chore(deps-dev): bump undici from 5.27.2 to 5.28.4 by dependabot[bot] · Pull Request #272 · npm/npm-cli-release-please

dependabot · 2024-04-04T16:45:53Z

Bumps undici from 5.27.2 to 5.28.4.

Release notes

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

New Contributors

@bugb made their first contribution in nodejs/undici#2470

@gebsh made their first contribution in nodejs/undici#2455

@ToshB made their first contribution in nodejs/undici#2477

@MzUgM made their first contribution in nodejs/undici#2478

@matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

perf: Improve normalizeMethod by @tsctx in nodejs/undici#2456

fix: dispatch error handling by @ronag in nodejs/undici#2459

... (truncated)

Commits

fb98306 Bumped v5.28.4
2b39440 Merge pull request from GHSA-9qxr-qj54-h672
64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
0e9d54b skip failing test due to Node.js changes
e71cb4c Bumped v5.28.3
20c65b8 Fix tests for Node.js v20.11.0 (#2618)
8ec52cd Fix tests for Node.js v21 (#2609)
d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
9a14e5f Bumped v5.28.2
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [undici](https://github.com/nodejs/undici) from 5.27.2 to 5.28.4. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.27.2...v5.28.4) --- updated-dependencies: - dependency-name: undici dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

@wraithgar

🤖 I have created a release *beep* *boop* --- <details><summary>5.0.0-pre.0</summary> ## [5.0.0-pre.0](v4.0.4...v5.0.0-pre.0) (2024-11-22) ### ⚠️ BREAKING CHANGES * this has a main that you can require now ### Features * [`8c2d387`](8c2d387) [#280](#280) add main declaraion (#280) (@wraithgar) * [`f94f978`](f94f978) [#245](#245) touch root (@lukekarrys) ### Bug Fixes * [`055cbd3`](055cbd3) no pre (@lukekarrys) ### Chores * [`c229f86`](c229f86) [#277](#277) prerelease with number? (#277) (@wraithgar) * [`e93ce0c`](e93ce0c) update template-oss (@lukekarrys) * [`ecdadb0`](ecdadb0) [#272](#272) deps-dev: bump undici from 5.27.2 to 5.28.4 (#272) (@dependabot[bot]) * [`540f354`](540f354) update template-oss (@lukekarrys) * [`2852114`](2852114) prerelease (@lukekarrys) * [`8bdee7d`](8bdee7d) update template-oss (@lukekarrys) * [`b020bd0`](b020bd0) update template-oss (@lukekarrys) * [`16cc199`](16cc199) [#271](#271) deps-dev: bump ip from 2.0.0 to 2.0.1 (#271) (@dependabot[bot]) * [`9b856b0`](9b856b0) update config (@lukekarrys) * [`0687383`](0687383) [#274](#274) postinstall for dependabot template-oss PR (#274) (@lukekarrys) ### Dependencies * The following workspace dependencies were updated * dependencies * pkg1 bumped from ^6.0.4 to ^6.0.5-pre.0 * pkg2 bumped from ^5.0.4 to ^5.0.5-pre.0 </details> <details><summary>pkg1: 6.0.5-pre.0</summary> ## [6.0.5-pre.0](pkg1-v6.0.4...pkg1-v6.0.5-pre.0) (2024-11-22) ### Bug Fixes * [`7b11a09`](7b11a09) [#245](#245) touch pkg1 (@lukekarrys) ### Chores * [`e93ce0c`](e93ce0c) update template-oss (@lukekarrys) * [`540f354`](540f354) update template-oss (@lukekarrys) * [`8bdee7d`](8bdee7d) update template-oss (@lukekarrys) * [`b020bd0`](b020bd0) update template-oss (@lukekarrys) ### Dependencies * The following workspace dependencies were updated * devDependencies * pkg2 bumped from ^5.0.4 to ^5.0.5-pre.0 </details> <details><summary>pkg2: 5.0.5-pre.0</summary> ## [5.0.5-pre.0](pkg2-v5.0.4...pkg2-v5.0.5-pre.0) (2024-11-22) ### Bug Fixes * [`527dc8b`](527dc8b) update pk2 only (@lukekarrys) ### Chores * [`e93ce0c`](e93ce0c) update template-oss (@lukekarrys) * [`540f354`](540f354) update template-oss (@lukekarrys) * [`8bdee7d`](8bdee7d) update template-oss (@lukekarrys) * [`b020bd0`](b020bd0) update template-oss (@lukekarrys) ### Dependencies * The following workspace dependencies were updated * dependencies * @npmcli/pkg3 bumped from ^4.0.3 to ^4.0.4-pre.0 </details> <details><summary>pkg3: 4.0.4-pre.0</summary> ## [4.0.4-pre.0](pkg3-v4.0.3...pkg3-v4.0.4-pre.0) (2024-11-22) ### Bug Fixes * [`46b4f5f`](46b4f5f) pkg 3 update (@lukekarrys) ### Chores * [`e93ce0c`](e93ce0c) update template-oss (@lukekarrys) * [`540f354`](540f354) update template-oss (@lukekarrys) * [`8bdee7d`](8bdee7d) update template-oss (@lukekarrys) * [`b020bd0`](b020bd0) update template-oss (@lukekarrys) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).

dependabot bot requested a review from lukekarrys as a code owner April 4, 2024 16:45

dependabot bot added the Dependencies label Apr 4, 2024

dependabot bot mentioned this pull request Apr 4, 2024

chore(deps-dev): bump undici from 5.27.2 to 5.28.3 #270

Closed

dependabot bot force-pushed the dependabot/npm_and_yarn/undici-5.28.4 branch 2 times, most recently from 05c7995 to dc1b529 Compare April 15, 2024 19:11

dependabot bot force-pushed the dependabot/npm_and_yarn/undici-5.28.4 branch from dc1b529 to db512ea Compare May 2, 2024 04:04

lukekarrys merged commit ecdadb0 into main May 2, 2024

lukekarrys deleted the dependabot/npm_and_yarn/undici-5.28.4 branch May 2, 2024 04:38

lukekarrys mentioned this pull request May 3, 2024

chore: release 4.1.0 #246

Closed

This was referenced Aug 22, 2024

chore: release 4.1.0 #275

Closed

chore: release 4.1.0 #276

Closed

This was referenced Nov 22, 2024

chore: release 5.0.0-pre.0 #279

Closed

chore: release 5.0.0-pre.0 #281

Merged

This was referenced Nov 22, 2024

chore: release 5.0.0-pre.0 #282

Closed

chore: release 5.0.0-pre.1 #283

Closed

wraithgar mentioned this pull request Dec 9, 2024

chore: release 5.0.0 #286

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump undici from 5.27.2 to 5.28.4#272

chore(deps-dev): bump undici from 5.27.2 to 5.28.4#272
lukekarrys merged 1 commit intomainfrom
dependabot/npm_and_yarn/undici-5.28.4

dependabot bot commented on behalf of github Apr 4, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 4, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.28.4

⚠️ Security Release ⚠️

v5.28.3

⚠️ Security Release ⚠️

v5.28.2

What's Changed

New Contributors

v5.28.1

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Apr 4, 2024 •

edited

Loading