Skip to content

Comments

[Snyk] Upgrade undici from 5.25.4 to 5.29.0#11

Open
blacksmith-axlora wants to merge 1 commit intomainfrom
snyk-upgrade-bf441804122fc67852b9b79185022b40
Open

[Snyk] Upgrade undici from 5.25.4 to 5.29.0#11
blacksmith-axlora wants to merge 1 commit intomainfrom
snyk-upgrade-bf441804122fc67852b9b79185022b40

Conversation

@blacksmith-axlora
Copy link

@blacksmith-axlora blacksmith-axlora commented Jun 27, 2025

snyk-top-banner

Snyk has created this PR to upgrade undici from 5.25.4 to 5.29.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 16 versions ahead of your current version.

  • The recommended version was released 3 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Insecure Randomness
SNYK-JS-UNDICI-8641354		 436 Proof of Concept
low severity Missing Release of Memory after Effective Lifetime
SNYK-JS-UNDICI-10176064		 436 Proof of Concept
low severity Information Exposure
SNYK-JS-UNDICI-5962466		 436 No Known Exploit
low severity Permissive Cross-domain Policy with Untrusted Domains
SNYK-JS-UNDICI-6252336		 436 No Known Exploit
low severity Improper Access Control
SNYK-JS-UNDICI-6564963		 436 No Known Exploit
low severity Improper Authorization
SNYK-JS-UNDICI-6564964		 436 No Known Exploit
Release notes
Package name: undici
  • 5.29.0 - 2025-03-19

    What's Changed

    • Fix tests in v5.x for Node 20 by @ mcollina in #4104
    • Removed clients with unrecoverable errors from the Pool #4088

    Full Changelog: v5.28.5...v5.29.0

  • 5.28.5 - 2025-01-16

    ⚠️ Security Release ⚠️

    Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

    Full Changelog: v5.28.4...v5.28.5

  • 5.28.4 - 2024-04-02
  • 5.28.3 - 2024-02-05
  • 5.28.2 - 2023-11-30
  • 5.28.1 - 2023-11-27
  • 5.28.0 - 2023-11-24
  • 5.27.2 - 2023-11-03
  • 5.27.1 - 2023-11-03
  • 5.27.0 - 2023-10-26
  • 5.26.5 - 2023-10-23
  • 5.26.4 - 2023-10-19
  • 5.26.3 - 2023-10-11
  • 5.26.2 - 2023-10-11
  • 5.26.1 - 2023-10-11
  • 5.26.0 - 2023-10-11
  • 5.25.4 - 2023-10-03
from undici GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade undici from 5.25.4 to 5.29.0
85732b6 
Snyk has created this PR to upgrade undici from 5.25.4 to 5.29.0.

See this package in npm:
undici

See this project in Snyk:
https://app.snyk.io/org/axlora-admin/project/32a52ab5-8cfe-4a07-ad9b-8376824157ea?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@blacksmith-axlora @snyk-bot