Skip to content

chore(deps-dev): bump undici from 7.18.2 to 7.24.0#1411

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/undici-7.24.0
Open

chore(deps-dev): bump undici from 7.18.2 to 7.24.0#1411
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/undici-7.24.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026
edited
Loading

Bumps undici from 7.18.2 to 7.24.0.

Release notes

Sourced from undici's releases.

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

References

v7.23.0

What's Changed

... (truncated)

Commits
  • 07a3906 Bumped v7.24.0 (#4887)
  • 74495c6 fix: reject duplicate content-length and host headers
  • 84235c6 Fix websocket 64-bit length overflow
  • 77594f9 fix: validate upgrade header to prevent CRLF injection
  • cb79c57 fix: validate server_max_window_bits range in permessage-deflate
  • 4147ce2 Merge commit '2ee00cb3'
  • 2ee00cb fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate
  • 5890c7b fix(deduplicate): stream response chunks to waiting handlers
  • fbda3c1 Bumped v7.23.0 (#4884)
  • 07276c9 fix: remove unused kSocketPath symbol
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 13, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/undici-7.24.0 branch from 0e4dfea to 2259901 Compare March 18, 2026 04:37
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/undici-7.24.0 branch 2 times, most recently from 392390c to 9cc7ac4 Compare April 1, 2026 16:17
@dependabot
chore(deps-dev): bump undici from 7.18.2 to 7.24.0
916d7d7 
Bumps [undici](https://github.com/nodejs/undici) from 7.18.2 to 7.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.18.2...v7.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/undici-7.24.0 branch from 9cc7ac4 to 916d7d7 Compare April 1, 2026 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants