[Snyk] Upgrade undici from 4.12.0 to 6.19.8 #4

nerds-github · 2024-10-23T23:51:40Z

Snyk has created this PR to upgrade undici from 4.12.0 to 6.19.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 112 versions ahead of your current version.
The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	265	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	265	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	265	Proof of Concept
Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	265	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	265	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	265	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	265	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	265	No Known Exploit
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	265	No Known Exploit
Uncontrolled resource consumption SNYK-JS-BRACES-6838727	265	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	265	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	265	No Known Exploit
Denial of Service (DoS) SNYK-JS-WS-7266574	265	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UNDICI-3323845	265	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	265	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	265	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	265	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	265	Proof of Concept
Improper Input Validation SNYK-JS-POSTCSS-5926692	265	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	265	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	265	Proof of Concept
Improper Certificate Validation SNYK-JS-UNDICI-2928996	265	Proof of Concept
CRLF Injection SNYK-JS-UNDICI-2953389	265	Proof of Concept
CRLF Injection SNYK-JS-UNDICI-2980276	265	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	265	No Known Exploit
Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	265	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	265	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-UNDICI-2980286	265	No Known Exploit
CRLF Injection SNYK-JS-UNDICI-3323844	265	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	265	Proof of Concept
Information Exposure SNYK-JS-UNDICI-5962466	265	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	265	No Known Exploit
Information Exposure SNYK-JS-UNDICI-2957529	265	Proof of Concept
Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	265	No Known Exploit
Improper Access Control SNYK-JS-UNDICI-6564963	265	No Known Exploit
Improper Authorization SNYK-JS-UNDICI-6564964	265	No Known Exploit

Release notes

Package name: undici

6.19.8 - 2024-08-19
Full Changelog: v6.19.7...v6.19.8
6.19.7 - 2024-08-09
Full Changelog: v6.19.6...v6.19.7
6.19.6 - 2024-08-09
Full Changelog: v6.19.5...v6.19.6
6.19.5 - 2024-07-31
Full Changelog: v6.19.4...v6.19.5
6.19.4 - 2024-07-22
Full Changelog: v6.19.3...v6.19.4
6.19.3 - 2024-07-22
Full Changelog: v6.19.2...v6.19.3
6.19.2 - 2024-06-18
What's Changed
- fix #3337 by @ KhafraDev in #3338
- build: use husky as husky install is deprecated by @ jazelly in #3340
- fix: interceptors.d.ts has no default export by @ Uzlopak in #3332
Full Changelog: v6.19.1...v6.19.2
6.19.1 - 2024-06-17
6.19.0 - 2024-06-14
6.18.2 - 2024-05-29
6.18.1 - 2024-05-22
6.18.0 - 2024-05-20
6.17.0 - 2024-05-17
6.16.1 - 2024-05-10
6.16.0 - 2024-05-07
6.15.0 - 2024-04-29
6.14.1 - 2024-04-23
6.14.0 - 2024-04-22
6.13.0 - 2024-04-12
6.12.0 - 2024-04-08
6.11.1 - 2024-04-02
6.11.0 - 2024-04-02
6.10.2 - 2024-03-27
6.10.1 - 2024-03-21
6.10.0 - 2024-03-21
6.9.0 - 2024-03-14
6.8.0 - 2024-03-13
6.7.1 - 2024-03-08
6.7.0 - 2024-03-03
6.6.2 - 2024-02-06
6.6.1 - 2024-02-05
6.6.0 - 2024-02-01
6.5.0 - 2024-01-26
6.4.0 - 2024-01-19
6.3.0 - 2024-01-08
6.2.1 - 2023-12-22
6.2.0 - 2023-12-20
6.1.0 - 2023-12-20
6.0.1 - 2023-12-06
6.0.0 - 2023-12-05
5.28.4 - 2024-04-02
5.28.3 - 2024-02-05
5.28.2 - 2023-11-30
5.28.1 - 2023-11-27
5.28.0 - 2023-11-24
5.27.2 - 2023-11-03
5.27.1 - 2023-11-03
5.27.0 - 2023-10-26
5.26.5 - 2023-10-23
5.26.4 - 2023-10-19
5.26.3 - 2023-10-11
5.26.2 - 2023-10-11
5.26.1 - 2023-10-11
5.26.0 - 2023-10-11
5.25.4 - 2023-10-03
5.25.3 - 2023-10-01
5.25.2 - 2023-09-22
5.25.1 - 2023-09-20
5.25.0 - 2023-09-20
5.24.0 - 2023-09-08
5.24.0-test.6 - 2023-09-20
5.24.0-test.5 - 2023-09-19
5.24.0-test.4 - 2023-09-19
5.24.0-test.3 - 2023-09-19
5.24.0-test.2 - 2023-09-19
5.24.0-test.1 - 2023-09-19
5.24.0-test.0 - 2023-09-19
5.23.0 - 2023-08-03
5.22.1 - 2023-05-11
5.22.0 - 2023-04-20
5.21.2 - 2023-04-09
5.21.1 - 2023-04-08
5.21.0 - 2023-03-13
5.20.0 - 2023-02-18
5.19.1 - 2023-02-13
5.19.0 - 2023-02-13
5.18.0 - 2023-02-06
5.17.1 - 2023-02-04
5.17.0 - 2023-02-04
5.16.0 - 2023-01-23
5.15.2 - 2023-01-22
5.15.1 - 2023-01-19
5.15.0 - 2023-01-11
5.14.0 - 2022-12-08
5.13.0 - 2022-11-25
5.12.0 - 2022-10-27
5.11.0 - 2022-10-03
5.10.0 - 2022-08-23
5.9.1 - 2022-08-17
5.9.0 - 2022-08-17
5.8.2 - 2022-08-09
5.8.1 - 2022-08-03
5.8.0 - 2022-07-18
5.7.0 - 2022-07-12
5.6.1 - 2022-07-08
5.6.0 - 2022-07-01
5.5.1 - 2022-06-13
5.5.0 - 2022-06-13
5.4.0 - 2022-05-31
5.3.0 - 2022-05-24
5.2.0 - 2022-05-11
5.1.1 - 2022-05-02
5.1.0 - 2022-05-01
5.0.0 - 2022-03-29
4.16.0 - 2022-03-18
4.15.1 - 2022-03-07
4.15.0 - 2022-03-04
4.14.1 - 2022-02-11
4.14.0 - 2022-02-11
4.13.0 - 2022-01-30
4.12.2 - 2022-01-13
4.12.1 - 2021-12-22
4.12.0 - 2021-12-14

from undici GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade undici from 4.12.0 to 6.19.8. See this package in npm: undici See this project in Snyk: https://app.snyk.io/org/nerds-github/project/bf4e0bbc-6133-4196-a6ba-f683223a4e51?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade undici from 4.12.0 to 6.19.8 #4

[Snyk] Upgrade undici from 4.12.0 to 6.19.8 #4

nerds-github commented Oct 23, 2024

What's Changed

[Snyk] Upgrade undici from 4.12.0 to 6.19.8 #4

Are you sure you want to change the base?

[Snyk] Upgrade undici from 4.12.0 to 6.19.8 #4

Conversation

nerds-github commented Oct 23, 2024

Snyk has created this PR to upgrade undici from 4.12.0 to 6.19.8.

Issues fixed by the recommended upgrade:

What's Changed