[Snyk] Upgrade undici from 5.28.3 to 6.11.1 #404

lholmquist · 2024-04-27T01:11:43Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade undici from 5.28.3 to 6.11.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 21 versions ahead of your current version.
The recommended version was released 24 days ago, on 2024-04-02.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Access Control SNYK-JS-UNDICI-6564963	416/1000 Why? Recently disclosed, Has a fix available, CVSS 2.6	No Known Exploit
	Improper Authorization SNYK-JS-UNDICI-6564964	416/1000 Why? Recently disclosed, Has a fix available, CVSS 2.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: undici

6.11.1 - 2024-04-02
⚠️ Security Release ⚠️

What's Changed
- Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
- Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261
- Revert "fix: don't leak internal class (#3024)" by @ mcollina in #3044
Full Changelog: v6.11.0...v6.11.1
6.11.0 - 2024-04-02
What's Changed
- refactor(#3023): Pass headers as array instead by @ metcoder95 in #3025
- fix: don't leak internal class by @ ronag in #3024
- build(deps): bump codecov/codecov-action from 4.1.0 to 4.1.1 by @ dependabot in #3034
- build(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @ dependabot in #3038
- build(deps-dev): bump borp from 0.9.1 to 0.10.0 by @ dependabot in #2947
- missing commits by @ ronag in #3040
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @ dependabot in #3036
- fix: regexp pattern by @ tsctx in #3041
Full Changelog: v6.10.2...v6.11.0
6.10.2 - 2024-03-27
What's Changed
- Do not fail test if streams support typed arrays by @ mcollina in #2978
- fix(fetch): properly redirect non-ascii location header url by @ Xvezda in #2971
- perf: Remove double-stringify in setCookie by @ peterver in #2980
- [fix #2982] use DispatcherInterceptor type for Dispatcher#Compose by @ clovis-guillemot in #2983
- fix: make EventSource properties enumerable by @ MattBidewell in #2987
- docs: ✏️ fixed benchmark links by @ benhalverson in #2991
- fix(#2986): bad start check by @ metcoder95 in #2992
- fix(H2 Client): bind stream 'data' listener only after received 'response' event by @ st3ffgv4 in #2985
- feat: added search input by @ benhalverson in #2993
- chore: validate responses can be consumed without a Content-Length or… by @ jacob-ebey in #2995
- fix error message by @ KhafraDev in #2998
- Revert "perf: reuse TextDecoder instance (#2863)" by @ panva in #2999
- test: remove only by @ metcoder95 in #3001
New Contributors
- @ Xvezda made their first contribution in #2971
- @ peterver made their first contribution in #2980
- @ clovis-guillemot made their first contribution in #2983
- @ MattBidewell made their first contribution in #2987
- @ benhalverson made their first contribution in #2991
- @ st3ffgv4 made their first contribution in #2985
- @ jacob-ebey made their first contribution in #2995
Full Changelog: v6.10.0...v6.10.2
6.10.1 - 2024-03-21
Full Changelog: v6.10.0...v6.10.1
6.10.0 - 2024-03-21
Read more
6.9.0 - 2024-03-14
Read more
6.8.0 - 2024-03-13
Read more
6.7.1 - 2024-03-08
Read more
6.7.0 - 2024-03-03
Read more
6.6.2 - 2024-02-06
6.6.1 - 2024-02-05
6.6.0 - 2024-02-01
6.5.0 - 2024-01-26
6.4.0 - 2024-01-19
6.3.0 - 2024-01-08
6.2.1 - 2023-12-22
6.2.0 - 2023-12-20
6.1.0 - 2023-12-20
6.0.1 - 2023-12-06
6.0.0 - 2023-12-05
5.28.4 - 2024-04-02
⚠️ Security Release ⚠️
- Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
- Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261
Full Changelog: v5.28.3...v5.28.4
5.28.3 - 2024-02-05