Skip to content

Upgrade: [dependabot] - bump undici from 5.29.0 to 7.24.1#139

Merged
eps-autoapprove-dependabot[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/undici-7.24.1
Apr 18, 2026
Merged

Upgrade: [dependabot] - bump undici from 5.29.0 to 7.24.1#139
eps-autoapprove-dependabot[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/undici-7.24.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 16, 2026
edited
Loading

Bumps undici from 5.29.0 to 7.24.1.

Release notes

Sourced from undici's releases.

v7.24.1

What's Changed

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

References

... (truncated)

Commits
  • 23e3cd3 Bumped v7.24.1
  • 3aedaa8 remove PLAN.md
  • 0d7ec33 fix: proto pollution (#4885)
  • 07a3906 Bumped v7.24.0 (#4887)
  • 74495c6 fix: reject duplicate content-length and host headers
  • 84235c6 Fix websocket 64-bit length overflow
  • 77594f9 fix: validate upgrade header to prevent CRLF injection
  • cb79c57 fix: validate server_max_window_bits range in permessage-deflate
  • 4147ce2 Merge commit '2ee00cb3'
  • 2ee00cb fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 16, 2026
@eps-autoapprove-dependabot eps-autoapprove-dependabot bot enabled auto-merge (squash) April 16, 2026 18:16
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/undici-7.24.1 branch 2 times, most recently from c36e9fa to a50a523 Compare April 16, 2026 22:17
@anthony-nhs
Copy link
Copy Markdown
Contributor

anthony-nhs commented Apr 17, 2026

@dependabot recreate

@dependabot
Upgrade: [dependabot] - bump undici from 5.29.0 to 7.24.1
72afa04 
Bumps [undici](https://github.com/nodejs/undici) from 5.29.0 to 7.24.1.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.29.0...v7.24.1)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/undici-7.24.1 branch from a50a523 to 72afa04 Compare April 17, 2026 11:01
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 17, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@eps-autoapprove-dependabot eps-autoapprove-dependabot bot merged commit ee6b102 into main Apr 18, 2026
11 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/undici-7.24.1 branch April 18, 2026 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anthony-nhs anthony-nhs anthony-nhs approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anthony-nhs