Skip to content

Commit a74302c

Browse files
Bump undici from 6.21.2 to 6.23.0 in /compiler (react#35512)
Bumps [undici](https://github.com/nodejs/undici) from 6.21.2 to 6.23.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v6.23.0</h2> <h2>⚠️ Security Release</h2> <p>This fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9">https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9</a> and CVE-2026-22036.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v6.22.0...v6.23.0">https://github.com/nodejs/undici/compare/v6.22.0...v6.23.0</a></p> <h2>v6.22.0</h2> <h2>What's Changed</h2> <ul> <li>fix: fix wrong stream canceled up after cloning (v6) by <a href="https://github.com/snyamathi"><code>@​snyamathi</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4414">nodejs/undici#4414</a></li> <li>[Backport v6.x] fix: fix EnvHttpProxyAgent for the Node.js bundle by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4432">nodejs/undici#4432</a></li> <li>feat(ProxyAgent): match Curl behavior in HTTP-&gt;HTTP Proxy connections (<a href="https://redirect.github.com/nodejs/undici/issues/4180">#4180</a>) by <a href="https://github.com/metcoder95"><code>@​metcoder95</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4433">nodejs/undici#4433</a></li> <li>feat(ProxyAgent) improve Curl-y behavior in HTTP-&gt;HTTP Proxy connections (<a href="https://redirect.github.com/nodejs/undici/issues/4180">#4180</a>) (<a href="https://redirect.github.com/nodejs/undici/issues/4340">#4340</a>) by <a href="https://github.com/metcoder95"><code>@​metcoder95</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4445">nodejs/undici#4445</a></li> <li>Backport 4472 to v6.x by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4480">nodejs/undici#4480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v6.21.3...v6.22.0">https://github.com/nodejs/undici/compare/v6.21.3...v6.22.0</a></p> <h2>v6.21.3</h2> <h2>What's Changed</h2> <ul> <li>[Backport v6.x] append crlf to formdata body by <a href="https://github.com/github-actions"><code>@​github-actions</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4210">nodejs/undici#4210</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v6.21.2...v6.21.3">https://github.com/nodejs/undici/compare/v6.21.2...v6.21.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/fbc31e21d7e1dffea61166ab7a827f74b6483d26"><code>fbc31e2</code></a> Bumped v6.23.0</li> <li><a href="https://github.com/nodejs/undici/commit/3477c948c30dd44a6431230ce67dd5d216cd0fdb"><code>3477c94</code></a> chore: release flow using provenance</li> <li><a href="https://github.com/nodejs/undici/commit/d3aafea7a2b3c351970c0c634b7cba8231763ca4"><code>d3aafea</code></a> fix: limit Content-Encoding chain to 5 to prevent resource exhaustion</li> <li><a href="https://github.com/nodejs/undici/commit/f9c91853e7a73d8148e3d2914f8200dd160dd050"><code>f9c9185</code></a> Bumped v6.22.0</li> <li><a href="https://github.com/nodejs/undici/commit/f670f2a27970abfd6c5b56e692f025067824726f"><code>f670f2a</code></a> feat: make UndiciErrors reliable to instanceof (<a href="https://redirect.github.com/nodejs/undici/issues/4472">#4472</a>) (<a href="https://redirect.github.com/nodejs/undici/issues/4480">#4480</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/422e39771877f62737f9e5fbdd336aaa22610a5d"><code>422e397</code></a> feat(ProxyAgent) improve Curl-y behavior in HTTP-&gt;HTTP Proxy connections (<a href="https://redirect.github.com/nodejs/undici/issues/41">#41</a>...</li> <li><a href="https://github.com/nodejs/undici/commit/4a06ffe61fa11028a4443974ec0b0a793ee6c836"><code>4a06ffe</code></a> feat(ProxyAgent): match Curl behavior in HTTP-&gt;HTTP Proxy connections (<a href="https://redirect.github.com/nodejs/undici/issues/4180">#4180</a>)...</li> <li><a href="https://github.com/nodejs/undici/commit/4cb397400e319505647e1705f535848db5949c18"><code>4cb3974</code></a> fix: fix EnvHttpProxyAgent for the Node.js bundle (<a href="https://redirect.github.com/nodejs/undici/issues/4064">#4064</a>) (<a href="https://redirect.github.com/nodejs/undici/issues/4432">#4432</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/44c23e5e166a30dd57eed47f1d4911b8ba77ce89"><code>44c23e5</code></a> fix: fix wrong stream canceled up after cloning (v6) (<a href="https://redirect.github.com/nodejs/undici/issues/4414">#4414</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/da0e823ac0e89390256d61c429df0cf236afb79e"><code>da0e823</code></a> Bumped v6.21.4</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v6.21.2...v6.23.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for undici since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=undici&package-manager=npm_and_yarn&previous-version=6.21.2&new-version=6.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent bae6dd0 commit a74302c

1 file changed

Lines changed: 31 additions & 6 deletions

File tree

compiler/yarn.lock

Lines changed: 31 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10525,7 +10525,16 @@ string-length@^4.0.1:
1052510525
char-regex "^1.0.2"
1052610526
strip-ansi "^6.0.0"
1052710527

10528-
"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
10528+
"string-width-cjs@npm:string-width@^4.2.0":
10529+
version "4.2.3"
10530+
resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz"
10531+
integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
10532+
dependencies:
10533+
emoji-regex "^8.0.0"
10534+
is-fullwidth-code-point "^3.0.0"
10535+
strip-ansi "^6.0.1"
10536+
10537+
string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
1052910538
version "4.2.3"
1053010539
resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz"
1053110540
integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
@@ -10598,7 +10607,14 @@ string_decoder@~1.1.1:
1059810607
dependencies:
1059910608
safe-buffer "~5.1.0"
1060010609

10601-
"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1:
10610+
"strip-ansi-cjs@npm:strip-ansi@^6.0.1":
10611+
version "6.0.1"
10612+
resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz"
10613+
integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
10614+
dependencies:
10615+
ansi-regex "^5.0.1"
10616+
10617+
strip-ansi@^6.0.0, strip-ansi@^6.0.1:
1060210618
version "6.0.1"
1060310619
resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz"
1060410620
integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
@@ -11064,9 +11080,9 @@ undici-types@~6.19.2:
1106411080
integrity sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==
1106511081

1106611082
undici@^6.19.5:
11067-
version "6.21.2"
11068-
resolved "https://registry.npmjs.org/undici/-/undici-6.21.2.tgz"
11069-
integrity sha512-uROZWze0R0itiAKVPsYhFov9LxrPMHLMEQFszeI2gCN6bnIIZ8twzBCJcN2LJrBBLfrP0t1FW0g+JmKVl8Vk1g==
11083+
version "6.23.0"
11084+
resolved "https://registry.yarnpkg.com/undici/-/undici-6.23.0.tgz#7953087744d9095a96f115de3140ca3828aff3a4"
11085+
integrity sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==
1107011086

1107111087
unicode-canonical-property-names-ecmascript@^2.0.0:
1107211088
version "2.0.1"
@@ -11375,7 +11391,7 @@ workerpool@^6.5.1:
1137511391
resolved "https://registry.npmjs.org/workerpool/-/workerpool-6.5.1.tgz"
1137611392
integrity sha512-Fs4dNYcsdpYSAfVxhnl1L5zTksjvOJxtC5hzMNl+1t9B8hTJTdKDyZ5ju7ztgPy+ft9tBFXoOlDNiOT9WUXZlA==
1137711393

11378-
"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0:
11394+
"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0":
1137911395
version "7.0.0"
1138011396
resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz"
1138111397
integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
@@ -11393,6 +11409,15 @@ wrap-ansi@^6.2.0:
1139311409
string-width "^4.1.0"
1139411410
strip-ansi "^6.0.0"
1139511411

11412+
wrap-ansi@^7.0.0:
11413+
version "7.0.0"
11414+
resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz"
11415+
integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
11416+
dependencies:
11417+
ansi-styles "^4.0.0"
11418+
string-width "^4.1.0"
11419+
strip-ansi "^6.0.0"
11420+
1139611421
wrap-ansi@^8.1.0:
1139711422
version "8.1.0"
1139811423
resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz"

0 commit comments

Comments
 (0)