build(deps-dev): bump sinon from 15.2.0 to 16.1.0 #2312
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [sinon](https://github.com/sinonjs/sinon) from 15.2.0 to 16.1.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v15.2.0...v16.1.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
kodiakhq bot
pushed a commit
to X-oss-byte/Canary-nextjs
that referenced
this pull request
Oct 11, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.25.4` -> `5.26.0`](https://renovatebot.com/diffs/npm/undici/5.25.4/5.26.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.26.0`](https://togithub.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://togithub.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2309 - change default header to `node` by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2310 - chore: change order of the pseudo-headers by [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) in [nodejs/undici#2308 - fix: Agent.Options.factory should accept URL object or string as parameter by [@​nicole0707](https://togithub.com/nicole0707) in [nodejs/undici#2295 - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2312 - test: handle npm ignore-scripts settings by [@​panva](https://togithub.com/panva) in [nodejs/undici#2313 - feat: respect `--max-http-header-size` Node.js flag by [@​balazsorban44](https://togithub.com/balazsorban44) in [nodejs/undici#2234 - fix([#​2311](https://togithub.com/nodejs/undici/issues/2311)): End stream after body sent by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2314 - disallow setting host header in fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2322 - \[StepSecurity] ci: Harden GitHub Actions by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2325 - fix fetch with coverage enabled by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2330 - Fix stuck when using http2 POST Buffer by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2336 - fix: 🏷️ add allowH2 to BuildOptions by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2334 - fix: 🐛 fix process http2 header by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2332 #### New Contributors - [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) made their first contribution in [nodejs/undici#2308 - [@​nicole0707](https://togithub.com/nicole0707) made their first contribution in [nodejs/undici#2295 - [@​balazsorban44](https://togithub.com/balazsorban44) made their first contribution in [nodejs/undici#2234 - [@​binsee](https://togithub.com/binsee) made their first contribution in [nodejs/undici#2336 **Full Changelog**: nodejs/undici@v5.23.4...v5.26.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/X-oss-byte/Canary-nextjs).
kodiakhq bot
pushed a commit
to X-oss-byte/Nextjs
that referenced
this pull request
Oct 11, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.25.4` -> `5.26.0`](https://renovatebot.com/diffs/npm/undici/5.25.4/5.26.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.26.0`](https://togithub.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://togithub.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2309 - change default header to `node` by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2310 - chore: change order of the pseudo-headers by [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) in [nodejs/undici#2308 - fix: Agent.Options.factory should accept URL object or string as parameter by [@​nicole0707](https://togithub.com/nicole0707) in [nodejs/undici#2295 - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2312 - test: handle npm ignore-scripts settings by [@​panva](https://togithub.com/panva) in [nodejs/undici#2313 - feat: respect `--max-http-header-size` Node.js flag by [@​balazsorban44](https://togithub.com/balazsorban44) in [nodejs/undici#2234 - fix([#​2311](https://togithub.com/nodejs/undici/issues/2311)): End stream after body sent by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2314 - disallow setting host header in fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2322 - \[StepSecurity] ci: Harden GitHub Actions by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2325 - fix fetch with coverage enabled by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2330 - Fix stuck when using http2 POST Buffer by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2336 - fix: 🏷️ add allowH2 to BuildOptions by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2334 - fix: 🐛 fix process http2 header by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2332 #### New Contributors - [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) made their first contribution in [nodejs/undici#2308 - [@​nicole0707](https://togithub.com/nicole0707) made their first contribution in [nodejs/undici#2295 - [@​balazsorban44](https://togithub.com/balazsorban44) made their first contribution in [nodejs/undici#2234 - [@​binsee](https://togithub.com/binsee) made their first contribution in [nodejs/undici#2336 **Full Changelog**: nodejs/undici@v5.23.4...v5.26.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/X-oss-byte/Nextjs).
kfcampbell
pushed a commit
to octokit/rest.js
that referenced
this pull request
Oct 16, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.22.1` -> `5.26.2`](https://renovatebot.com/diffs/npm/undici/5.22.1/5.26.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-45143](https://togithub.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp) ### Impact Undici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. ### Patches This was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://togithub.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2. --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.26.2`](https://togithub.com/nodejs/undici/releases/tag/v5.26.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.1...v5.26.2) Security Release, CVE-2023-45143. ### [`v5.26.1`](https://togithub.com/nodejs/undici/releases/tag/v5.26.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.0...v5.26.1) #### What's Changed - Fix publish undici-types once and for all! by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2338 - Fix node detection omfg by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2341 **Full Changelog**: nodejs/undici@v5.26.0...v5.26.1 ### [`v5.26.0`](https://togithub.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://togithub.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2309 - change default header to `node` by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2310 - chore: change order of the pseudo-headers by [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) in [nodejs/undici#2308 - fix: Agent.Options.factory should accept URL object or string as parameter by [@​nicole0707](https://togithub.com/nicole0707) in [nodejs/undici#2295 - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2312 - test: handle npm ignore-scripts settings by [@​panva](https://togithub.com/panva) in [nodejs/undici#2313 - feat: respect `--max-http-header-size` Node.js flag by [@​balazsorban44](https://togithub.com/balazsorban44) in [nodejs/undici#2234 - fix([#​2311](https://togithub.com/nodejs/undici/issues/2311)): End stream after body sent by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2314 - disallow setting host header in fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2322 - \[StepSecurity] ci: Harden GitHub Actions by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2325 - fix fetch with coverage enabled by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2330 - Fix stuck when using http2 POST Buffer by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2336 - fix: 🏷️ add allowH2 to BuildOptions by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2334 - fix: 🐛 fix process http2 header by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2332 #### New Contributors - [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) made their first contribution in [nodejs/undici#2308 - [@​nicole0707](https://togithub.com/nicole0707) made their first contribution in [nodejs/undici#2295 - [@​balazsorban44](https://togithub.com/balazsorban44) made their first contribution in [nodejs/undici#2234 - [@​binsee](https://togithub.com/binsee) made their first contribution in [nodejs/undici#2336 **Full Changelog**: nodejs/undici@v5.23.4...v5.26.0 ### [`v5.25.4`](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) ### [`v5.25.3`](https://togithub.com/nodejs/undici/releases/tag/v5.25.3) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.2...v5.25.3) #### What's Changed - perf: improve parse-url implementation by [@​anonrig](https://togithub.com/anonrig) in [nodejs/undici#2286 - test: enable websockets inclusion in WPTReport by [@​panva](https://togithub.com/panva) in [nodejs/undici#2284 - remove npm run test from pre-commit hook by [@​dancastillo](https://togithub.com/dancastillo) in [nodejs/undici#2296 - perf: use [@​fastify/busboy](https://togithub.com/fastify/busboy) by [@​gurgunday](https://togithub.com/gurgunday) in [nodejs/undici#2211 - Disable finalizationregistry if node code cov by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2298 #### New Contributors - [@​gurgunday](https://togithub.com/gurgunday) made their first contribution in [nodejs/undici#2211 **Full Changelog**: nodejs/undici@v5.25.2...v5.25.3 ### [`v5.25.2`](https://togithub.com/nodejs/undici/releases/tag/v5.25.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.1...v5.25.2) #### What's Changed - Add Khaf to releasers by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2276 - fix: fix request with readable mode is object by [@​killagu](https://togithub.com/killagu) in [nodejs/undici#2279 - fix loading websockets when node is built w/ --without-ssl by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2282 #### New Contributors - [@​killagu](https://togithub.com/killagu) made their first contribution in [nodejs/undici#2279 **Full Changelog**: nodejs/undici@v5.25.1...v5.25.2 ### [`v5.25.1`](https://togithub.com/nodejs/undici/releases/tag/v5.25.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.0...v5.25.1) #### What's Changed - Add publish types script by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2273 **Full Changelog**: nodejs/undici@v5.25.0...v5.25.1 ### [`v5.25.0`](https://togithub.com/nodejs/undici/releases/tag/v5.25.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.24.0...v5.25.0) #### What's Changed - fix: h2 without body by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2258 - ci: remove duplicated runs by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2265 - improve documentation of timeouts by making the units clear in all places by [@​mcfedr](https://togithub.com/mcfedr) in [nodejs/undici#2266 - expose websocket in node bundle by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2217 - test: fix Fetch/HTTP2 tests by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2263 - fix undici when node is built with --without-ssl by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2272 - fix: Fix type definition for Client Interceptors by [@​ComradeCow](https://togithub.com/ComradeCow) in [nodejs/undici#2269 - Fix http2 agent by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2275 #### New Contributors - [@​ComradeCow](https://togithub.com/ComradeCow) made their first contribution in [nodejs/undici#2269 **Full Changelog**: nodejs/undici@v5.24.0...v5.25.0 ### [`v5.24.0`](https://togithub.com/nodejs/undici/releases/tag/v5.24.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.23.0...v5.24.0) #### Notable Changes - feat: Add H2 support by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2061 #### What's Changed - build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2203 - better stack trace for body.json by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2215 - allow http & https websocket urls by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2218 - build(deps-dev): bump [@​sinonjs/fake-timers](https://togithub.com/sinonjs/fake-timers) from 10.3.0 to 11.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2221 - fix: pass ProxyAgent proxy status code error by [@​NBNGaming](https://togithub.com/NBNGaming) in [nodejs/undici#2162 - fix failing test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2223 - docs: update MockPool.md intercept method description by [@​capaj](https://togithub.com/capaj) in [nodejs/undici#2220 - Update wpts by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2226 - build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2240 - build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2237 - build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to 3.9.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2236 - build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2241 - build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2238 - fix: aborting request with non-object error by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2243 - fix: preserve file path when parsing formdata by [@​jimmywarting](https://togithub.com/jimmywarting) in [nodejs/undici#2245 - build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2246 - Updated benchmarks by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2250 - Fix fetch in node v20.6.0 by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2251 - Maybe fix v20 by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2252 - feat: Add H2 support by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2061 - docs: fix tables in README by [@​regseb](https://togithub.com/regseb) in [nodejs/undici#2254 - Fix http2 fetch test by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2253 #### New Contributors - [@​NBNGaming](https://togithub.com/NBNGaming) made their first contribution in [nodejs/undici#2162 - [@​capaj](https://togithub.com/capaj) made their first contribution in [nodejs/undici#2220 - [@​regseb](https://togithub.com/regseb) made their first contribution in [nodejs/undici#2254 **Full Changelog**: nodejs/undici@v5.23.0...v5.24.0 ### [`v5.23.0`](https://togithub.com/nodejs/undici/releases/tag/v5.23.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.22.1...v5.23.0) #### What's Changed - bump engines to node >= 16 by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#2119 - Revert "bump engines to node >= 16 ([#​2119](https://togithub.com/nodejs/undici/issues/2119))" by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#2121 - fetch: set referrer properly by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2125 - fix: support truncated gzip by [@​jimmywarting](https://togithub.com/jimmywarting) in [nodejs/undici#2126 - workflow: apply security best practices by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2130 - build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2135 - build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2133 - build(deps): bump node from 18-alpine to 20-alpine in /build by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2131 - build(deps): bump pkgjs/action from 0.1.6 to 0.1.7 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2136 - build(deps): bump actions/checkout from 3.1.0 to 3.5.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2132 - build(deps-dev): bump jsdom from 21.1.2 to 22.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2142 - build(deps): bump fastify/github-action-merge-dependabot from 3.7.0 to 3.8.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2148 - fix(pr): use correct pr template file by [@​AugustinMauroy](https://togithub.com/AugustinMauroy) in [nodejs/undici#2141 - Additional WebSocket send tests to cover all payload size categories by [@​jawj](https://togithub.com/jawj) in [nodejs/undici#2149 - fix: reverse decompression order of "Content-Encoding" encodings (fixes [#​2158](https://togithub.com/nodejs/undici/issues/2158)) by [@​rychkog](https://togithub.com/rychkog) in [nodejs/undici#2159 - fix: keep running WPTs if a test times out by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2165 - feat: add build environment info by [@​mhdawson](https://togithub.com/mhdawson) in [nodejs/undici#2168 - fix: forward error reason to fetch controller by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2172 - stricter types for bodymixin.json by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2181 - chore: Renable autoSelectFamily tests. by [@​ShogunPanda](https://togithub.com/ShogunPanda) in [nodejs/undici#2180 - build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2147 - build(deps): bump github/codeql-action from 2.3.2 to 2.20.3 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2185 - fix: fetch resource timing performance entry names should be strings by [@​GaryWilber](https://togithub.com/GaryWilber) in [nodejs/undici#2188 - build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2176 - build(deps): bump fastify/github-action-merge-dependabot from 3.8.0 to 3.9.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2177 - build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2178 - build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2175 - test: fix `autoselectfamily` on platforms without IPv6 support by [@​LiviaMedeiros](https://togithub.com/LiviaMedeiros) in [nodejs/undici#2197 - fix: make multipart/form-data boundary string more consistent by [@​LiviaMedeiros](https://togithub.com/LiviaMedeiros) in [nodejs/undici#2196 - docs: add proxy agent options docs by [@​dancastillo](https://togithub.com/dancastillo) in [nodejs/undici#2193 - build(deps): bump github/codeql-action from 2.20.3 to 2.21.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2205 - feat: make use of `addAbortListener` where applicable by [@​atlowChemi](https://togithub.com/atlowChemi) in [nodejs/undici#2195 #### New Contributors - [@​step-security-bot](https://togithub.com/step-security-bot) made their first contribution in [nodejs/undici#2130 - [@​AugustinMauroy](https://togithub.com/AugustinMauroy) made their first contribution in [nodejs/undici#2141 - [@​rychkog](https://togithub.com/rychkog) made their first contribution in [nodejs/undici#2159 - [@​mhdawson](https://togithub.com/mhdawson) made their first contribution in [nodejs/undici#2168 - [@​GaryWilber](https://togithub.com/GaryWilber) made their first contribution in [nodejs/undici#2188 - [@​atlowChemi](https://togithub.com/atlowChemi) made their first contribution in [nodejs/undici#2195 **Full Changelog**: nodejs/undici@v5.22.1...v5.23.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/octokit/rest.js). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot
added a commit
to specfy/specfy
that referenced
this pull request
Oct 16, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.23.0` -> `5.26.2`](https://renovatebot.com/diffs/npm/undici/5.23.0/5.26.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-45143](https://togithub.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp) ### Impact Undici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. ### Patches This was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://togithub.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2. --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.26.2`](https://togithub.com/nodejs/undici/releases/tag/v5.26.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.1...v5.26.2) Security Release, CVE-2023-45143. ### [`v5.26.1`](https://togithub.com/nodejs/undici/releases/tag/v5.26.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.0...v5.26.1) #### What's Changed - Fix publish undici-types once and for all! by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2338 - Fix node detection omfg by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2341 **Full Changelog**: nodejs/undici@v5.26.0...v5.26.1 ### [`v5.26.0`](https://togithub.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://togithub.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2309 - change default header to `node` by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2310 - chore: change order of the pseudo-headers by [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) in [nodejs/undici#2308 - fix: Agent.Options.factory should accept URL object or string as parameter by [@​nicole0707](https://togithub.com/nicole0707) in [nodejs/undici#2295 - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2312 - test: handle npm ignore-scripts settings by [@​panva](https://togithub.com/panva) in [nodejs/undici#2313 - feat: respect `--max-http-header-size` Node.js flag by [@​balazsorban44](https://togithub.com/balazsorban44) in [nodejs/undici#2234 - fix([#​2311](https://togithub.com/nodejs/undici/issues/2311)): End stream after body sent by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2314 - disallow setting host header in fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2322 - \[StepSecurity] ci: Harden GitHub Actions by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2325 - fix fetch with coverage enabled by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2330 - Fix stuck when using http2 POST Buffer by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2336 - fix: 🏷️ add allowH2 to BuildOptions by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2334 - fix: 🐛 fix process http2 header by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2332 #### New Contributors - [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) made their first contribution in [nodejs/undici#2308 - [@​nicole0707](https://togithub.com/nicole0707) made their first contribution in [nodejs/undici#2295 - [@​balazsorban44](https://togithub.com/balazsorban44) made their first contribution in [nodejs/undici#2234 - [@​binsee](https://togithub.com/binsee) made their first contribution in [nodejs/undici#2336 **Full Changelog**: nodejs/undici@v5.23.4...v5.26.0 ### [`v5.25.4`](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) ### [`v5.25.3`](https://togithub.com/nodejs/undici/releases/tag/v5.25.3) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.2...v5.25.3) #### What's Changed - perf: improve parse-url implementation by [@​anonrig](https://togithub.com/anonrig) in [nodejs/undici#2286 - test: enable websockets inclusion in WPTReport by [@​panva](https://togithub.com/panva) in [nodejs/undici#2284 - remove npm run test from pre-commit hook by [@​dancastillo](https://togithub.com/dancastillo) in [nodejs/undici#2296 - perf: use [@​fastify/busboy](https://togithub.com/fastify/busboy) by [@​gurgunday](https://togithub.com/gurgunday) in [nodejs/undici#2211 - Disable finalizationregistry if node code cov by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2298 #### New Contributors - [@​gurgunday](https://togithub.com/gurgunday) made their first contribution in [nodejs/undici#2211 **Full Changelog**: nodejs/undici@v5.25.2...v5.25.3 ### [`v5.25.2`](https://togithub.com/nodejs/undici/releases/tag/v5.25.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.1...v5.25.2) #### What's Changed - Add Khaf to releasers by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2276 - fix: fix request with readable mode is object by [@​killagu](https://togithub.com/killagu) in [nodejs/undici#2279 - fix loading websockets when node is built w/ --without-ssl by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2282 #### New Contributors - [@​killagu](https://togithub.com/killagu) made their first contribution in [nodejs/undici#2279 **Full Changelog**: nodejs/undici@v5.25.1...v5.25.2 ### [`v5.25.1`](https://togithub.com/nodejs/undici/releases/tag/v5.25.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.0...v5.25.1) #### What's Changed - Add publish types script by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2273 **Full Changelog**: nodejs/undici@v5.25.0...v5.25.1 ### [`v5.25.0`](https://togithub.com/nodejs/undici/releases/tag/v5.25.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.24.0...v5.25.0) #### What's Changed - fix: h2 without body by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2258 - ci: remove duplicated runs by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2265 - improve documentation of timeouts by making the units clear in all places by [@​mcfedr](https://togithub.com/mcfedr) in [nodejs/undici#2266 - expose websocket in node bundle by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2217 - test: fix Fetch/HTTP2 tests by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2263 - fix undici when node is built with --without-ssl by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2272 - fix: Fix type definition for Client Interceptors by [@​ComradeCow](https://togithub.com/ComradeCow) in [nodejs/undici#2269 - Fix http2 agent by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2275 #### New Contributors - [@​ComradeCow](https://togithub.com/ComradeCow) made their first contribution in [nodejs/undici#2269 **Full Changelog**: nodejs/undici@v5.24.0...v5.25.0 ### [`v5.24.0`](https://togithub.com/nodejs/undici/releases/tag/v5.24.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.23.0...v5.24.0) #### Notable Changes - feat: Add H2 support by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2061 #### What's Changed - build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2203 - better stack trace for body.json by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2215 - allow http & https websocket urls by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2218 - build(deps-dev): bump [@​sinonjs/fake-timers](https://togithub.com/sinonjs/fake-timers) from 10.3.0 to 11.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2221 - fix: pass ProxyAgent proxy status code error by [@​NBNGaming](https://togithub.com/NBNGaming) in [nodejs/undici#2162 - fix failing test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2223 - docs: update MockPool.md intercept method description by [@​capaj](https://togithub.com/capaj) in [nodejs/undici#2220 - Update wpts by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2226 - build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2240 - build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2237 - build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to 3.9.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2236 - build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2241 - build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2238 - fix: aborting request with non-object error by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2243 - fix: preserve file path when parsing formdata by [@​jimmywarting](https://togithub.com/jimmywarting) in [nodejs/undici#2245 - build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2246 - Updated benchmarks by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2250 - Fix fetch in node v20.6.0 by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2251 - Maybe fix v20 by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2252 - feat: Add H2 support by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2061 - docs: fix tables in README by [@​regseb](https://togithub.com/regseb) in [nodejs/undici#2254 - Fix http2 fetch test by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2253 #### New Contributors - [@​NBNGaming](https://togithub.com/NBNGaming) made their first contribution in [nodejs/undici#2162 - [@​capaj](https://togithub.com/capaj) made their first contribution in [nodejs/undici#2220 - [@​regseb](https://togithub.com/regseb) made their first contribution in [nodejs/undici#2254 **Full Changelog**: nodejs/undici@v5.23.0...v5.24.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/specfy/specfy). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMTkuMiIsInRhcmdldEJyYW5jaCI6ImNob3JlL3Jlbm92YXRlQmFzZUJyYW5jaCJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
kodiakhq bot
pushed a commit
to ascorbic/unpic-img
that referenced
this pull request
Nov 12, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.25.4` -> `5.27.2`](https://renovatebot.com/diffs/npm/undici/5.25.4/5.27.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.27.2`](https://togithub.com/nodejs/undici/releases/tag/v5.27.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.27.1...v5.27.2) **Full Changelog**: nodejs/undici@v5.27.1...v5.27.2 ### [`v5.27.1`](https://togithub.com/nodejs/undici/releases/tag/v5.27.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.27.0...v5.27.1) #### What's Changed - add regression test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2376 - fix: define conditions when content-length should be sent by [@​pxue](https://togithub.com/pxue) in [nodejs/undici#2305 - refactor: removed unnecessary default by [@​nikelborm](https://togithub.com/nikelborm) in [nodejs/undici#2381 - fix: stream body handling by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#2391 #### New Contributors - [@​pxue](https://togithub.com/pxue) made their first contribution in [nodejs/undici#2305 - [@​nikelborm](https://togithub.com/nikelborm) made their first contribution in [nodejs/undici#2381 **Full Changelog**: nodejs/undici@v5.27.0...v5.27.1 ### [`v5.27.0`](https://togithub.com/nodejs/undici/releases/tag/v5.27.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.5...v5.27.0) #### What's Changed - Use sets and reusable TextEncoder/TextDecoder instances by [@​kibertoad](https://togithub.com/kibertoad) in [nodejs/undici#2368 - feat: forward onRequestSent to handler by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#2375 - skip bundle test on node 16 by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2377 - fix windows CI by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2379 **Full Changelog**: nodejs/undici@v5.26.5...v5.27.0 ### [`v5.26.5`](https://togithub.com/nodejs/undici/releases/tag/v5.26.5) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.4...v5.26.5) #### What's Changed - Drop race condition in connect-timeout test by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2360 - Remove a couple of unnecessary async functions by [@​kibertoad](https://togithub.com/kibertoad) in [nodejs/undici#2367 - Update namespace type with Fetch exports by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2361 **Full Changelog**: nodejs/undici@v5.26.4...v5.26.5 ### [`v5.26.4`](https://togithub.com/nodejs/undici/releases/tag/v5.26.4) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.3...v5.26.4) #### What's Changed - use esbuild define/hooks by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2342 - fix request's arrayBuffer returning uint8 instead of arraybuffer by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2344 - fix: skip readMore call if parser is null or undefined by [@​iiAku](https://togithub.com/iiAku) in [nodejs/undici#2346 - test: first attempt for flaky fix by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2337 - test: only include WebSocket in WPT Report where it's landed by [@​panva](https://togithub.com/panva) in [nodejs/undici#2351 - Update DispatchInterceptor.md by [@​Uzlopak](https://togithub.com/Uzlopak) in [nodejs/undici#2354 - fix: Avoid error for stream() being aborted by [@​BobNobrain](https://togithub.com/BobNobrain) in [nodejs/undici#2355 - fix names with esbuild by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2359 #### New Contributors - [@​iiAku](https://togithub.com/iiAku) made their first contribution in [nodejs/undici#2346 - [@​Uzlopak](https://togithub.com/Uzlopak) made their first contribution in [nodejs/undici#2354 - [@​BobNobrain](https://togithub.com/BobNobrain) made their first contribution in [nodejs/undici#2355 **Full Changelog**: nodejs/undici@v5.26.3...v5.26.4 ### [`v5.26.3`](https://togithub.com/nodejs/undici/compare/12a62187d45f332cf39dd405f7c52b759cf40cdd...227b9bedf233f741b86dda4ae9d1c7ad69f5d75c) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.2...v5.26.3) ### [`v5.26.2`](https://togithub.com/nodejs/undici/releases/tag/v5.26.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.1...v5.26.2) Security Release, CVE-2023-45143. ### [`v5.26.1`](https://togithub.com/nodejs/undici/releases/tag/v5.26.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.0...v5.26.1) #### What's Changed - Fix publish undici-types once and for all! by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2338 - Fix node detection omfg by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2341 **Full Changelog**: nodejs/undici@v5.26.0...v5.26.1 ### [`v5.26.0`](https://togithub.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://togithub.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2309 - change default header to `node` by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2310 - chore: change order of the pseudo-headers by [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) in [nodejs/undici#2308 - fix: Agent.Options.factory should accept URL object or string as parameter by [@​nicole0707](https://togithub.com/nicole0707) in [nodejs/undici#2295 - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2312 - test: handle npm ignore-scripts settings by [@​panva](https://togithub.com/panva) in [nodejs/undici#2313 - feat: respect `--max-http-header-size` Node.js flag by [@​balazsorban44](https://togithub.com/balazsorban44) in [nodejs/undici#2234 - fix([#​2311](https://togithub.com/nodejs/undici/issues/2311)): End stream after body sent by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2314 - disallow setting host header in fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2322 - \[StepSecurity] ci: Harden GitHub Actions by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2325 - fix fetch with coverage enabled by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2330 - Fix stuck when using http2 POST Buffer by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2336 - fix: 🏷️ add allowH2 to BuildOptions by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2334 - fix: 🐛 fix process http2 header by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2332 #### New Contributors - [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) made their first contribution in [nodejs/undici#2308 - [@​nicole0707](https://togithub.com/nicole0707) made their first contribution in [nodejs/undici#2295 - [@​balazsorban44](https://togithub.com/balazsorban44) made their first contribution in [nodejs/undici#2234 - [@​binsee](https://togithub.com/binsee) made their first contribution in [nodejs/undici#2336 **Full Changelog**: nodejs/undici@v5.23.4...v5.26.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 9pm on sunday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/ascorbic/unpic-img). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
louis-bompart
pushed a commit
to coveo/cli
that referenced
this pull request
Jan 16, 2024
…#1402) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.22.0` -> `5.26.2`](https://renovatebot.com/diffs/npm/undici/5.22.0/5.26.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-45143](https://togithub.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp) ### Impact Undici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. ### Patches This was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://togithub.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2. --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.26.2`](https://togithub.com/nodejs/undici/releases/tag/v5.26.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.1...v5.26.2) Security Release, CVE-2023-45143. ### [`v5.26.1`](https://togithub.com/nodejs/undici/releases/tag/v5.26.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.0...v5.26.1) #### What's Changed - Fix publish undici-types once and for all! by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2338 - Fix node detection omfg by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2341 **Full Changelog**: nodejs/undici@v5.26.0...v5.26.1 ### [`v5.26.0`](https://togithub.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://togithub.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2309 - change default header to `node` by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2310 - chore: change order of the pseudo-headers by [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) in [nodejs/undici#2308 - fix: Agent.Options.factory should accept URL object or string as parameter by [@​nicole0707](https://togithub.com/nicole0707) in [nodejs/undici#2295 - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2312 - test: handle npm ignore-scripts settings by [@​panva](https://togithub.com/panva) in [nodejs/undici#2313 - feat: respect `--max-http-header-size` Node.js flag by [@​balazsorban44](https://togithub.com/balazsorban44) in [nodejs/undici#2234 - fix([#​2311](https://togithub.com/nodejs/undici/issues/2311)): End stream after body sent by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2314 - disallow setting host header in fetch by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2322 - \[StepSecurity] ci: Harden GitHub Actions by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2325 - fix fetch with coverage enabled by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2330 - Fix stuck when using http2 POST Buffer by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2336 - fix: 🏷️ add allowH2 to BuildOptions by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2334 - fix: 🐛 fix process http2 header by [@​binsee](https://togithub.com/binsee) in [nodejs/undici#2332 #### New Contributors - [@​kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) made their first contribution in [nodejs/undici#2308 - [@​nicole0707](https://togithub.com/nicole0707) made their first contribution in [nodejs/undici#2295 - [@​balazsorban44](https://togithub.com/balazsorban44) made their first contribution in [nodejs/undici#2234 - [@​binsee](https://togithub.com/binsee) made their first contribution in [nodejs/undici#2336 **Full Changelog**: nodejs/undici@v5.23.4...v5.26.0 ### [`v5.25.4`](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) ### [`v5.25.3`](https://togithub.com/nodejs/undici/releases/tag/v5.25.3) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.2...v5.25.3) #### What's Changed - perf: improve parse-url implementation by [@​anonrig](https://togithub.com/anonrig) in [nodejs/undici#2286 - test: enable websockets inclusion in WPTReport by [@​panva](https://togithub.com/panva) in [nodejs/undici#2284 - remove npm run test from pre-commit hook by [@​dancastillo](https://togithub.com/dancastillo) in [nodejs/undici#2296 - perf: use [@​fastify/busboy](https://togithub.com/fastify/busboy) by [@​gurgunday](https://togithub.com/gurgunday) in [nodejs/undici#2211 - Disable finalizationregistry if node code cov by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2298 #### New Contributors - [@​gurgunday](https://togithub.com/gurgunday) made their first contribution in [nodejs/undici#2211 **Full Changelog**: nodejs/undici@v5.25.2...v5.25.3 ### [`v5.25.2`](https://togithub.com/nodejs/undici/releases/tag/v5.25.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.1...v5.25.2) #### What's Changed - Add Khaf to releasers by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2276 - fix: fix request with readable mode is object by [@​killagu](https://togithub.com/killagu) in [nodejs/undici#2279 - fix loading websockets when node is built w/ --without-ssl by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2282 #### New Contributors - [@​killagu](https://togithub.com/killagu) made their first contribution in [nodejs/undici#2279 **Full Changelog**: nodejs/undici@v5.25.1...v5.25.2 ### [`v5.25.1`](https://togithub.com/nodejs/undici/releases/tag/v5.25.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.0...v5.25.1) #### What's Changed - Add publish types script by [@​Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [nodejs/undici#2273 **Full Changelog**: nodejs/undici@v5.25.0...v5.25.1 ### [`v5.25.0`](https://togithub.com/nodejs/undici/releases/tag/v5.25.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.24.0...v5.25.0) #### What's Changed - fix: h2 without body by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2258 - ci: remove duplicated runs by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2265 - improve documentation of timeouts by making the units clear in all places by [@​mcfedr](https://togithub.com/mcfedr) in [nodejs/undici#2266 - expose websocket in node bundle by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2217 - test: fix Fetch/HTTP2 tests by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2263 - fix undici when node is built with --without-ssl by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2272 - fix: Fix type definition for Client Interceptors by [@​ComradeCow](https://togithub.com/ComradeCow) in [nodejs/undici#2269 - Fix http2 agent by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2275 #### New Contributors - [@​ComradeCow](https://togithub.com/ComradeCow) made their first contribution in [nodejs/undici#2269 **Full Changelog**: nodejs/undici@v5.24.0...v5.25.0 ### [`v5.24.0`](https://togithub.com/nodejs/undici/releases/tag/v5.24.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.23.0...v5.24.0) #### Notable Changes - feat: Add H2 support by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2061 #### What's Changed - build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2203 - better stack trace for body.json by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2215 - allow http & https websocket urls by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2218 - build(deps-dev): bump [@​sinonjs/fake-timers](https://togithub.com/sinonjs/fake-timers) from 10.3.0 to 11.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2221 - fix: pass ProxyAgent proxy status code error by [@​NBNGaming](https://togithub.com/NBNGaming) in [nodejs/undici#2162 - fix failing test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2223 - docs: update MockPool.md intercept method description by [@​capaj](https://togithub.com/capaj) in [nodejs/undici#2220 - Update wpts by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2226 - build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2240 - build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2237 - build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to 3.9.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2236 - build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2241 - build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2238 - fix: aborting request with non-object error by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2243 - fix: preserve file path when parsing formdata by [@​jimmywarting](https://togithub.com/jimmywarting) in [nodejs/undici#2245 - build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2246 - Updated benchmarks by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2250 - Fix fetch in node v20.6.0 by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2251 - Maybe fix v20 by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2252 - feat: Add H2 support by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#2061 - docs: fix tables in README by [@​regseb](https://togithub.com/regseb) in [nodejs/undici#2254 - Fix http2 fetch test by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#2253 #### New Contributors - [@​NBNGaming](https://togithub.com/NBNGaming) made their first contribution in [nodejs/undici#2162 - [@​capaj](https://togithub.com/capaj) made their first contribution in [nodejs/undici#2220 - [@​regseb](https://togithub.com/regseb) made their first contribution in [nodejs/undici#2254 **Full Changelog**: nodejs/undici@v5.23.0...v5.24.0 ### [`v5.23.0`](https://togithub.com/nodejs/undici/releases/tag/v5.23.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.22.1...v5.23.0) #### What's Changed - bump engines to node >= 16 by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#2119 - Revert "bump engines to node >= 16 ([#​2119](https://togithub.com/nodejs/undici/issues/2119))" by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#2121 - fetch: set referrer properly by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2125 - fix: support truncated gzip by [@​jimmywarting](https://togithub.com/jimmywarting) in [nodejs/undici#2126 - workflow: apply security best practices by [@​step-security-bot](https://togithub.com/step-security-bot) in [nodejs/undici#2130 - build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2135 - build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2133 - build(deps): bump node from 18-alpine to 20-alpine in /build by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2131 - build(deps): bump pkgjs/action from 0.1.6 to 0.1.7 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2136 - build(deps): bump actions/checkout from 3.1.0 to 3.5.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2132 - build(deps-dev): bump jsdom from 21.1.2 to 22.1.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2142 - build(deps): bump fastify/github-action-merge-dependabot from 3.7.0 to 3.8.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2148 - fix(pr): use correct pr template file by [@​AugustinMauroy](https://togithub.com/AugustinMauroy) in [nodejs/undici#2141 - Additional WebSocket send tests to cover all payload size categories by [@​jawj](https://togithub.com/jawj) in [nodejs/undici#2149 - fix: reverse decompression order of "Content-Encoding" encodings (fixes [#​2158](https://togithub.com/nodejs/undici/issues/2158)) by [@​rychkog](https://togithub.com/rychkog) in [nodejs/undici#2159 - fix: keep running WPTs if a test times out by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2165 - feat: add build environment info by [@​mhdawson](https://togithub.com/mhdawson) in [nodejs/undici#2168 - fix: forward error reason to fetch controller by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2172 - stricter types for bodymixin.json by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2181 - chore: Renable autoSelectFamily tests. by [@​ShogunPanda](https://togithub.com/ShogunPanda) in [nodejs/undici#2180 - build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2147 - build(deps): bump github/codeql-action from 2.3.2 to 2.20.3 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2185 - fix: fetch resource timing performance entry names should be strings by [@​GaryWilber](https://togithub.com/GaryWilber) in [nodejs/undici#2188 - build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2176 - build(deps): bump fastify/github-action-merge-dependabot from 3.8.0 to 3.9.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2177 - build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2178 - build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2175 - test: fix `autoselectfamily` on platforms without IPv6 support by [@​LiviaMedeiros](https://togithub.com/LiviaMedeiros) in [nodejs/undici#2197 - fix: make multipart/form-data boundary string more consistent by [@​LiviaMedeiros](https://togithub.com/LiviaMedeiros) in [nodejs/undici#2196 - docs: add proxy agent options docs by [@​dancastillo](https://togithub.com/dancastillo) in [nodejs/undici#2193 - build(deps): bump github/codeql-action from 2.20.3 to 2.21.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2205 - feat: make use of `addAbortListener` where applicable by [@​atlowChemi](https://togithub.com/atlowChemi) in [nodejs/undici#2195 #### New Contributors - [@​step-security-bot](https://togithub.com/step-security-bot) made their first contribution in [nodejs/undici#2130 - [@​AugustinMauroy](https://togithub.com/AugustinMauroy) made their first contribution in [nodejs/undici#2141 - [@​rychkog](https://togithub.com/rychkog) made their first contribution in [nodejs/undici#2159 - [@​mhdawson](https://togithub.com/mhdawson) made their first contribution in [nodejs/undici#2168 - [@​GaryWilber](https://togithub.com/GaryWilber) made their first contribution in [nodejs/undici#2188 - [@​atlowChemi](https://togithub.com/atlowChemi) made their first contribution in [nodejs/undici#2195 **Full Changelog**: nodejs/undici@v5.22.1...v5.23.0 ### [`v5.22.1`](https://togithub.com/nodejs/undici/releases/tag/v5.22.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.22.0...v5.22.1) #### What's Changed - Cache storage by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2076 - test: skip content-disposition test in node 18 by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2081 - Cache storage cleanup by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2082 - Cache storage fixes by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2083 - test: improve test coverage for ErrorEvent and MessageEvent by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2085 - test: remove --experimental-wasm-simd by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2087 - websocket: add websocketinit by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2088 - feat(websocket): allow setting custom headers by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2089 - test: fix tests failing only on node v20 by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2096 - fix: skip set content-length when FormData value is stream by [@​fengmk2](https://togithub.com/fengmk2) in [nodejs/undici#2091 - doc: update outdated command in contributing.md by [@​jazelly](https://togithub.com/jazelly) in [nodejs/undici#2099 - cache: fix most failing WPTs by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2100 - feat: allow build:wasm to auto detect platform by [@​jazelly](https://togithub.com/jazelly) in [nodejs/undici#2102 - docs: updated Error documentation (fixes [#​2090](https://togithub.com/nodejs/undici/issues/2090)) by [@​titanism](https://togithub.com/titanism) in [nodejs/undici#2092 - mimesniff: fix many broken tests by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2103 - test: fix failing tests by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2097 - build(deps): bump github/codeql-action from 2.2.9 to 2.3.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#2105 - fix: more informative error message to tell that the server doesn't match http/1.1 protocol by [@​Songkeys](https://togithub.com/Songkeys) in [nodejs/undici#2055 - Fix bug in 16-bit frame length when buffer is a subarray by [@​jawj](https://togithub.com/jawj) in [nodejs/undici#2106 - update wpts by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#2108 - fix: update error definitions by [@​dfilatov](https://togithub.com/dfilatov) in [nodejs/undici#2112 - fix: make assertion a noop by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#2111 #### New Contributors - [@​jazelly](https://togithub.com/jazelly) made their first contribution in [nodejs/undici#2099 - [@​titanism](https://togithub.com/titanism) made their first contribution in [nodejs/undici#2092 - [@​Songkeys](https://togithub.com/Songkeys) made their first contribution in [nodejs/undici#2055 - [@​jawj](https://togithub.com/jawj) made their first contribution in [nodejs/undici#2106 - [@​dfilatov](https://togithub.com/dfilatov) made their first contribution in [nodejs/undici#2112 **Full Changelog**: nodejs/undici@v5.22.0...v5.22.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/coveo/cli). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> --------- Co-authored-by: developer-experience-bot[bot] <91079284+developer-experience-bot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
crysmags
pushed a commit
to crysmags/undici
that referenced
this pull request
Feb 27, 2024
](https://renovatebot.com){kind=link}
Bumps [sinon](https://github.com/sinonjs/sinon) from 15.2.0 to 16.1.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v15.2.0...v16.1.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps sinon from 15.2.0 to 16.1.0.
Changelog
Sourced from sinon's changelog.
Commits
737736f16.1.0cac5184Enable use of assignment in the presence of accessors (#2538)f8c20e5New article: making Sinon work with complex setups (#2540)cb5b962Add NPM script 'dev-docs' and document its usagedd7c609Add a little update to contributing79acdf3Move tool versions into single file at root03b1db5Expose Changelog page (#2550)e1c3dadAdd section on tooling and recommend using ASDF for tool versioning (#2547)062e31816.0.0c339605fix(2525): ensure non empty message when error of type string is passed, but ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)