chore(deps): update dependency undici to v8 by tradeshift-renovate[bot] · Pull Request #130 · Tradeshift/create-pull-request

GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
Inconsistent interpretation of HTTP requests (request/response smuggling class issue).
GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
Malicious WebSocket 64-bit frame length handling could crash the client.
GHSA-phc3-fgpg-7m6h / CVE-2026-2581 (Medium)
Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).
GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
CRLF injection via the upgrade option.
GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.
GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
Unbounded memory consumption in WebSocket permessage-deflate decompression.

Affected and patched ranges

CVE-2026-1525: affected 7.0.0 < 7.24.0, patched 7.24.0
CVE-2026-1528: affected 7.0.0 < 7.24.0, patched 7.24.0
CVE-2026-2581: affected >= 7.17.0 < 7.24.0, patched 7.24.0
CVE-2026-1527: affected 7.0.0 < 7.24.0, patched 7.24.0
CVE-2026-2229: affected 7.0.0 < 7.24.0, patched 7.24.0
CVE-2026-1526: affected 7.0.0 < 7.24.0, patched 7.24.0

References

GitHub Security Advisories: https://github.com/nodejs/undici/security/advisories
NVD CVE-2026-1525: https://nvd.nist.gov/vuln/detail/CVE-2026-1525
NVD CVE-2026-1528: https://nvd.nist.gov/vuln/detail/CVE-2026-1528
NVD CVE-2026-2581: https://nvd.nist.gov/vuln/detail/CVE-2026-2581
NVD CVE-2026-1527: https://nvd.nist.gov/vuln/detail/CVE-2026-1527
NVD CVE-2026-2229: https://nvd.nist.gov/vuln/detail/CVE-2026-2229
NVD CVE-2026-1526: https://nvd.nist.gov/vuln/detail/CVE-2026-1526

`v7.23.0`

Compare Source

What's Changed

fix: prevent AbortController GC when redirect is 'error' by @mcollina in https://github.com/nodejs/undici/pull/4750
docs: clarify UndiciHeaders validation guidance by @mcollina in https://github.com/nodejs/undici/pull/4832
build(deps): bump actions/checkout from 5.0.0 to 6.0.2 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/47955
build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/47944
build(deps): bump github/codeql-action from 4.31.2 to 4.32.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/47933
test: add unexpected disconnect guards to client test files by @samayer12 in https://github.com/nodejs/undici/pull/4833
fix fetch stripping trailing ? from url by @KhafraDev in https://github.com/nodejs/undici/pull/4837
fix: forward onResponseStarted through WrapHandler and UnwrapHandler by @7rulnik in https://github.com/nodejs/undici/pull/4840
webidl: access keys in lexicographical order by @KhafraDev in https://github.com/nodejs/undici/pull/4841
ci: disable coverage on Node.js 25 by @mcollina in https://github.com/nodejs/undici/pull/4852
build(deps): bump uWebSockets.js from v20.56.0 to v20.58.0 in /benchmarks by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/48555
fix(h2): TypeError: Cannot read properties of null (reading 'servername') in _resume when H2 stream completes by @hxinhan in https://github.com/nodejs/undici/pull/4847
fix(h2): ignore late data frames after request completion by @mcollina in https://github.com/nodejs/undici/pull/4845
fix(handler): preserve latin1 header encoding in WrapHandler by @theamodhshetty in https://github.com/nodejs/undici/pull/4859
docs(examples): add cache interceptor example with fetch by @nthbotast in https://github.com/nodejs/undici/pull/4864
docs(dispatcher): clarify onResponseStart return value is ignored by @nthbotast in https://github.com/nodejs/undici/pull/4865
feat: add SOCKS5 proxy support to ProxyAgent by @mcollina in https://github.com/nodejs/undici/pull/4385
fix: harden header iterable checks for prototype-pollution scenarios by @mcollina in https://github.com/nodejs/undici/pull/4824
fix(interceptor): preserve tuple headers in dns interceptor by @theamodhshetty in https://github.com/nodejs/undici/pull/4863
docs(dispatcher): use RFC 2606 domains in interceptor examples by @nthbotast in https://github.com/nodejs/undici/pull/4873
feat: add IP prioritization hints for HTTP/1.1 and HTTP/2 by @amyssnippet in https://github.com/nodejs/undici/pull/4831
docs: clarify when to install undici vs using Node's built-in fetch by @travisbreaks in https://github.com/nodejs/undici/pull/4868
docs(dispatcher): add cache interceptor fetch example by @nthbotast in https://github.com/nodejs/undici/pull/4870
fix(dispatcher): pass socketPath to custom connect callbacks by @theamodhshetty in https://github.com/nodejs/undici/pull/4857

New Contributors

@samayer12 made their first contribution in https://github.com/nodejs/undici/pull/4833
@7rulnik made their first contribution in https://github.com/nodejs/undici/pull/4840
@hxinhan made their first contribution in https://github.com/nodejs/undici/pull/4847
@theamodhshetty made their first contribution in https://github.com/nodejs/undici/pull/4859
@nthbotast made their first contribution in https://github.com/nodejs/undici/pull/4864
@amyssnippet made their first contribution in https://github.com/nodejs/undici/pull/4831
@travisbreaks made their first contribution in https://github.com/nodejs/undici/pull/4868

Full Changelog: nodejs/undici@v7.22.0...v7.23.0

`v7.22.0`

Compare Source

What's Changed

docs: fix syntax highlighting in WebSocket.md by @styfle in https://github.com/nodejs/undici/pull/4814
fix: use OR operator in includesCredentials per WHATWG URL Standard by @jackhax in https://github.com/nodejs/undici/pull/4816
feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk by @SuperOleg39 in https://github.com/nodejs/undici/pull/4676
fix: route WebSocket upgrades through onRequestUpgrade by @mcollina in https://github.com/nodejs/undici/pull/4787
build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/48211
fix(deduplicate): do not deduplicate non-safe methods by default by @mcollina in https://github.com/nodejs/undici/pull/4818
feat: Support async cache stores in revalidation by @marcopiraccini in https://github.com/nodejs/undici/pull/4826

New Contributors

@jackhax made their first contribution in https://github.com/nodejs/undici/pull/4816
@marcopiraccini made their first contribution in https://github.com/nodejs/undici/pull/4826

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

`v7.21.0`

Compare Source

What's Changed

build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/47966
test: restore global dispatcher after fetch tests by @mcollina in https://github.com/nodejs/undici/pull/4790
Add missing close method to WebSocketStream interface by @piotr-cz in https://github.com/nodejs/undici/pull/4802
fix: error stream instead of canceling by @KhafraDev in https://github.com/nodejs/undici/pull/4804
Fix clientTtl cleanup race in Agent by @mcollina in https://github.com/nodejs/undici/pull/4807
feat(#4230): Implement pingInterval for dispatching PING frames by @metcoder95 in https://github.com/nodejs/undici/pull/4296
fix: handle undefined __filename in bundled environments by @mcollina in https://github.com/nodejs/undici/pull/4812
fix: set finalizer only for fetch responses by @tsctx in https://github.com/nodejs/undici/pull/4803

New Contributors

@piotr-cz made their first contribution in https://github.com/nodejs/undici/pull/4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

`v7.20.0`

Compare Source

What's Changed

fix: preserve fetch stack traces by @mcollina in https://github.com/nodejs/undici/pull/4778
Fix error handling in MockPool example by @dave-kennedy in https://github.com/nodejs/undici/pull/4781
feat: expose statusText in request() ResponseData by @domenic in https://github.com/nodejs/undici/pull/4784
test: reduce retry-after invalid date flake by @mcollina in https://github.com/nodejs/undici/pull/4788
extractBody fixes by @KhafraDev in https://github.com/nodejs/undici/pull/4791
fix: MockAgent delayed response with AbortSignal (#4693) by @mcollina in https://github.com/nodejs/undici/pull/4772
fix: onParserTimeout potentially accessing undefined by @vbfox in https://github.com/nodejs/undici/pull/4758

New Contributors

@dave-kennedy made their first contribution in https://github.com/nodejs/undici/pull/4781
@vbfox made their first contribution in https://github.com/nodejs/undici/pull/4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

`v7.19.2`

Compare Source

What's Changed

Minor code cleanups to decompress interceptor by @domenic in https://github.com/nodejs/undici/pull/4754
fix(h2): fix flaky stream end handling on macOS by @mcollina in https://github.com/nodejs/undici/pull/4762
return response when receiving 401 instead of network error by @KhafraDev in https://github.com/nodejs/undici/pull/4769
fix: properly close idle connections in test server cleanup by @mcollina in https://github.com/nodejs/undici/pull/4764
fix: decode HTTP headers as latin1 instead of utf8 by @mcollina in https://github.com/nodejs/undici/pull/4768
fix: submodule update by @Uzlopak in https://github.com/nodejs/undici/pull/4648
build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/47200

New Contributors

@domenic made their first contribution in https://github.com/nodejs/undici/pull/4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

`v7.19.1`

Compare Source

What's Changed

fix: use commit hash when generating release (#4757) by @fenichelar in https://github.com/nodejs/undici/pull/4759
fix fetch 401 loop by @KhafraDev in https://github.com/nodejs/undici/pull/4761

New Contributors

@fenichelar made their first contribution in https://github.com/nodejs/undici/pull/4759

Full Changelog: nodejs/undici@v7.19.0...v7.19.1

`v7.19.0`

Compare Source

What's Changed

fix: Handle FormData body type correctly in RetryAgent retried requests by @eliotschu in https://github.com/nodejs/undici/pull/4692
feat(client): expose HTTP/2 flow-control options by @pabloelisseo in https://github.com/nodejs/undici/pull/4706
Implement origin normalization in MockAgent for case-insensitivity and URL handling by @SksOp in https://github.com/nodejs/undici/pull/4731
fix websocket basic auth by @KhafraDev in https://github.com/nodejs/undici/pull/4747
fix(cache): regenerate stream from source when cache.match is called after GC by @mcollina in https://github.com/nodejs/undici/pull/4713
chore: use testcontext for test:cache by @Uzlopak in https://github.com/nodejs/undici/pull/4571
chore: use testcontext for subresource integrity tests by @Uzlopak in https://github.com/nodejs/undici/pull/4575
feat(cache): add origins option for whitelist filtering by @mcollina in https://github.com/nodejs/undici/pull/4739
ci: test shared-builtin only on Node.js 24 and 25 by @mcollina in https://github.com/nodejs/undici/pull/4746
fix websocketstream open error by @KhafraDev in https://github.com/nodejs/undici/pull/4748

New Contributors

@eliotschu made their first contribution in https://github.com/nodejs/undici/pull/4692
@pabloelisseo made their first contribution in https://github.com/nodejs/undici/pull/4706
@SksOp made their first contribution in https://github.com/nodejs/undici/pull/4731

Full Changelog: nodejs/undici@v7.18.2...v7.19.0

`v7.18.2`

Compare Source

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by @mcollina in https://github.com/nodejs/undici/pull/4729

Full Changelog: nodejs/undici@v7.18.1...v7.18.2

`v7.18.1`

Compare Source

What's Changed

Test and Fix running without SSL by @mcollina in https://github.com/nodejs/undici/pull/4727
docs: add security warning for strictContentLength option by @mcollina in https://github.com/nodejs/undici/pull/4726
build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/47188
build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/47199

Full Changelog: nodejs/undici@v7.18.0...v7.18.1

`v7.18.0`

Compare Source

What's Changed

Full Changelog: nodejs/undici@v7.17.0...v7.18.0

`v7.17.0`

Compare Source

What's Changed

chore: extract infra and encoding methods by @Uzlopak in https://github.com/nodejs/undici/pull/4523
ci: remove h2 by @Uzlopak in https://github.com/nodejs/undici/pull/4534
ci: make nodejs-shared wf reusable, install binaryen for wasm-opt, test on node-nightly by @Uzlopak in https://github.com/nodejs/undici/pull/4535
ci: fix nightly shared library case by @Uzlopak in https://github.com/nodejs/undici/pull/4543
test: consume bodies of fetch responses to fix failing macos 20 ci by @Uzlopak in https://github.com/nodejs/undici/pull/4528
docs: add Cache Interceptor example to README by @tawseefnabi in https://github.com/nodejs/undici/pull/4393
test: remove node20 version check by @Uzlopak in https://github.com/nodejs/undici/pull/4544
types: use MessagePort instance type in MessageEvent by @Renegade334 in https://github.com/nodejs/undici/pull/4546
ci: set write permissions on job level by @Uzlopak in https://github.com/nodejs/undici/pull/4537
lint: activate n/no-process-exit by @Uzlopak in https://github.com/nodejs/undici/pull/4548
ci: run benchmarks on pull_requests and by pushing on specific branches only by @Uzlopak in https://github.com/nodejs/undici/pull/4536
chore: activate n/prefer-node-protocol to enforce 'node:' prefix for requiring node built-ins by @Uzlopak in https://github.com/nodejs/undici/pull/4547
feat(H2): correct CONNECT behaviour by @metcoder95 in https://github.com/nodejs/undici/pull/4541
test: fix plans by @Uzlopak in https://github.com/nodejs/undici/pull/4550
feat: add runtime feature "detection" by @Uzlopak in https://github.com/nodejs/undici/pull/4545
perf: use less promises in extractBody by @Uzlopak in https://github.com/nodejs/undici/pull/4458
fix(proxy-agent): add missing return after callback-call by @Uzlopak in https://github.com/nodejs/undici/pull/4553
fix: remove redundant line in retry-handler by @Uzlopak in https://github.com/nodejs/undici/pull/4554
ci: add no-wasm-simd option by @Uzlopak in https://github.com/nodejs/undici/pull/4533
fix: use lazyloaders for runtime feature detection by @Uzlopak in https://github.com/nodejs/undici/pull/4557
fix: minor changes in dispatcher-base.js and types for Dispatcher by @Uzlopak in https://github.com/nodejs/undici/pull/4556
http2: refactor and split tests of http2.js into multiple files by @Uzlopak in https://github.com/nodejs/undici/pull/4561
fix: dns-interceptor test should await plan to complete by @Uzlopak in https://github.com/nodejs/undici/pull/4560
chore: remove istanbul instructions by @Uzlopak in https://github.com/nodejs/undici/pull/4559
fix: keep promise chains intact by @Uzlopak in https://github.com/nodejs/undici/pull/4558
build(deps): bump wait-on from 8.0.5 to 9.0.1 in /benchmarks by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/45677
chore: remove tspl from eventsource by @Uzlopak in https://github.com/nodejs/undici/pull/4569
chore: remove tspl from fetch by @Uzlopak in https://github.com/nodejs/undici/pull/4570
feat: add getUpstream() method to BalancedPool by @mcollina in https://github.com/nodejs/undici/pull/4586
fetch: handle invalid priority values properly by @Uzlopak in https://github.com/nodejs/undici/pull/4522
ci: fix test coverage for codecov by @Uzlopak in https://github.com/nodejs/undici/pull/4520
types: optional status in Response.redirect by @gineika in https://github.com/nodejs/undici/pull/4591
docs: unix socket add-on by @FelixVaughan in https://github.com/nodejs/undici/pull/4587
build(deps): bump codecov/codecov-action from 5.5.0 to 5.5.1 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46011
build(deps): bump hendrikmuhs/ccache-action from 1.2.18 to 1.2.19 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46000
build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46033
build(deps): bump actions/setup-node from 4.0.2 to 5.0.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46044
build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46022
build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/45988
build(deps): bump github/codeql-action from 3.30.0 to 3.30.5 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/45999
build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/45977
fix: cacheStores types and usage in README by @lucalooz in https://github.com/nodejs/undici/pull/4605
Feat dns interceptor storage by @SuperOleg39 in https://github.com/nodejs/undici/pull/4589
docs: add crawling best practices by @Uzlopak in https://github.com/nodejs/undici/pull/4590
fix: 304 not modified reply upon revalidation did not update cache. by @daan944 in https://github.com/nodejs/undici/pull/4617
chore: use testcontext for test:infra by @Uzlopak in https://github.com/nodejs/undici/pull/4579
fetch: improve regexes in data-uri.js by @Uzlopak in https://github.com/nodejs/undici/pull/4483
perf: optimize validate http token by @PandaWorker in https://github.com/nodejs/undici/pull/4608
test: improve long-lived-abort-controller test by @Uzlopak in https://github.com/nodejs/undici/pull/4621
ci: add node.js 25 to test matrix by @shivarm in https://github.com/nodejs/undici/pull/4626
chore: use testcontext for test/utils tests by @Uzlopak in https://github.com/nodejs/undici/pull/4577
chore: remove tspl from websocket by @Uzlopak in https://github.com/nodejs/undici/pull/4568
fix(ws) onSocketClose being called multiple times by @KhafraDev in https://github.com/nodejs/undici/pull/4632
fix: prevent duplicate debug logs when multiple undici instances exist by @mcollina in https://github.com/nodejs/undici/pull/4630
chore: use testcontext for busboy tests by @Uzlopak in https://github.com/nodejs/undici/pull/4572
test: fix flaky http2-dispatcher test by @mcollina in https://github.com/nodejs/undici/pull/4633
build(deps): bump uWebSockets.js from v20.52.0 to v20.54.0 in /benchmarks by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46355
Run the gc() in long-lived-abort-controller test by @mcollina in https://github.com/nodejs/undici/pull/4638
Do not destroy the HTTP2 stream twice in tests by @mcollina in https://github.com/nodejs/undici/pull/4637
Fix http2-dispatcher test by @mcollina in https://github.com/nodejs/undici/pull/4640
fix: fetch blob with range off-by-one error by @platypii in https://github.com/nodejs/undici/pull/4643
fix: ensure HTTP/2 sends Content-Length for empty POST requests by @mcollina in https://github.com/nodejs/undici/pull/4613
build(deps): bump uWebSockets.js from v20.54.0 to v20.55.0 in /benchmarks by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46455
feat(#2458): WebSocket through HTTP/2 by @metcoder95 in https://github.com/nodejs/undici/pull/4540
docs(README): correct the example code for the consumption of respons… by @tenkirin in https://github.com/nodejs/undici/pull/4658
build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46533
build(deps): bump fastify/github-action-merge-dependabot from 3.11.1 to 3.11.2 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46555
build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46522
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46511
build(deps): bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46544
don't freeze urlList for opaque filtered responses by @KhafraDev in https://github.com/nodejs/undici/pull/4656
fix fd parsing unquoted attribute values by @KhafraDev in https://github.com/nodejs/undici/pull/4662
build(deps): bump uWebSockets.js from v20.55.0 to v20.56.0 in /benchmarks by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46655
feat(dispatcher/proxy-agent): new diagnostics event 'undici:proxy:connected' by @SuperOleg39 in https://github.com/nodejs/undici/pull/4659
Feat/round robin pool by @FelixVaughan in https://github.com/nodejs/undici/pull/4650
Formdata ignore epilogue preamble by @KhafraDev in https://github.com/nodejs/undici/pull/4672
build(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] inhttps://github.com/nodejs/undici/pull/46822
fix: snapshot url exclusion by @FelixVaughan in https://github.com/nodejs/undici/pull/4670
feat: support h2c over unix domain sockets by @chrros95 in https://github.com/nodejs/undici/pull/4690
fix(docs): remove unused TypeScript example code block by @kerolloz in https://github.com/nodejs/undici/pull/4701
feat: add deduplicate interceptor for request deduplication by @mcollina in https://github.com/nodejs/undici/pull/4679
chore: use testcontext for mock tests by @Uzlopak in https://github.com/nodejs/undici/pull/4582
fix(test): remove hardcoded folder name in client-error-stack-trace test by @mcollina in https://github.com/nodejs/undici/pull/4707

New Contributors

@gineika made their first contribution in https://github.com/nodejs/undici/pull/4591
@lucalooz made their first contribution in https://github.com/nodejs/undici/pull/4605
@SuperOleg39 made their first contribution in https://github.com/nodejs/undici/pull/4589
@daan944 made their first contribution in https://github.com/nodejs/undici/pull/4617
@PandaWorker made their first contribution in https://github.com/nodejs/undici/pull/4608
@platypii made their first contribution in [https://github.com/n

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻️ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR changes the ownership of this repo to SRE, as the developer productivity team doesn't exist anymore.

tradeshift-renovate · 2026-04-12T00:45:41Z

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

tradeshift-renovate bot added dependencies Pull requests that update a dependency file dev labels Apr 3, 2026

tssecurity approved these changes Apr 3, 2026

View reviewed changes

wejendorp and others added 3 commits April 5, 2026 00:43

chore: add catalog-info.yml and repofile

feaf199

chore: setup rebase action

ee1077d

chore: change of ownership from developer-productivity to sre

0a0dbdb

This PR changes the ownership of this repo to SRE, as the developer productivity team doesn't exist anymore.

tradeshiftcicomponents force-pushed the main branch from 76d7546 to 0a0dbdb Compare April 5, 2026 00:43

chore(deps): update dependency undici to v8

e470c89

tradeshift-renovate bot force-pushed the renovate/undici-8.x branch from 60bc615 to e470c89 Compare April 6, 2026 07:05

tradeshiftcicomponents force-pushed the main branch from 0a0dbdb to b77db5b Compare April 12, 2026 00:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency undici to v8#130

chore(deps): update dependency undici to v8#130
tradeshift-renovate[bot] wants to merge 4 commits intomainfrom
renovate/undici-8.x

tradeshift-renovate bot commented Apr 3, 2026 •

edited

Loading

Uh oh!

tradeshift-renovate bot commented Apr 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

tradeshift-renovate bot commented Apr 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

Undici v7.24.0 Security Release Notes

Upgrade guidance

Fixed advisories

Affected and patched ranges

References

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

⚠️ Security Release

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

Configuration

Uh oh!

tradeshift-renovate bot commented Apr 12, 2026

Edited/Blocked Notification

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

tradeshift-renovate bot commented Apr 3, 2026 •

edited

Loading