chore(deps): update dependency undici to v8

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
undici (source)	6.26.0 → 8.5.0

---

Release Notes

nodejs/undici (undici)

v8.5.0

Compare Source

v8.4.1

Compare Source

What's Changed

• test: avoid localhost lookup in fetch cookies tests by @​mcollina in #​5363
• fix: prevent race condition between onEnd and onTrailers in HTTP/2 client (#​5216) by @​mcollina in #​5343
• fix(dns): skip requests without origin by @​marko1olo in #​5376
• docs: add Getting Started guide by @​AliMahmoudDev in #​5371
• docs: fix code examples that crash at runtime and other inaccuracies by @​AliMahmoudDev in #​5386
• fix: handle paused parser on socket end (issue #​5360) by @​mcollina in #​5389
• fix(client): reject pipelined TLS altname errors by @​marko1olo in #​5373
• docs: fix multiple inaccuracies in API documentation by @​AliMahmoudDev in #​5384
• docs: fix remaining broken links in API documentation by @​AliMahmoudDev in #​5342

New Contributors

• @​marko1olo made their first contribution in #​5376

Full Changelog: nodejs/undici@v8.4.0...v8.4.1

v8.4.0

Compare Source

What's Changed

• fix: register connect listener before initiating requests in close-and-destroy test by @​mcollina in #​5272
• test: stabilize tls-cert-leak regression by @​mcollina in #​5306
• fix: replace tspl with native test context in test/examples.js by @​mcollina in #​5300
• http2: remove redundant request stream binding by @​trivikr in #​5302
• test: limit cache-tests workers on Windows by @​mcollina in #​5309
• test: use test context cleanup hooks in parser issue tests by @​mcollina in #​5282
• Add redirect option to strip headers on redirect by @​mcollina in #​5281
• chore(test): fix lint failure by @​aduh95 in #​5316
• chore(ci): use npm ci instead of npm install by @​aduh95 in #​5315
• docs: clarify formData security considerations by @​mcollina in #​5320
• docs: add EventSource server example by @​Will-thom in #​5321
• fix(core): simplify addAbortListener util by @​aduh95 in #​5317
• build(deps-dev): bump ws from 8.20.0 to 8.21.0 by @​dependabot[bot] in #​5325
• build(deps-dev): bump jsondiffpatch from 0.7.3 to 0.7.6 by @​dependabot[bot] in #​5313
• docs: match undici EoL to node version it's bundled in by @​trivikr in #​5330
• fix: handle all HTTP/2 request stream sync errors by @​mcollina in #​5311
• fix: preserve timeout errors for HTTP/2 requests by @​mcollina in #​5091
• fix(core): normalize autoSelectFamily timeout AggregateError by @​youcefzemmar in #​5329
• chore(core): define kEnumerableProperty atomically by @​aduh95 in #​5332
• chore(core): use regex.exec instead of string.match by @​aduh95 in #​5331
• fix: reset invalid HTTP/2 sessions by @​mcollina in #​5310
• feat(connect): add preferH2 connector option to offer h2 first in ALPN by @​Antamansid in #​5327
• test: fix flaky http2 trailers test by @​mcollina in #​5338
• fix(mock): restore single-arg MockCallHistory.filterCallsByX by @​youcefzemmar in #​5328
• docs: document missing error types in Errors.md by @​cesarvspr in #​5339
• build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 by @​dependabot[bot] in #​5346
• build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 by @​dependabot[bot] in #​5347
• build(deps): bump uWebSockets.js from v20.67.0 to v20.68.0 in /benchmarks by @​dependabot[bot] in #​5352
• build(deps): bump concurrently from 9.2.1 to 10.0.3 in /benchmarks by @​dependabot[bot] in #​5353
• build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.4 by @​dependabot[bot] in #​5348
• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @​dependabot[bot] in #​5351
• build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​5349
• docs: improve connect option documentation in Client.md by @​AliMahmoudDev in #​5344
• fix(mock): do not persist snapshots on close in playback mode by @​GeoffreyBooth in #​5359
• fix(fetch): remove abort listener when request settles by @​ATOM00blue in #​5318
• test: add Node.js global fetch regression coverage by @​mcollina in #​5361
• fix(h2): make Client multiplex on h2 (#​4143) by @​mcollina in #​5362

New Contributors

• @​Will-thom made their first contribution in #​5321
• @​youcefzemmar made their first contribution in #​5329
• @​Antamansid made their first contribution in #​5327
• @​cesarvspr made their first contribution in #​5339
• @​AliMahmoudDev made their first contribution in #​5344
• @​ATOM00blue made their first contribution in #​5318

Full Changelog: nodejs/undici@v8.3.0...v8.4.0

v8.3.0

Compare Source

What's Changed

• fix: preserve pool capacity after removing stale client by @​trivikr in #​5151
• build(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @​dependabot[bot] in #​5157
• build(deps): bump actions/upload-artifact from 5.0.0 to 7.0.1 by @​dependabot[bot] in #​5162
• build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @​dependabot[bot] in #​5156
• chore(http2): collapse duplicate request stream setup by @​trivikr in #​5140
• perf(client): cache HTTP/2 authority by @​trivikr in #​5141
• build(deps-dev): bump borp from 0.20.2 to 1.0.0 by @​dependabot[bot] in #​4819
• types: add TOpaque to client connect options by @​samuel871211 in #​4928
• build(deps): bump tinybench from 5.1.0 to 6.0.1 in /benchmarks by @​dependabot[bot] in #​4688
• build(deps): bump codecov/codecov-action from 5.5.1 to 6.0.0 by @​dependabot[bot] in #​4950
• build(deps): bump actions/dependency-review-action from 4.8.1 to 4.9.0 by @​dependabot[bot] in #​4951
• test(fetch): add userinfo coverage for issue-4897 URLs by @​mcollina in #​4901
• perf: avoid duplicate pool dispatcher selection on backpressure by @​trivikr in #​5149
• build(deps): bump actions/setup-node from 6.2.0 to 6.4.0 by @​dependabot[bot] in #​5163
• build(deps): bump step-security/harden-runner from 2.14.1 to 2.19.1 by @​dependabot[bot] in #​5160
• build(deps): bump cronometro from 5.3.0 to 6.0.3 in /benchmarks by @​dependabot[bot] in #​4687
• build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @​dependabot[bot] in #​5161
• build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @​dependabot[bot] in #​4853
• build(deps): bump hendrikmuhs/ccache-action from 1.2.22 to 1.2.23 by @​dependabot[bot] in #​5158
• build(deps): bump fastify/github-action-merge-dependabot from 3.11.2 to 3.12.0 by @​dependabot[bot] in #​5159
• build(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @​dependabot[bot] in #​4854
• build(deps): bump uWebSockets.js from v20.64.0 to v20.66.0 in /benchmarks by @​dependabot[bot] in #​5130
• docs: mention install() also installs WebSocket globals by @​mcollina in #​5174
• types: stop interfering with @​types/node by @​Renegade334 in #​5173
• fix: align h2 empty body content-length methods with h1 by @​trivikr in #​5172
• build(deps-dev): bump fast-check from 4.6.0 to 4.7.0 by @​dependabot[bot] in #​5192
• build(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @​dependabot[bot] in #​5191
• test: move cleanup from finally to after hooks by @​trivikr in #​5194
• test: resolve flaky timeout in issue-3356 by @​trivikr in #​5188
• SnapshotAgent: Add normalizeBody and normalizeQuery by @​GeoffreyBooth in #​5121
• fix(socks5): use configured connector in Socks5ProxyAgent by @​trivikr in #​5168
• perf(http2): avoid isArray checks for common headers by @​trivikr in #​5170
• fix(test): make deduplicate body-streaming test non-flaky by @​mcollina in #​5196
• test(retry): add regression test for RetryAgent + HTTP/2 stream timeout (#​5137) by @​mcollina in #​5176
• fix(socks5): preserve dispatch backpressure return value by @​trivikr in #​5166
• perf(http2): end zero-length request bodies with headers by @​trivikr in #​5169
• fix(test): make issue-2898-comment.js assertion robust against flakiness by @​mcollina in #​5208
• test: disable timeouts in h2 high concurrency regression by @​trivikr in #​5205
• test: deflake stream compat coverage by @​mcollina in #​5209
• fix(dispatcher): remove unreachable assert in writeBlob by @​SAY-5 in #​5231
• fix: clean up benchmark resources before worker exit by @​trivikr in #​5225
• test: avoid per-chunk assertions in diagnostics get by @​trivikr in #​5224
• test: capture cache test worker stderr and preserve failures by @​trivikr in #​5206
• chore: gitignore benchmarks/package-lock.json by @​trivikr in #​5228
• perf(proxy-agent): avoid extra header allocations in auth guard by @​trivikr in #​5164
• test(wpt): retry WPT server startup on port conflicts or timeout by @​trivikr in #​5215
• test: make websocket diagnostics ping-pong ordering deterministic by @​trivikr in #​5222
• test(websocket): fix flaky send test by @​mcollina in #​5232
• fix: prevent node-fetch test server close from hanging on Windows by @​mcollina in #​5246
• test: wait for cache test server to listen by @​trivikr in #​5242
• fix: accept unknown-size Content-Range values by @​trivikr in #​5120
• test: avoid global dispatcher state in mock client tests by @​trivikr in #​5258
• test: fix flaky permessage-deflate limit timeout by @​mcollina in #​5229
• test: drain request bodies in request tests by @​trivikr in #​5247
• test: reduce retry-after invalid date timing flake by @​trivikr in #​5250
• test: drive request timeout ticks after connect by @​trivikr in #​5251
• test: only fail max-listener checks on max-listener warnings by @​trivikr in #​5253
• test: avoid double-closing server in client-request test by @​trivikr in #​5255
• fix(retry-handler): validate response body length against Content-Range by @​mcollina in #​4975
• test: wait for inflight-and-close body cleanup by @​trivikr in #​5261
• fix(test): make http2-pseudo-headers test order-independent by @​mcollina in #​5234
• fix: preserve fetch multipart body on MockAgent fallback by @​mcollina in #​5269
• ci: build Node FFI fixtures for shared-builtin tests by @​trivikr in #​5275
• test: deflake issue-5137 stream count assertion by @​trivikr in #​5243
• fix: replace finished() with writable lifecycle tracking by @​trivikr in #​5001
• perf(client-h2): reuse request stream handlers by @​trivikr in #​5280
• fix: prevent pipeline body replay on redirect by @​mcollina in #​5274
• fix(types): remove throwOnError from Dispatcher.RequestOptions by @​Zelys-DFKH in #​5279
• fix: validate EOF for chunked h1 responses by @​mcollina in #​5273
• test: deflake parser-issues teardown by @​mcollina in #​5278
• test: make http2-alpn control requests explicit by @​trivikr in #​5252
• test: include cache-test worker metadata on failure by @​trivikr in #​5276
• test: include after in parser-issues by @​trivikr in #​5284
• cache formdata boundary by @​KhafraDev in #​5292
• build(deps-dev): bump fast-check from 4.7.0 to 4.8.0 by @​dependabot[bot] in #​5298
• test: retry crashed cache-test workers once by @​trivikr in #​5294
• Add Node 26 to the matrix by @​mcollina in #​5271
• perf(client-h2): reuse request upgrade stream handlers by @​trivikr in #​5293
• build(deps-dev): bump jest from 30.3.0 to 30.4.2 by @​dependabot[bot] in #​5297
• build(deps): bump uWebSockets.js from v20.66.0 to v20.67.0 in /benchmarks by @​dependabot[bot] in #​5299
• test: fix flaky http2-dispatcher WebSocket upgrade tests by @​mcollina in #​5304

New Contributors

• @​Zelys-DFKH made their first contribution in #​5279

Full Changelog: nodejs/undici@v8.2.0...v8.3.0

v8.2.0

Compare Source

What's Changed

• chore: use native addAbortListener by @​trivikr in #​5021
• fix: fix the logic for the UNDICI_NO_WASM_SIMD environment variable by @​ShenHongFei in #​5026
• fix(http2): send body for non-expectsPayload methods with content by @​mcollina in #​5030
• fix(fetch): correct 'navigator' typo to 'navigate' in fetchFinale by @​deepview-autofix in #​5044
• fix(webidl): correct signed integer bounds in ConvertToInt by @​deepview-autofix in #​5038
• fix(fetch): use || for CRLF check in multipart formdata-parser by @​deepview-autofix in #​5049
• fix(websocket): correct argument order in WebSocketStream UTF-8 failure by @​deepview-autofix in #​5050
• fix(pool): propagate useH2c to connector when connections > 1 by @​SAY-5 in #​5031
• fix(cache): return immutable staleAt in milliseconds by @​deepview-autofix in #​5048
• fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing by @​deepview-autofix in #​5041
• fix(cache): evict oldest entries first in SqliteCacheStore prune by @​deepview-autofix in #​5039
• fix(socks5): correctly expand IPv6 '::' compressed notation by @​deepview-autofix in #​5046
• Remove unused func and unnecessary shim by @​tsctx in #​5053
• fix: reject malformed content-length request headers by @​trivikr in #​5060
• fix(request): reject NaN highWaterMark during option validation by @​trivikr in #​5062
• docs: fix broken links in docsify sidebar by @​maruthang in #​5065
• fix(fetch): prefer filename* over filename in multipart form-data by @​maruthang in #​5068
• fix(http2): reject websocket upgrades on non-200 responses by @​trivikr in #​5072
• feat: support username-only proxy authentication in ProxyAgent by @​rossilor95 in #​4935
• build(deps): bump uWebSockets.js from v20.58.0 to v20.64.0 in /benchmarks by @​dependabot[bot] in #​5083
• fix(client-h2): stop double-decrementing kOpenStreams on stream timeout by @​SAY-5 in #​5076
• fix(http2): reject upgrade streams closed before response headers by @​trivikr in #​5069
• fix(http2): allow GET and HEAD request bodies over h2 by @​trivikr in #​5058
• fix(cache): include query in cache key when opts.path is undefined by @​maruthang in #​5081
• fix: avoid premature cleanup of dispatcher in Agent by @​bienzaaron in #​5034
• fix(http2): record ping failures on the socket by @​trivikr in #​5075
• add undici security policy by @​mcollina in #​5056
• fix(mock): make filterCalls AND operator actually intersect results by @​deepview-autofix in #​5045
• fix(socks5): enforce authenticated state before CONNECT by @​trivikr in #​5097
• fix(cache): skip expired sqlite vary entries during lookup by @​trivikr in #​5095
• fix: enforce maxCachedSessions in TLS session cache by @​trivikr in #​5102
• fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly by @​trivikr in #​5099
• fix: handle invalid HTTP/2 connection headers (#​4356) by @​mcollina in #​5101
• fix(interceptor): add throwOnMaxRedirect to types and interceptor opts by @​maruthang in #​5066
• fix(websocket): avoid double-closing canceled stream readers by @​colinaaa in #​5105
• fix(cache): persist vary when updating sqlite cache entries by @​trivikr in #​5109
• refactor(h1): track HEAD keep-alive override as boolean by @​trivikr in #​5110
• client: cache llhttp wasm buffer view by @​trivikr in #​5115
• deps: update llhttp to 9.3.1 by @​mcollina in #​5113
• fix(http2): preserve accepted streams after GOAWAY by @​trivikr in #​5090
• fix: reuse parser WeakRef for timeout callbacks by @​trivikr in #​5125
• fix: stop buffering data after SOCKS5 connect by @​trivikr in #​5118
• perf(http2): avoid response header reserialization by @​trivikr in #​5085
• fix(cache): enforce sqlite maxCount after insert by @​trivikr in #​5112
• perf: reduce EventSourceStream parser allocations by @​trivikr in #​5032
• types(dispatcher): use OutgoingHttpHeaders for request headers by @​maruthang in #​5067
• cleanup: delete redundant .gitkeep file by @​shivarm in #​5133
• fix(http2): respect peer max concurrent streams by @​trivikr in #​5135
• test(http2): ensure websocket upgrade resumes queued requests by @​trivikr in #​5132
• test(mock): cover SnapshotAgent excludeUrls playback by @​maruthang in #​5080
• perf(client): parse h1 content-length statelessly by @​trivikr in #​5124
• perf(http2): reduce writeH2 per-request callback allocations by @​trivikr in #​5138
• chore(deps): add lockfile by @​aduh95 in #​5139
• perf: use byteLength property for binary body chunks by @​trivikr in #​5126
• fix(cache): allow streamed entries at maxEntrySize limit by @​trivikr in #​5129
• perf(http2): avoid cloning headers when removing status by @​trivikr in #​5127
• fix: validate H2CClient maxConcurrentStreams option by @​trivikr in #​5143
• perf: avoid redundant scans in BalancedPool dispatcher selection by @​trivikr in #​5146
• fix: replace stale pool clients under connection limit by @​trivikr in #​5145

New Contributors

• @​deepview-autofix made their first contribution in #​5044
• @​SAY-5 made their first contribution in #​5031
• @​maruthang made their first contribution in #​5065
• @​bienzaaron made their first contribution in #​5034

Full Changelog: nodejs/undici@v8.1.0...v8.2.0

v8.1.0

Compare Source

What's Changed

• feat: add configurable maxPayloadSize for WebSocket by @​mcollina in #​4955

Full Changelog: nodejs/undici@v8.0.3...v8.1.0

v8.0.3

Compare Source

What's Changed

• docs: add an Undici 7 to 8 migration guide by @​mcollina in #​4963
• chore: switch deferred promise with Promise.withResolvers() by @​trivikr in #​4972
• chore: remove zstd and markAsUncloneable feature probes by @​trivikr in #​4968
• test: remove obsolete nodeMajor/nodeMinor util exports by @​trivikr in #​4976
• chore: use Promise.withResolvers in SOCKS5 proxy agent by @​trivikr in #​4978
• build(deps-dev): bump esbuild from 0.27.7 to 0.28.0 by @​dependabot[bot] in #​4985
• build(deps-dev): bump proxy from 2.2.0 to 4.0.0 by @​dependabot[bot] in #​4987
• build(deps): bump got from 14.6.6 to 15.0.0 in /benchmarks by @​dependabot[bot] in #​4988
• chore: use Object.hasOwn for iterator checks by @​trivikr in #​4979
• doc: Update dump({ limit: Integer }) default value by @​samuel871211 in #​4981
• fix: avoid 401 failures for stream-backed request bodies by @​mcollina in #​4941
• test: remove unsupported Node version checks from fetch tests by @​trivikr in #​4977
• types: remove legacy AbortSignal alias now provided by @​types/node by @​trivikr in #​4995
• fix: remove stale constructor interceptors from types and pool options by @​trivikr in #​4994
• doc: update incorrect description of dump.maxSize by @​samuel871211 in #​4982
• ci: enable coverage for node.js 25 by @​shivarm in #​4980
• refactor: reuse wrapRequestBody in RedirectHandler by @​trivikr in #​4992
• fix: preserve connect option in H2CClient by @​trivikr in #​5000
• types: document Client and H2CClient option declarations by @​trivikr in #​4998
• fix: native WebSocket over H2 server after undici import by @​mcollina in #​4990
• chore(test): issue 3969 by @​rozzilla in #​5005
• fix(1270): throw descriptive error when opts.dispatcher–passed instance methods by @​rozzilla in #​5007
• docs: Change the default value of allowH2 in JSDoc by @​7hokerz in #​5009
• chore(test): cover issue 5014 by @​rozzilla in #​5015
• fix: prevent cache dedup key collision via unescaped delimiters by @​eddieran in #​5013
• fix(proxy agent): respect connectTimeout by @​rozzilla in #​5011

New Contributors

• @​7hokerz made their first contribution in #​5009
• @​eddieran made their first contribution in #​5013

Full Changelog: nodejs/undici@v8.0.2...v8.0.3

v8.0.2

Compare Source

What's Changed

• fix(websocket): fallback to HTTP/1.1 when H2 CONNECT is unavailable by @​mcollina in #​4966
• fix: release ref by @​mcollina in #​4965
• ci: reenable shared builtin CI tests by @​mcollina in #​4967

Full Changelog: nodejs/undici@v8.0.1...v8.0.2

v8.0.1

Compare Source

What's Changed

• Remove legacy handler wrappers by @​mcollina in #​4786
• fix: isolate global dispatcher v2 and add Dispatcher1Wrapper bridge by @​mcollina in #​4827
• fix: preserve request statusText and update h2 dispatch tests by @​mcollina in #​4830
• feat!: enable h2 by default by @​metcoder95 in #​4828
• fix(cache): preserve short-lived entries for revalidation by @​mcollina in #​4934
• fix: remove support for non-real Blob objects by @​mcollina in #​4937
• build(deps): bump github/codeql-action from 4.32.3 to 4.35.1 by @​dependabot[bot] in #​4953
• Undici 8 by @​mcollina in #​4916
• build(deps): bump hendrikmuhs/ccache-action from 1.2.19 to 1.2.22 by @​dependabot[bot] in #​4954
• doc: remove duplicate listItem of RetryHandler.md & RetryHandler.md by @​samuel871211 in #​4948
• fix: mirror the legacy global dispatcher for built-in fetch by @​mcollina in #​4962
• fix(websocket/stream): only enqueue parsed messages in WebSocketStream by @​colinaaa in #​4959

New Contributors

• @​colinaaa made their first contribution in #​4959

Full Changelog: nodejs/undici@v7.24.7...v8.0.1

v8.0.0

Compare Source

What's Changed

• Remove legacy handler wrappers by @​mcollina in #​4786
• fix: isolate global dispatcher v2 and add Dispatcher1Wrapper bridge by @​mcollina in #​4827
• fix: preserve request statusText and update h2 dispatch tests by @​mcollina in #​4830
• feat!: enable h2 by default by @​metcoder95 in #​4828
• fix(cache): preserve short-lived entries for revalidation by @​mcollina in #​4934
• fix: remove support for non-real Blob objects by @​mcollina in #​4937
• build(deps): bump github/codeql-action from 4.32.3 to 4.35.1 by @​dependabot[bot] in #​4953
• Undici 8 by @​mcollina in #​4916

Full Changelog: nodejs/undici@v7.24.7...v8.0.0

v7.28.0

Compare Source

v7.27.2

Compare Source

v7.27.1

Compare Source

What's Changed

• fix: preserve raw headers in dispatch handler bridge by @​mcollina in #​5345

Full Changelog: nodejs/undici@v7.27.0...v7.27.1

v7.27.0

Compare Source

What's Changed

• [7.x] fix: support Node 26 and legacy global dispatcher by @​mcollina in #​5319

Full Changelog: nodejs/undici@v7.26.0...v7.27.0

v7.26.0

Compare Source

What's Changed

• fix: backport safe main fixes to v7.x by @​mcollina in #​5136
• fix: validate EOF for chunked h1 responses by @​mcollina in #​5307

Full Changelog: nodejs/undici@v7.25.0...v7.26.0

v7.25.0

Compare Source

What's Changed

Full Changelog: nodejs/undici@v7.24.8...v7.25.0

v7.24.8

Compare Source

What's Changed

• fix: backport 401 stream-backed body fix to v7.x by @​mcollina in #​5006

Full Changelog: nodejs/undici@v7.24.7...v7.24.8

v7.24.7

Compare Source

What's Changed

• docs: update broken links in file "Dispatcher.md" by @​samuel871211 in #​4924
• doc: remove unused parameter redirectionLimitReached by @​samuel871211 in #​4933
• test: skip flaky macOS Node 20 cookie fetch cases by @​mcollina in #​4932
• fix(types): align Response with DOM fetch types by @​theamodhshetty in #​4867
• fix(types): Fix clone method type declaration to be an instance method rather than instance property by @​mistval in #​4925
• test: skip IPv6 tests when IPv6 is not available by @​mcollina in #​4939
• fix: correctly handle multi-value rawHeaders in fetch by @​mcollina in #​4938
• ignore AGENTS.md by @​mcollina in #​4942

New Contributors

• @​samuel871211 made their first contribution in #​4924
• @​mistval made their first contribution in #​4925

Full Changelog: nodejs/undici@v7.24.6...v7.24.7

v7.24.6

Compare Source

What's Changed

• fix(test): client wasm compatible with clang 22 by @​rozzilla in #​4909
• fix(mock): improve error message when intercepts are exhausted by @​travisbreaks in #​4912
• fix(websocket): support open diagnostics over h2 by @​mcollina in #​4921
• fix: assume http/https scheme for scheme-less proxy env vars by @​travisbreaks in #​4914
• fix(cache): check Authorization on request headers per RFC 9111 §3.5 by @​metalix2 in #​4911
• fix: wrap kConnector call in try/catch to prevent client hang by @​veeceey in #​4834
• docs: clarify fetch and FormData pairing by [@

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 9am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Recently published: npm undici published 11 hours ago Location: Package overview From: package-lock.json → npm/@nomicfoundation/hardhat-toolbox-mocha-ethers@3.0.7 → npm/hardhat@3.9.0 → npm/seaport@1.6.0 → npm/undici@8.5.0 ℹ Read more on: This package | This alert | What are recently published artifacts? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/undici@8.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report