fix: updates undici to keep up with latest security release #1099

asciidisco · 2024-04-14T12:12:40Z

Updates undici to keep up with latest security related release of the 5.x.x. version branch, see undici release info for more information.

npm audit output:

undici  <=5.28.3
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline - https://github.com/advisories/GHSA-m4v8-wqvr-p9f7
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - https://github.com/advisories/GHSA-9qxr-qj54-h672

mcollina

I'm not sure why it's not ranged.

package.json

asciidisco · 2024-04-14T20:09:35Z

@mcollina Thanks. Yeah, as it wasn't ranged I did not want to re-introduce that. I think you pinned it because of the Node 16 compat with this commit

You know unidici way better than I do, but I believe it's semver at the heart, so ranging should be fine.

fix: updates undici to keep up with latest security release

0302070

asciidisco added the dependencies Pull requests that update a dependency file label Apr 14, 2024

mcollina approved these changes Apr 14, 2024

View reviewed changes

package.json Outdated Show resolved Hide resolved

Update package.json

6a89c12

mcollina merged commit e9873db into mercurius-js:master Apr 22, 2024
10 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: updates undici to keep up with latest security release #1099

fix: updates undici to keep up with latest security release #1099

asciidisco commented Apr 14, 2024

mcollina left a comment

asciidisco commented Apr 14, 2024

fix: updates undici to keep up with latest security release #1099

fix: updates undici to keep up with latest security release #1099

Conversation

asciidisco commented Apr 14, 2024

mcollina left a comment

Choose a reason for hiding this comment

asciidisco commented Apr 14, 2024