dependabot[bot] opened a new pull request, #966: URL: https://github.com/apache/iotdb-docs/pull/966
Bumps [undici](https://github.com/nodejs/undici) from 7.16.0 to 7.18.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases";>undici's releases</a>.</em></p> <blockquote> <h2>v7.18.2</h2> <h2>⚠️ Security Release</h2> <p>This fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9";>https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9</a> and CVE-2026-22036.</p> <h2>What's Changed</h2> <ul> <li>fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by <a href="https://github.com/mcollina";><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4729";>nodejs/undici#4729</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2";>https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2</a></p> <h2>v7.18.1</h2> <h2>What's Changed</h2> <ul> <li>Test and Fix running without SSL by <a href="https://github.com/mcollina";><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4727";>nodejs/undici#4727</a></li> <li>docs: add security warning for strictContentLength option by <a href="https://github.com/mcollina";><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4726";>nodejs/undici#4726</a></li> <li>build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4718";>nodejs/undici#4718</a></li> <li>build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4719";>nodejs/undici#4719</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1";>https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1</a></p> <h2>v7.18.0</h2> <h2>What's Changed</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0";>https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0</a></p> <h2>v7.17.0</h2> <h2>What's Changed</h2> <ul> <li>chore: extract infra and encoding methods by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4523";>nodejs/undici#4523</a></li> <li>ci: remove h2 by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4534";>nodejs/undici#4534</a></li> <li>ci: make nodejs-shared wf reusable, install binaryen for wasm-opt, test on node-nightly by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4535";>nodejs/undici#4535</a></li> <li>ci: fix nightly shared library case by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4543";>nodejs/undici#4543</a></li> <li>test: consume bodies of fetch responses to fix failing macos 20 ci by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4528";>nodejs/undici#4528</a></li> <li>docs: add Cache Interceptor example to README by <a href="https://github.com/tawseefnabi";><code>@tawseefnabi</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4393";>nodejs/undici#4393</a></li> <li>test: remove node20 version check by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4544";>nodejs/undici#4544</a></li> <li>types: use MessagePort instance type in MessageEvent by <a href="https://github.com/Renegade334";><code>@Renegade334</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4546";>nodejs/undici#4546</a></li> <li>ci: set write permissions on job level by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4537";>nodejs/undici#4537</a></li> <li>lint: activate n/no-process-exit by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4548";>nodejs/undici#4548</a></li> <li>ci: run benchmarks on pull_requests and by pushing on specific branches only by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4536";>nodejs/undici#4536</a></li> <li>chore: activate n/prefer-node-protocol to enforce <code>'node:'</code> prefix for requiring node built-ins by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4547";>nodejs/undici#4547</a></li> <li>feat(H2): correct CONNECT behaviour by <a href="https://github.com/metcoder95";><code>@metcoder95</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4541";>nodejs/undici#4541</a></li> <li>test: fix plans by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4550";>nodejs/undici#4550</a></li> <li>feat: add runtime feature "detection" by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4545";>nodejs/undici#4545</a></li> <li>perf: use less promises in extractBody by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4458";>nodejs/undici#4458</a></li> <li>fix(proxy-agent): add missing return after callback-call by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4553";>nodejs/undici#4553</a></li> <li>fix: remove redundant line in retry-handler by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4554";>nodejs/undici#4554</a></li> <li>ci: add no-wasm-simd option by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4533";>nodejs/undici#4533</a></li> <li>fix: use lazyloaders for runtime feature detection by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4557";>nodejs/undici#4557</a></li> <li>fix: minor changes in dispatcher-base.js and types for Dispatcher by <a href="https://github.com/Uzlopak";><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4556";>nodejs/undici#4556</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/7e5cb2d7468633b48679627061d696a0bb45f651";><code>7e5cb2d</code></a> Bumped v7.18.2 (<a href="https://redirect.github.com/nodejs/undici/issues/4730";>#4730</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3";><code>b04e3cb</code></a> fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...</li> <li><a href="https://github.com/nodejs/undici/commit/2bcb77bbc27f966ac86e31154161792a4a8dadf5";><code>2bcb77b</code></a> Bumped v7.18.1 (<a href="https://redirect.github.com/nodejs/undici/issues/4728";>#4728</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/58a12b7f19f5d4b186c90aed2e3a55a3ba37decf";><code>58a12b7</code></a> build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/nodejs/undici/issues/4719";>#4719</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/5fa2930582cab9c387df5cb2ddef44cb42bdf4a9";><code>5fa2930</code></a> build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4718";>#4718</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/fbbe283fc4054c35ad21316bcf65996b0929ed58";><code>fbbe283</code></a> docs: add security warning for strictContentLength option (<a href="https://redirect.github.com/nodejs/undici/issues/4726";>#4726</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/ce12d9e5dc1a72724cbef8ac43219ba9643b9142";><code>ce12d9e</code></a> fix: do not crash if Node.js is compiled without SSL (<a href="https://redirect.github.com/nodejs/undici/issues/4727";>#4727</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/ebe3e33ea4d25402e0dc12dcc67902fdb7f231d4";><code>ebe3e33</code></a> Bumped v7.18.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4725";>#4725</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/4e9b88b1c78349a956babef1151add83866f2dfb";><code>4e9b88b</code></a> fix: limit Content-Encoding chain to 5 to prevent resource exhaustion</li> <li><a href="https://github.com/nodejs/undici/commit/d5607677d444553183b0a637f687d20167427b36";><code>d560767</code></a> Bumped v7.17.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4724";>#4724</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.16.0...v7.18.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/iotdb-docs/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
