You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snyk has created this PR to upgrade undici from 7.28.0 to 8.5.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 10 versions ahead of your current version.
This is a major version upgrade from v7 to v8 with significant breaking changes that require developer action.
Key Breaking Changes:
Node.js Version Requirement:undici v8 requires Node.js version 22.19.0 or higher. Applications running on older Node.js versions must be upgraded. [1]
HTTP/2 Enabled by Default:undici v8 now enables HTTP/2 by default if the server supports it. Applications that rely on HTTP/1.1-specific behavior may break. [1, 7]
Custom Dispatcher API: The legacy dispatcher handler API has been removed. Callbacks like onConnect, onHeaders, and onComplete must be migrated to the new v2 API. [1, 7]
Recommendation:
Verify that your environment meets the new Node.js version requirement.
If your application depends on HTTP/1.1 behavior, you must explicitly disable HTTP/2 by setting allowH2: false in your client configuration. [1]
If you use custom dispatchers or interceptors, you must refactor your code to use the new v2 dispatcher API.
Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.
ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.
Check Type
Count (with fixes)
Without fixes
Threshold
Result
🔴 Critical Severity
0
0
10
✅ Passed
🟠 High Severity
0
0
25
✅ Passed
🟡 Medium Severity
0
0
500
✅ Passed
🔵 Low Severity
0
0
1000
✅ Passed
⏱️ SLA Breach Summary
✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.
Severity
Breaches (with fixes)
Breaches (no fixes)
SLA Threshold (with/no fixes)
Status
🔴 Critical
0
0
15 / 30 days
✅ Passed
🟠 High
0
0
30 / 120 days
✅ Passed
🟡 Medium
0
0
90 / 365 days
✅ Passed
🔵 Low
0
0
180 / 365 days
✅ Passed
✅ BUILD PASSED - All security checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade undici from 7.28.0 to 8.5.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 10 versions ahead of your current version.
The recommended version was released 22 days ago.
Breaking Change Risk
Release notes
Package name: undici
What's Changed
New Contributors
Full Changelog: v8.4.0...v8.4.1
What's Changed
npm ciinstead ofnpm installby @ aduh95 in #5315addAbortListenerutil by @ aduh95 in #5317kEnumerablePropertyatomically by @ aduh95 in #5332regex.execinstead ofstring.matchby @ aduh95 in #5331preferH2connector option to offer h2 first in ALPN by @ Antamansid in #5327New Contributors
Full Changelog: v8.3.0...v8.4.0
What's Changed
SnapshotAgent: AddnormalizeBodyandnormalizeQueryby @ GeoffreyBooth in #5121