Update undici dependency to 5.8.24. (#8138)

Update our undici dependency to 5.8.24 due to CVE-2024-30260.

Fixes #8132.

.changeset/cyan-pugs-buy.md

@@ -0,0 +1,9 @@
+---
+'@firebase/auth-compat': patch
+'@firebase/firestore': patch
+'@firebase/functions': patch
+'@firebase/storage': patch
+'@firebase/auth': patch
+---
+
+Update undici version to 5.28.4 due to CVE-2024-30260.

integration/messaging/package.json

@@ -15,7 +15,7 @@
     "express": "4.19.2",
     "geckodriver": "2.0.4",
     "mocha": "9.2.2",
-    "undici": "5.28.3",
+    "undici": "5.28.4",
     "selenium-assistant": "6.1.1"
   }
 }

package.json

@@ -153,7 +153,7 @@
     "tslint": "6.1.3",
     "typedoc": "0.16.11",
     "typescript": "4.7.4",
-    "undici": "5.28.3",
+    "undici": "5.28.4",
     "watch": "1.0.2",
     "webpack": "5.76.0",
     "yargs": "17.7.2"

packages/auth-compat/package.json

@@ -54,7 +54,7 @@
     "@firebase/auth-types": "0.12.1",
     "@firebase/component": "0.6.6",
     "@firebase/util": "1.9.5",
-    "undici": "5.28.3",
+    "undici": "5.28.4",
     "tslib": "^2.1.0"
   },
   "license": "Apache-2.0",

packages/auth/package.json

@@ -129,7 +129,7 @@
     "@firebase/component": "0.6.6",
     "@firebase/logger": "0.4.1",
     "@firebase/util": "1.9.5",
-    "undici": "5.28.3",
+    "undici": "5.28.4",
     "tslib": "^2.1.0"
   },
   "license": "Apache-2.0",

packages/firestore/package.json

@@ -102,7 +102,7 @@
     "@firebase/webchannel-wrapper": "0.10.6",
     "@grpc/grpc-js": "~1.9.0",
     "@grpc/proto-loader": "^0.7.8",
-    "undici": "5.28.3",
+    "undici": "5.28.4",
     "tslib": "^2.1.0"
   },
   "peerDependencies": {

packages/functions/package.json

@@ -71,7 +71,7 @@
     "@firebase/auth-interop-types": "0.2.2",
     "@firebase/app-check-interop-types": "0.3.1",
     "@firebase/util": "1.9.5",
-    "undici": "5.28.3",
+    "undici": "5.28.4",
     "tslib": "^2.1.0"
   },
   "nyc": {

packages/storage/package.json

@@ -48,7 +48,7 @@
   "dependencies": {
     "@firebase/util": "1.9.5",
     "@firebase/component": "0.6.6",
-    "undici": "5.28.3",
+    "undici": "5.28.4",
     "tslib": "^2.1.0"
   },
   "peerDependencies": {

repo-scripts/changelog-generator/package.json

@@ -20,7 +20,7 @@
     "@changesets/types": "3.3.0",
     "@changesets/get-github-info": "0.5.2",
     "@types/node": "20.8.10",
-    "undici": "5.28.3"
+    "undici": "5.28.4"
   },
   "license": "Apache-2.0",
   "devDependencies": {

yarn.lock

@@ -17501,10 +17501,10 @@ undici-types@~5.26.4:
   resolved "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617"
   integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==
 
-undici@5.28.3:
-  version "5.28.3"
-  resolved "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz#a731e0eff2c3fcfd41c1169a869062be222d1e5b"
-  integrity sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA==
+undici@5.28.4:
+  version "5.28.4"
+  resolved "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068"
+  integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==
   dependencies:
     "@fastify/busboy" "^2.0.0"