Conversation
|
Doesn't seem to affect since we're using Imo it's suspicious that the CI is failing because the compiler can't be downloaded. I'll wait a couple hours and retry |
a4e7de4
to
b8f8f85
Compare
b8f8f85
to
6194a42
Compare
6194a42
to
ce80837
Compare
ce80837
to
21fdf1a
Compare
There are a couple of updates. Retrying the CI. |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
This PR contains the following updates:
5.26.2
->5.28.3
GitHub Vulnerability Alerts
CVE-2024-24758
Impact
Undici already cleared Authorization headers on cross-origin redirects, but did not clear
Proxy-Authorization
headers.Patches
This is patched in v5.28.3 and v6.6.1
Workarounds
There are no known workarounds.
References
Release Notes
nodejs/undici (undici)
v5.28.3
Compare Source
Details on the vulnerabilities fixed will be shared in the next couple of days.
Full Changelog: nodejs/undici@v5.28.2...v5.28.3
v5.28.2
Compare Source
What's Changed
node:
prefix by @tsctx in https://github.com/nodejs/undici/pull/2471null
type tosignal
inRequestInit
by @gebsh in https://github.com/nodejs/undici/pull/2455New Contributors
Full Changelog: nodejs/undici@v5.28.1...v5.28.2
v5.28.1
Compare Source
What's Changed
normalizeMethod
by @tsctx in https://github.com/nodejs/undici/pull/2456Full Changelog: nodejs/undici@v5.28.0...v5.28.1
v5.28.0
Compare Source
What's Changed
substring
instead ofsubstr
by @tsctx in https://github.com/nodejs/undici/pull/2411Headers#set
correctly by @tsctx in https://github.com/nodejs/undici/pull/2432Headers#delete
correctly by @tsctx in https://github.com/nodejs/undici/pull/2430onHeaders
type declaration by @tsctx in https://github.com/nodejs/undici/pull/2444path
matching inintercept()
by @oliversalzburg in https://github.com/nodejs/undici/pull/2426New Contributors
Full Changelog: nodejs/undici@v5.27.2...v5.28.0
v5.27.2
Compare Source
Full Changelog: nodejs/undici@v5.27.1...v5.27.2
v5.27.1
Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v5.27.0...v5.27.1
v5.27.0
Compare Source
What's Changed
Full Changelog: nodejs/undici@v5.26.5...v5.27.0
v5.26.5
Compare Source
What's Changed
Full Changelog: nodejs/undici@v5.26.4...v5.26.5
v5.26.4
Compare Source
What's Changed
New Contributors
Full Changelog: nodejs/undici@v5.26.3...v5.26.4
v5.26.3
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.