Skip to content

Commit f48b896

Browse files
mcollinamarco-ippolito
authored andcommittedFeb 12, 2024
lib: update undici to v5.28.3
Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: nodejs-private/node-private#536 CVE-ID: CVE-2024-24758
1 parent d3d357a commit f48b896

File tree

4 files changed

+6
-2
lines changed

4 files changed

+6
-2
lines changed
 

‎deps/undici/src/lib/fetch/index.js

+3
Original file line numberDiff line numberDiff line change
@@ -1201,6 +1201,9 @@ async function httpRedirectFetch (fetchParams, response) {
12011201
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
12021202
request.headersList.delete('authorization')
12031203

1204+
// https://fetch.spec.whatwg.org/#authentication-entries
1205+
request.headersList.delete('proxy-authorization', true)
1206+
12041207
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
12051208
request.headersList.delete('cookie')
12061209
request.headersList.delete('host')

‎deps/undici/src/package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "undici",
3-
"version": "5.26.4",
3+
"version": "5.28.3",
44
"description": "An HTTP/1.1 client, written from scratch for Node.js",
55
"homepage": "https://undici.nodejs.org",
66
"bugs": {

‎deps/undici/undici.js

+1
Original file line numberDiff line numberDiff line change
@@ -10002,6 +10002,7 @@ var require_fetch = __commonJS({
1000210002
}
1000310003
if (!sameOrigin(requestCurrentURL(request), locationURL)) {
1000410004
request.headersList.delete("authorization");
10005+
request.headersList.delete("proxy-authorization", true);
1000510006
request.headersList.delete("cookie");
1000610007
request.headersList.delete("host");
1000710008
}

‎src/undici_version.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@
22
// Refer to tools/update-undici.sh
33
#ifndef SRC_UNDICI_VERSION_H_
44
#define SRC_UNDICI_VERSION_H_
5-
#define UNDICI_VERSION "5.26.4"
5+
#define UNDICI_VERSION "5.28.3"
66
#endif // SRC_UNDICI_VERSION_H_

0 commit comments

Comments
 (0)
Please sign in to comment.