Skip to content

[Snyk] Upgrade undici from 7.28.0 to 8.5.0#59

Open
shafeeqd959 wants to merge 4 commits into
masterfrom
snyk-upgrade-c0ca1f702df2a0c142e2c74a0a90c187
Open

[Snyk] Upgrade undici from 7.28.0 to 8.5.0#59
shafeeqd959 wants to merge 4 commits into
masterfrom
snyk-upgrade-c0ca1f702df2a0c142e2c74a0a90c187

Conversation

@shafeeqd959

Copy link
Copy Markdown
Contributor

snyk-top-banner

Snyk has created this PR to upgrade undici from 7.28.0 to 8.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 10 versions ahead of your current version.

  • The recommended version was released 22 days ago.

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.

Release notes
Package name: undici

Snyk has created this PR to upgrade undici from 7.28.0 to 8.5.0.

See this package in npm:
undici

See this project in Snyk:
https://app.snyk.io/org/contentstack-devex/project/3ff4bdb1-6dfb-40a1-8a29-d4eb9538efe1?utm_source=github&utm_medium=referral&page=upgrade-pr
@shafeeqd959

Copy link
Copy Markdown
Contributor Author

Merge Risk: High

This is a major version upgrade from v7 to v8 with significant breaking changes that require developer action.

Key Breaking Changes:

  • Node.js Version Requirement: undici v8 requires Node.js version 22.19.0 or higher. Applications running on older Node.js versions must be upgraded. [1]
  • HTTP/2 Enabled by Default: undici v8 now enables HTTP/2 by default if the server supports it. Applications that rely on HTTP/1.1-specific behavior may break. [1, 7]
  • Custom Dispatcher API: The legacy dispatcher handler API has been removed. Callbacks like onConnect, onHeaders, and onComplete must be migrated to the new v2 API. [1, 7]

Recommendation:

  • Verify that your environment meets the new Node.js version requirement.
  • If your application depends on HTTP/1.1 behavior, you must explicitly disable HTTP/2 by setting allowH2: false in your client configuration. [1]
  • If you use custom dispatchers or interceptors, you must refactor your code to use the new v2 dispatcher API.

Source: Migrating from Undici 7 to 8

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@shafeeqd959 shafeeqd959 requested a review from a team as a code owner July 7, 2026 04:55
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

Snyk has created this PR to upgrade undici from 7.28.0 to 8.5.0.

See this package in npm:
undici

See this project in Snyk:
https://app.snyk.io/org/contentstack-devex/project/3ff4bdb1-6dfb-40a1-8a29-d4eb9538efe1?utm_source=github&utm_medium=referral&page=upgrade-pr
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

Snyk has created this PR to upgrade undici from 7.28.0 to 8.5.0.

See this package in npm:
undici

See this project in Snyk:
https://app.snyk.io/org/contentstack-devex/project/3ff4bdb1-6dfb-40a1-8a29-d4eb9538efe1?utm_source=github&utm_medium=referral&page=upgrade-pr
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

Snyk has created this PR to upgrade undici from 7.28.0 to 8.5.0.

See this package in npm:
undici

See this project in Snyk:
https://app.snyk.io/org/contentstack-devex/project/3ff4bdb1-6dfb-40a1-8a29-d4eb9538efe1?utm_source=github&utm_medium=referral&page=upgrade-pr
@github-actions

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants