Bump undici from 7.24.7 to 8.0.2#910
Conversation
Bumps [undici](https://github.com/nodejs/undici) from 7.24.7 to 8.0.2. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.24.7...v8.0.2) --- updated-dependencies: - dependency-name: undici dependency-version: 8.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
requested review from
a team,
CarlosGamero,
dariacm and
kibertoad
as code owners
📝 WalkthroughSummary by CodeRabbit
WalkthroughThe Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/app/backend-http-client/package.json`:
- Around line 41-42: Undici v8 enables HTTP/2 by default which may break
servers/proxies; find where the undici Client is constructed in this package
(look for new Client(...) or any createClient/initializeHttpClient function in
packages/app/backend-http-client) and add allowH2: false to the Client options
object passed to undici.Client (or set allowH2: false in the options returned by
the init/configure method) so HTTP/2 is disabled by default; also run/update any
integration tests that exercise HTTP calls to verify behavior remains correct.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: lokalise/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 64d2e718-bfd1-49e6-aef1-27027aaeab4d
📒 Files selected for processing (1)
packages/app/backend-http-client/package.json
| "undici": "^8.0.2", | ||
| "undici-retry": "^7.0.0" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify undici-retry v7.0.0 compatibility with undici v8.x
echo "=== Checking undici-retry package metadata ==="
curl -s https://registry.npmjs.org/undici-retry | jq -r '.versions["7.0.0"] | {
peerDependencies,
dependencies,
description
}'
echo -e "\n=== Checking for undici v8 compatibility mentions in undici-retry ==="
gh api repos/kibertoad/undici-retry/issues --jq '.[] | select(.title | test("undici.*8|v8"; "i")) | {number, title, state, created_at}'
echo -e "\n=== Checking undici-retry latest version ==="
curl -s https://registry.npmjs.org/undici-retry/latest | jq -r '{version, peerDependencies, dependencies}'Repository: lokalise/shared-ts-libs
Length of output: 645
🌐 Web query:
Does undici-retry v7.0.0 support undici v8? What are the breaking changes in undici v8.0.0 that might affect Client.Options or Client constructor?
💡 Result:
Yes. undici-retry v7.0.0 declares undici as a peer dependency >=7.0.0, so it will accept/install alongside undici v8 as well. [1]
undici v8.0.0 breaking changes that could affect Client / Client.Options
-
HTTP/2 is now enabled by default (
allowH2default changedfalse→true).
If your code assumed HTTP/1.1 behavior unless you opted in, you now need to explicitly setallowH2: falseinClient/dispatcher options to force HTTP/1.1. [2] -
Node.js 20 support was dropped (minimum Node is now 22).
Not aClient.Optionsshape change, but it’s a breaking runtime constraint that can affect any code constructingnew Client(...)if you’re still on Node 20. [3]
No other v8.0.0 items in the published release notes indicate a direct breaking change to the Client constructor signature or a rename/removal of Client.Options fields beyond the allowH2 default flip. [4]
Sources:
[1] https://cdn.jsdelivr.net/npm/undici-retry@7.0.0/package.json
[2] nodejs/undici#4828
[3] nodejs/undici#4786
[4] https://github.com/nodejs/undici/releases/tag/v8.0.0
Test HTTP/2 default behavior change in undici v8.
The upgrade is compatible: undici-retry@^7.0.0 declares undici@>=7.0.0 as a peer dependency, so it works with v8. The Client constructor signature and Client.Options API are stable.
However, undici v8 enables HTTP/2 by default (previously disabled). If your target servers or proxies don't support HTTP/2, add allowH2: false to client options, or verify that the HTTP/2 upgrade doesn't break service interactions.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/app/backend-http-client/package.json` around lines 41 - 42, Undici
v8 enables HTTP/2 by default which may break servers/proxies; find where the
undici Client is constructed in this package (look for new Client(...) or any
createClient/initializeHttpClient function in packages/app/backend-http-client)
and add allowH2: false to the Client options object passed to undici.Client (or
set allowH2: false in the options returned by the init/configure method) so
HTTP/2 is disabled by default; also run/update any integration tests that
exercise HTTP calls to verify behavior remains correct.
Bumps undici from 7.24.7 to 8.0.2.
Release notes
Sourced from undici's releases.
Commits
9c24204Bumped v8.0.245bd838Revert "Reapply "fix: assume http/https scheme for scheme-less proxy env vars...d7b4febci: reenable shared builtin CI tests48c7cf3fix: release ref (#4965)58ef10dfix(websocket): fallback to HTTP/1.1 when H2 CONNECT is unavailable (#4966)490cbc6Bumped v8.0.1 (#4964)49ded6dfix(websocket/stream): only enqueue parsed messages in WebSocketStream (#4959)ced6b01fix: mirror the legacy global dispatcher for built-in fetch (#4962)dc4351adoc: remove duplicate listItem of RetryHandler.md & RetryHandler.md (#4948)1548c18build(deps): bump hendrikmuhs/ccache-action from 1.2.19 to 1.2.22 (#4954)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)