Skip to content

Chore(deps-dev): Bump undici from 7.22.0 to 7.24.0#1309

Merged
amitsingh05667 merged 1 commit intomasterfrom
dependabot/npm_and_yarn/undici-7.24.0
Apr 7, 2026
Merged

Chore(deps-dev): Bump undici from 7.22.0 to 7.24.0#1309
amitsingh05667 merged 1 commit intomasterfrom
dependabot/npm_and_yarn/undici-7.24.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026
edited
Loading

Bumps undici from 7.22.0 to 7.24.0.

Release notes

Sourced from undici's releases.

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

References

v7.23.0

What's Changed

... (truncated)

Commits
  • 07a3906 Bumped v7.24.0 (#4887)
  • 74495c6 fix: reject duplicate content-length and host headers
  • 84235c6 Fix websocket 64-bit length overflow
  • 77594f9 fix: validate upgrade header to prevent CRLF injection
  • cb79c57 fix: validate server_max_window_bits range in permessage-deflate
  • 4147ce2 Merge commit '2ee00cb3'
  • 2ee00cb fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate
  • 5890c7b fix(deduplicate): stream response chunks to waiting handlers
  • fbda3c1 Bumped v7.23.0 (#4884)
  • 07276c9 fix: remove unused kSocketPath symbol
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies One or more dependencies are being bumped javascript Pull requests that update javascript code labels Mar 13, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 13, 2026 23:23
@dependabot dependabot bot added dependencies One or more dependencies are being bumped javascript Pull requests that update javascript code labels Mar 13, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/undici-7.24.0 branch from 9279b12 to d4a50a9 Compare March 23, 2026 08:02
@dependabot
Chore(deps-dev): Bump undici from 7.22.0 to 7.24.0
2827cd5 
Bumps [undici](https://github.com/nodejs/undici) from 7.22.0 to 7.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.22.0...v7.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/undici-7.24.0 branch from d4a50a9 to 2827cd5 Compare April 7, 2026 07:08
@amitsingh05667 amitsingh05667 merged commit d56b202 into master Apr 7, 2026
7 of 8 checks passed
@amitsingh05667 amitsingh05667 deleted the dependabot/npm_and_yarn/undici-7.24.0 branch April 7, 2026 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@developerkunal developerkunal developerkunal approved these changes

@amitsingh05667 amitsingh05667 amitsingh05667 approved these changes

Assignees

No one assigned

Labels

dependencies One or more dependencies are being bumped javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@developerkunal @amitsingh05667