[Snyk] Upgrade undici from 5.28.4 to 7.2.0

[snyk-io]

Snyk has created this PR to upgrade undici from 5.28.4 to 7.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 59 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	182	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	182	No Known Exploit
	Insecure Randomness SNYK-JS-UNDICI-8641354	182	No Known Exploit
	Information Exposure SNYK-JS-VITE-8023174	182	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	182	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	182	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	182	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	182	Proof of Concept

Release notes

Package name: undici

• 7.2.0 - 2024-12-18
  

  What's Changed

  • fix: dns interceptor undefined function by @ luddd3 in #3958
  • More cache fixes by @ flakey5 in #3955
  • [Release] v7.2.0 by @ github-actions in #3962

  Full Changelog: v7.1.1...v7.2.0

• 7.1.1 - 2024-12-16
  

  What's Changed

  • fix: publish undici:client:sendHeaders message on H2 by @ fengmk2 in #3921
  • Add support schedule by @ mcollina in #3923
  • cache: do not set undefined etag by @ mcollina in #3925
  • test: cleanup cache tests by @ flakey5 in #3926
  • fix mimetype parser wrong operator by @ tsctx in #3924
  • correctly set if-none-match by @ mcollina in #3933
  • Add example for request + "Garbage Collection" by @ WTCT-TOP in #3916
  • fix: response error interceptor by @ Gigioliva in #3930
  • build(deps-dev): bump neostandard from 0.11.9 to 0.12.0 by @ dependabot in #3938
  • fix(#3937): respect correct host header by @ metcoder95 in #3940
  • fix: handle case no content type by @ Gigioliva in #3931
  • support array of headers in WrapHandler by @ KhafraDev in #3941
  • build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 by @ dependabot in #3911
  • test: Update WPT by @ github-actions in #3888
  • build(deps-dev): bump @ fastify/busboy from 3.0.0 to 3.1.0 by @ dependabot in #3939
  • Support SQLite unflagged without useless warnings by @ mcollina in #3947
  • docs: enhance documentation by @ metcoder95 in #3945

  New Contributors

  • @ WTCT-TOP made their first contribution in #3916

  Full Changelog: v7.1.0...v7.1.1

• 7.1.0 - 2024-12-03
  

  What's Changed

  • Mark http/2 support as stable by @ mcollina in #3893
  • test: fix dns interceptor flakiness by @ luddd3 in #3902
  • fix(#3901): migrate dns interceptor to new hooks by @ metcoder95 in #3903
  • feat(interceptors): migrate decorator handler to new hooks by @ metcoder95 in #3905
  • feat: Adjust allowed error codes for detecting node:sqlite by @ xconverge in #3900
  • build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @ dependabot in #3913
  • build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.7 by @ dependabot in #3910
  • Move Tomas to past collaborators by @ delvedor in #3909
  • docs: add advanced usage examples for ProxyAgent by @ mertcanaltin in #3906
  • [Release] v7.1.0 by @ github-actions in #3922

  Full Changelog: v7.0.0...v7.1.0

• 7.0.0 - 2024-11-27
  

  What's Changed

  • fetch: fix content-encoding order by @ tsctx in #3343
  • Add regression test for broken body by @ mcollina in #3346
  • build(deps): bump node from 075a5cc to 9af472b in /build by @ dependabot in #3355
  • fix: post request signal by @ Gigioliva in #3354
  • Revert "fix: post request signal (#3354)" by @ ronag in #3359
  • websocket: don't use pooled buffer in mask pool by @ tsctx in #3357
  • fix: consider bytes read when dumping by @ ronag in #3360
  • refactor: simplify signal handling by @ ronag in #3362
  • fix: use explicit flag for when use has interacted with stream by @ ronag in #3361
  • Refactor example documentation structure and add CacheableLookup example by @ DarkGL in #3363
  • refactor: simplify request error handling by @ ronag in #3364
  • fix: ensure onConnect is always called by @ ronag in #3327
  • Refactor responseHeader to responseHeaders by @ DarkGL in #3375
  • fix: don't override user defined MaxListeners by @ fawazahmed0 in #3372
  • fix: forward dispatch return value by @ ronag in #3368
  • build(deps): bump github/codeql-action from 3.25.7 to 3.25.11 by @ dependabot in #3382
  • build(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by @ dependabot in #3384
  • build(deps): bump actions/dependency-review-action from 4.3.2 to 4.3.3 by @ dependabot in #3383
  • build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @ dependabot in #3381
  • fix: throw on retry when payload is consume by downstream by @ climba03003 in #3389
  • Remove file by @ KhafraDev in #3367
  • build(deps): bump node from 9af472b to 138d0b5 in /build by @ dependabot in #3392
  • feat!: upgrade llhttp to 9.2.0 (#2705) by @ metcoder95 in #3388
  • websocket: reduce memory usage by @ tsctx in #3393
  • feat: implement BodyReadable.bytes by @ tsctx in #3391
  • websocket: avoid using Buffer.byteLength by @ tsctx in #3394
  • separate whatwg websocket logic from rfc 6455 by @ KhafraDev in #3396
  • websocket: add fast-path for string input by @ tsctx in #3395
  • Add generic type for opaque object by @ jfhr in #3385
  • build(deps): bump node from 138d0b5 to 67225d4 in /build by @ dependabot in #3398
  • interceptors: move throwOnError to interceptor by @ mertcanaltin in #3331
  • chore!: drop interceptors by @ metcoder95 in #3399
  • build(deps-dev): bump @ fastify/busboy from 2.1.1 to 3.0.0 by @ dependabot in #3404
  • fix: don't call onConnect automatically by @ ronag in #3407
  • In CITGM, skip tests that are flaky there by @ mcollina in #3413
  • Update esbuild to 0.19.10 by @ mcollina in #3415
  • Fix signature of RetryHandler by @ JbIPS in #3416
  • docs: fix ToC in CONTRIBUTING.md by @ richardlau in #3420
  • Fix fetch duplex docs by @ Ethan-Arrowood in #3422
  • fix: restore externalized Node.js dep compatibility by @ richardlau in #3421
  • fix: cast falsy servername to null to avoid falsy inequality by @ ronag in #3426
  • Add backport action by @ mcollina in #3427
  • build(deps): bump node from 67225d4 to 858234a in /build by @ dependabot in #3411
  • build(deps): bump github/codeql-action from 3.25.11 to 3.25.15 by @ dependabot in #3432
  • build(deps): bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @ dependabot in #3431
  • build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @ dependabot in #3430
  • build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @ dependabot in #3428
  • build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 by @ dependabot in #3429
  • build(deps): bump superagent from 9.0.2 to 10.0.0 in /benchmarks by @ dependabot in #3439
  • build(deps): bump node from 17e6738 to 30c5be9 in /build by @ dependabot in #3443
  • docs: use default link of Web Streams API by @ trivikr in #3446
  • fix: increased memory in finalization first appearing in v6.16.0 by @ snyamathi in #3445
  • test: add test for memory leak by @ snyamathi in #3450
  • build: parametrize the location of wasm-opt by @ khardix in #3454
  • test: streamline test scripts in regard of without-intl and run more tests for without-intl case by @ Uzlopak in #3453
  • feat!: drop throwOnError by @ metcoder95 in #3451
  • types: allow non strict HTTPMethod by @ Uzlopak in #3457
  • build(deps-dev): bump borp from 0.15.0 to 0.17.0 by @ dependabot in #3424
  • remove core isErrored and isReadable by @ KhafraDev in #3459
  • use bodyUnusable to check if body is unusable by @ KhafraDev in #3460
  • perf: non-recursive implementation of euclidian gcd in balanced pool by @ Uzlopak in

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	37% smaller

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)