[Snyk] Upgrade undici from 5.28.4 to 7.5.0

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade undici from 5.28.4 to 7.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 67 versions ahead of your current version.

• The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	169	Proof of Concept
	Insecure Randomness SNYK-JS-UNDICI-8641354	169	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-OCTOKITENDPOINT-8730856	169	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-OCTOKITREQUESTERROR-8730854	169	Proof of Concept

Release notes

Package name: undici

• 7.5.0 - 2025-03-12
  

  What's Changed

  • feat(docs): button to switch dark and light mode by @ shivarm in #4044
  • feat: add mock call history to access request configuration in test by @ blephy in #4029
  • fix: Fix retry-handler.js when retry-after header is a Date by @ fgiova in #4084
  • Update Cache Tests by @ github-actions in #4027
  • Allow disabling autoSelectFamily in an Agent by @ hitsthings in #4070
  • Removed clients with unrecoverable errors from the Pool by @ mcollina in #4088

  New Contributors

  • @ blephy made their first contribution in #4029
  • @ fgiova made their first contribution in #4084
  • @ hitsthings made their first contribution in #4070

  Full Changelog: v7.4.0...v7.5.0

• 7.4.0 - 2025-02-28
  

  What's Changed

  • fix: apply byte offset on Buffer.from by @ ronag in #4019
  • fix: fetch body fallback random number generation by @ Uzlopak in #4023
  • Add release instructions by @ mcollina in #4022
  • Update Cache Tests by @ github-actions in #4020
  • Update WPT by @ github-actions in #4011
  • docs: document about global dispatcher and errors (#3987) by @ zuozp8 in #4014
  • docs: fix incorrect method signature of onResponseError by @ tmair in #4030
  • feat(docs): copy to clipboard button by @ shivarm in #4037
  • don't check AbortSignal maxListeners on some node versions by @ KhafraDev in #4045
  • feat: mark EnvHttpProxyAgent as stable by @ aduh95 in #4049
  • test: fix windows wpt by @ metcoder95 in #4050
  • fix: do not throw unhandled exception when data is undefined in interceptor.reply by @ frederikprijck in #4036
  • fix: handle missing vary header values by @ gurgunday in #4031
  • Update WPT by @ github-actions in #4028
  • Update WPT by @ github-actions in #4062
  • fix: fix EnvHttpProxyAgent for the Node.js bundle by @ joyeecheung in #4064

  New Contributors

  • @ zuozp8 made their first contribution in #4014
  • @ tmair made their first contribution in #4030
  • @ shivarm made their first contribution in #4037
  • @ frederikprijck made their first contribution in #4036
  • @ joyeecheung made their first contribution in #4064

  Full Changelog: v7.3.0...v7.4.0

• 7.3.0 - 2025-01-22
  

  What's Changed

  • fix: sqlite null ref by @ ronag in #4016
  • fix: sqlite remove unnecessary parameter by @ ronag in #4017
  • feat: sqlite add set and minor cleanup by @ ronag in #4018

  Full Changelog: v7.2.3...v7.3.0

• 7.2.3 - 2025-01-16
  

  ⚠️ Security Release ⚠️

  Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

  What's Changed

  • Fix typo in update cache tests action by @ flakey5 in #4008

  Full Changelog: v7.2.2...v7.2.3

• 7.2.2 - 2025-01-15
  

  What's Changed

  • Update WPT by @ github-actions in #3991
  • fix: dual-stack retries infinite loop by @ luddd3 in #4001
  • build(deps): bump codecov/codecov-action from 5.0.7 to 5.1.2 by @ dependabot in #3980
  • build(deps): bump github/codeql-action from 3.27.0 to 3.28.1 by @ dependabot in #4003
  • tests: Update Cache Tests by @ github-actions in #3965
  • ReadableStreamFrom pull until cannot on empty enqueu by @ KhafraDev in #4002
  • Resolve circular dependency by @ mcollina in #4006

  Full Changelog: v7.2.1...v7.2.2

• 7.2.1 - 2025-01-09
  

  What's Changed

  • fix(3951): typo on errorede dns lookup by @ metcoder95 in #3956
  • feat: add missing error type by @ Gigioliva in #3964
  • websocket: improve frame parsing by @ tsctx in #3447
  • fix(#3966): account for network errors by @ metcoder95 in #3967
  • build(deps-dev): bump @ fastify/busboy from 3.1.0 to 3.1.1 by @ dependabot in #3971
  • Update WPT by @ github-actions in #3954
  • docs: fix dispatcher stream example links by @ luddd3 in #3972
  • fix: undici:request:headers does not indicate completion of a response by @ legendecas in #3974
  • build(deps): bump cronometro from 3.0.2 to 4.0.1 in /benchmarks by @ dependabot in #3976
  • fix(#3975): do not unref timeout by @ metcoder95 in #3977
  • fix: bad response on h2 server by @ metcoder95 in #3978
  • build(deps): bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 by @ dependabot in #3981
  • build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @ dependabot in #3983
  • chore: ensure automated v7 release compared to v7 by @ trivikr in #3986
  • test: ignore test for CITGM by @ metcoder95 in #3993
  • fix: retry flaky test by @ metcoder95 in #3992

  New Contributors

  • @ legendecas made their first contribution in #3974

  Full Changelog: v7.2.0...v7.2.1

• 7.2.0 - 2024-12-18
  

  What's Changed

  • fix: dns interceptor undefined function by @ luddd3 in #3958
  • More cache fixes by @ flakey5 in #3955
  • [Release] v7.2.0 by @ github-actions in #3962

  Full Changelog: v7.1.1...v7.2.0

• 7.1.1 - 2024-12-16
  

  What's Changed

  • fix: publish undici:client:sendHeaders message on H2 by @ fengmk2 in #3921
  • Add support schedule by @ mcollina in #3923
  • cache: do not set undefined etag by @ mcollina in #3925
  • test: cleanup cache tests by @ flakey5 in #3926
  • fix mimetype parser wrong operator by @ tsctx in #3924
  • correctly set if-none-match by @ mcollina in #3933
  • Add example for request + "Garbage Collection" by @ WTCT-TOP in #3916
  • fix: response error interceptor by @ Gigioliva in #3930
  • build(deps-dev): bump neostandard from 0.11.9 to 0.12.0 by @ dependabot in #3938
  • fix(#3937): respect correct host header by @ metcoder95 in #3940
  • fix: handle case no content type by @ Gigioliva in #3931
  • support array of headers in WrapHandler by @ KhafraDev in #3941
  • build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 by @ dependabot in #3911
  • test: Update WPT by @ github-actions in #3888
  • build(deps-dev): bump @ fastify/busboy from 3.0.0 to 3.1.0 by @ dependabot in #3939
  • Support SQLite unflagged without useless warnings by @ mcollina in #3947
  • docs: enhance documentation by @ metcoder95 in #3945

  New Contributors

  • @ WTCT-TOP made their first contribution in #3916

  Full Changelog: v7.1.0...v7.1.1

• 7.1.0 - 2024-12-03
• 7.0.0 - 2024-11-27
• 7.0.0-alpha.10 - 2024-11-27
• 7.0.0-alpha.9 - 2024-11-27
• 7.0.0-alpha.8 - 2024-11-27
• 7.0.0-alpha.7 - 2024-11-25
• 7.0.0-alpha.6 - 2024-11-20
• 7.0.0-alpha.5 - 2024-11-19
• 7.0.0-alpha.4 - 2024-11-15
• 7.0.0-alpha.3 - 2024-10-24
• 7.0.0-alpha.2 - 2024-10-09
• 7.0.0-alpha.1 - 2024-09-03
• 6.21.2 - 2025-03-13
• 6.21.1 - 2025-01-16
  

  ⚠️ Security Release ⚠️

  Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

  What's Changed

  • fix(#3736): back-port 183f8e9 to v6.x by @ ggoodman in #3855
  • fix(#3817): send servername for SNI on TLS (#3821) [backport] by @ metcoder95 in #3864
  • fix: sending formdata bodies with http2 (#3863) [backport] by @ metcoder95 in #3866
  • [Backport v6.x] fix: Fixed the issue that there is no running request when http2 goaway by @ github-actions in #3877
  • types: [backport] Update return type of RetryCallback (#3851) by @ metcoder95 in #3876

  Full Changelog: v6.21.0...v6.21.1

• 6.21.0 - 2024-11-13
• 6.20.1 - 2024-10-14
• 6.20.0 - 2024-10-09
• 6.19.8 - 2024-08-19
• 6.19.7 - 2024-08-09
• 6.19.6 - 2024-08-09
• 6.19.5 - 2024-07-31
• 6.19.4 - 2024-07-22
• 6.19.3 - 2024-07-22
• 6.19.2 - 2024-06-18
• 6.19.1 - 2024-06-17
• 6.19.0 - 2024-06-14
• 6.18.2 - 2024-05-29
• 6.18.1 - 2024-05-22
• 6.18.0 - 2024-05-20
• 6.17.0 - 2024-05-17
• 6.16.1 - 2024-05-10
• 6.16.0 - 2024-05-07
• 6.15.0 - 2024-04-29
• 6.14.1 - 2024-04-23
• 6.14.0 - 2024-04-22
• 6.13.0 - 2024-04-12
• 6.12.0 - 2024-04-08
• 6.11.1 - 2024-04-02
• 6.11.0 - 2024-04-02
• 6.10.2 - 2024-03-27
• 6.10.1 - 2024-03-21
• 6.10.0 - 2024-03-21
• 6.9.0 - 2024-03-14
• 6.8.0 - 2024-03-13
• 6.7.1 - 2024-03-08
• 6.7.0 - 2024-03-03
• 6.6.2 - 2024-02-06
• 6.6.1 - 2024-02-05
• 6.6.0 - 2024-02-01
• 6.5.0 - 2024-01-26
• 6.4.0 - 2024-01-19
• 6.3.0 - 2024-01-08
• 6.2.1 - 2023-12-22
• 6.2.0 - 2023-12-20
• 6.1.0 - 2023-12-20
• 6.0.1 - 2023-12-06
• 6.0.0 - 2023-12-05 ...

  Summary by Sourcery

  Bug Fixes:

  • Resolves multiple security vulnerabilities, including high-severity issues like Regular Expression Denial of Service (ReDoS) and Insecure Randomness

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades the undici dependency from version 5.28.4 to 7.5.0 in packages/attest/package.json. This upgrade includes several fixes and improvements, including security patches and new features.

Updated class diagram for undici

classDiagram
  class undici {
    <<package>>
    -version: string
    +Agent()
    +Pool()
    +Client()
    +request()
    +stream()
    +pipeline()
    +connect()
  }
  note for undici "Upgraded from 5.28.4 to 7.5.0"

Loading

File-Level Changes

Change	Details	Files
The pull request upgrades the undici dependency from version 5.28.4 to 7.5.0.	Updated the undici dependency version in package.json.	packages/attest/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.