[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.22.1` -> `5.26.2`](https://renovatebot.com/diffs/npm/undici/5.22.1/5.26.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.22.1/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.22.1/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-45143](https://togithub.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp) ### Impact Undici clears Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in `RequestInit.headers` in browser environments. Since Undici handles headers more liberally than the specification, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. ### Patches This was patched in [e041de359221ebeae04c469e8aff4145764e6d76](https://togithub.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76), which is included in version 5.26.2. --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.26.2`](https://togithub.com/nodejs/undici/releases/tag/v5.26.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.1...v5.26.2) Security Release, CVE-2023-45143. ### [`v5.26.1`](https://togithub.com/nodejs/undici/releases/tag/v5.26.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.26.0...v5.26.1) #### What's Changed - Fix publish undici-types once and for all! by [@Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2338](https://togithub.com/nodejs/undici/pull/2338) - Fix node detection omfg by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2341](https://togithub.com/nodejs/undici/pull/2341) **Full Changelog**: nodejs/undici@v5.26.0...v5.26.1 ### [`v5.26.0`](https://togithub.com/nodejs/undici/releases/tag/v5.26.0) [Compare Source](https://togithub.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0) #### What's Changed - use npm install instead of npm ci by [@Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2309](https://togithub.com/nodejs/undici/pull/2309) - change default header to `node` by [@Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2310](https://togithub.com/nodejs/undici/pull/2310) - chore: change order of the pseudo-headers by [@kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) in [https://github.com/nodejs/undici/pull/2308](https://togithub.com/nodejs/undici/pull/2308) - fix: Agent.Options.factory should accept URL object or string as parameter by [@nicole0707](https://togithub.com/nicole0707) in [https://github.com/nodejs/undici/pull/2295](https://togithub.com/nodejs/undici/pull/2295) - build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2312](https://togithub.com/nodejs/undici/pull/2312) - test: handle npm ignore-scripts settings by [@panva](https://togithub.com/panva) in [https://github.com/nodejs/undici/pull/2313](https://togithub.com/nodejs/undici/pull/2313) - feat: respect `--max-http-header-size` Node.js flag by [@balazsorban44](https://togithub.com/balazsorban44) in [https://github.com/nodejs/undici/pull/2234](https://togithub.com/nodejs/undici/pull/2234) - fix([#2311](https://togithub.com/nodejs/undici/issues/2311)): End stream after body sent by [@metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2314](https://togithub.com/nodejs/undici/pull/2314) - disallow setting host header in fetch by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2322](https://togithub.com/nodejs/undici/pull/2322) - \[StepSecurity] ci: Harden GitHub Actions by [@step-security-bot](https://togithub.com/step-security-bot) in [https://github.com/nodejs/undici/pull/2325](https://togithub.com/nodejs/undici/pull/2325) - fix fetch with coverage enabled by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2330](https://togithub.com/nodejs/undici/pull/2330) - Fix stuck when using http2 POST Buffer by [@binsee](https://togithub.com/binsee) in [https://github.com/nodejs/undici/pull/2336](https://togithub.com/nodejs/undici/pull/2336) - fix: 🏷️ add allowH2 to BuildOptions by [@binsee](https://togithub.com/binsee) in [https://github.com/nodejs/undici/pull/2334](https://togithub.com/nodejs/undici/pull/2334) - fix: 🐛 fix process http2 header by [@binsee](https://togithub.com/binsee) in [https://github.com/nodejs/undici/pull/2332](https://togithub.com/nodejs/undici/pull/2332) #### New Contributors - [@kyrylodolynskyi](https://togithub.com/kyrylodolynskyi) made their first contribution in [https://github.com/nodejs/undici/pull/2308](https://togithub.com/nodejs/undici/pull/2308) - [@nicole0707](https://togithub.com/nicole0707) made their first contribution in [https://github.com/nodejs/undici/pull/2295](https://togithub.com/nodejs/undici/pull/2295) - [@balazsorban44](https://togithub.com/balazsorban44) made their first contribution in [https://github.com/nodejs/undici/pull/2234](https://togithub.com/nodejs/undici/pull/2234) - [@binsee](https://togithub.com/binsee) made their first contribution in [https://github.com/nodejs/undici/pull/2336](https://togithub.com/nodejs/undici/pull/2336) **Full Changelog**: nodejs/undici@v5.23.4...v5.26.0 ### [`v5.25.4`](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787) ### [`v5.25.3`](https://togithub.com/nodejs/undici/releases/tag/v5.25.3) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.2...v5.25.3) #### What's Changed - perf: improve parse-url implementation by [@anonrig](https://togithub.com/anonrig) in [https://github.com/nodejs/undici/pull/2286](https://togithub.com/nodejs/undici/pull/2286) - test: enable websockets inclusion in WPTReport by [@panva](https://togithub.com/panva) in [https://github.com/nodejs/undici/pull/2284](https://togithub.com/nodejs/undici/pull/2284) - remove npm run test from pre-commit hook by [@dancastillo](https://togithub.com/dancastillo) in [https://github.com/nodejs/undici/pull/2296](https://togithub.com/nodejs/undici/pull/2296) - perf: use [@fastify/busboy](https://togithub.com/fastify/busboy) by [@gurgunday](https://togithub.com/gurgunday) in [https://github.com/nodejs/undici/pull/2211](https://togithub.com/nodejs/undici/pull/2211) - Disable finalizationregistry if node code cov by [@mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2298](https://togithub.com/nodejs/undici/pull/2298) #### New Contributors - [@gurgunday](https://togithub.com/gurgunday) made their first contribution in [https://github.com/nodejs/undici/pull/2211](https://togithub.com/nodejs/undici/pull/2211) **Full Changelog**: nodejs/undici@v5.25.2...v5.25.3 ### [`v5.25.2`](https://togithub.com/nodejs/undici/releases/tag/v5.25.2) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.1...v5.25.2) #### What's Changed - Add Khaf to releasers by [@mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2276](https://togithub.com/nodejs/undici/pull/2276) - fix: fix request with readable mode is object by [@killagu](https://togithub.com/killagu) in [https://github.com/nodejs/undici/pull/2279](https://togithub.com/nodejs/undici/pull/2279) - fix loading websockets when node is built w/ --without-ssl by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2282](https://togithub.com/nodejs/undici/pull/2282) #### New Contributors - [@killagu](https://togithub.com/killagu) made their first contribution in [https://github.com/nodejs/undici/pull/2279](https://togithub.com/nodejs/undici/pull/2279) **Full Changelog**: nodejs/undici@v5.25.1...v5.25.2 ### [`v5.25.1`](https://togithub.com/nodejs/undici/releases/tag/v5.25.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.25.0...v5.25.1) #### What's Changed - Add publish types script by [@Ethan-Arrowood](https://togithub.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2273](https://togithub.com/nodejs/undici/pull/2273) **Full Changelog**: nodejs/undici@v5.25.0...v5.25.1 ### [`v5.25.0`](https://togithub.com/nodejs/undici/releases/tag/v5.25.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.24.0...v5.25.0) #### What's Changed - fix: h2 without body by [@metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2258](https://togithub.com/nodejs/undici/pull/2258) - ci: remove duplicated runs by [@metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2265](https://togithub.com/nodejs/undici/pull/2265) - improve documentation of timeouts by making the units clear in all places by [@mcfedr](https://togithub.com/mcfedr) in [https://github.com/nodejs/undici/pull/2266](https://togithub.com/nodejs/undici/pull/2266) - expose websocket in node bundle by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2217](https://togithub.com/nodejs/undici/pull/2217) - test: fix Fetch/HTTP2 tests by [@metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2263](https://togithub.com/nodejs/undici/pull/2263) - fix undici when node is built with --without-ssl by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2272](https://togithub.com/nodejs/undici/pull/2272) - fix: Fix type definition for Client Interceptors by [@ComradeCow](https://togithub.com/ComradeCow) in [https://github.com/nodejs/undici/pull/2269](https://togithub.com/nodejs/undici/pull/2269) - Fix http2 agent by [@mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2275](https://togithub.com/nodejs/undici/pull/2275) #### New Contributors - [@ComradeCow](https://togithub.com/ComradeCow) made their first contribution in [https://github.com/nodejs/undici/pull/2269](https://togithub.com/nodejs/undici/pull/2269) **Full Changelog**: nodejs/undici@v5.24.0...v5.25.0 ### [`v5.24.0`](https://togithub.com/nodejs/undici/releases/tag/v5.24.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.23.0...v5.24.0) #### Notable Changes - feat: Add H2 support by [@metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2061](https://togithub.com/nodejs/undici/pull/2061) #### What's Changed - build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2203](https://togithub.com/nodejs/undici/pull/2203) - better stack trace for body.json by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2215](https://togithub.com/nodejs/undici/pull/2215) - allow http & https websocket urls by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2218](https://togithub.com/nodejs/undici/pull/2218) - build(deps-dev): bump [@sinonjs/fake-timers](https://togithub.com/sinonjs/fake-timers) from 10.3.0 to 11.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2221](https://togithub.com/nodejs/undici/pull/2221) - fix: pass ProxyAgent proxy status code error by [@NBNGaming](https://togithub.com/NBNGaming) in [https://github.com/nodejs/undici/pull/2162](https://togithub.com/nodejs/undici/pull/2162) - fix failing test by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2223](https://togithub.com/nodejs/undici/pull/2223) - docs: update MockPool.md intercept method description by [@capaj](https://togithub.com/capaj) in [https://github.com/nodejs/undici/pull/2220](https://togithub.com/nodejs/undici/pull/2220) - Update wpts by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2226](https://togithub.com/nodejs/undici/pull/2226) - build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2240](https://togithub.com/nodejs/undici/pull/2240) - build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2237](https://togithub.com/nodejs/undici/pull/2237) - build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to 3.9.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2236](https://togithub.com/nodejs/undici/pull/2236) - build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2241](https://togithub.com/nodejs/undici/pull/2241) - build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2238](https://togithub.com/nodejs/undici/pull/2238) - fix: aborting request with non-object error by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2243](https://togithub.com/nodejs/undici/pull/2243) - fix: preserve file path when parsing formdata by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/nodejs/undici/pull/2245](https://togithub.com/nodejs/undici/pull/2245) - build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2246](https://togithub.com/nodejs/undici/pull/2246) - Updated benchmarks by [@mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2250](https://togithub.com/nodejs/undici/pull/2250) - Fix fetch in node v20.6.0 by [@mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2251](https://togithub.com/nodejs/undici/pull/2251) - Maybe fix v20 by [@mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2252](https://togithub.com/nodejs/undici/pull/2252) - feat: Add H2 support by [@metcoder95](https://togithub.com/metcoder95) in [https://github.com/nodejs/undici/pull/2061](https://togithub.com/nodejs/undici/pull/2061) - docs: fix tables in README by [@regseb](https://togithub.com/regseb) in [https://github.com/nodejs/undici/pull/2254](https://togithub.com/nodejs/undici/pull/2254) - Fix http2 fetch test by [@mcollina](https://togithub.com/mcollina) in [https://github.com/nodejs/undici/pull/2253](https://togithub.com/nodejs/undici/pull/2253) #### New Contributors - [@NBNGaming](https://togithub.com/NBNGaming) made their first contribution in [https://github.com/nodejs/undici/pull/2162](https://togithub.com/nodejs/undici/pull/2162) - [@capaj](https://togithub.com/capaj) made their first contribution in [https://github.com/nodejs/undici/pull/2220](https://togithub.com/nodejs/undici/pull/2220) - [@regseb](https://togithub.com/regseb) made their first contribution in [https://github.com/nodejs/undici/pull/2254](https://togithub.com/nodejs/undici/pull/2254) **Full Changelog**: nodejs/undici@v5.23.0...v5.24.0 ### [`v5.23.0`](https://togithub.com/nodejs/undici/releases/tag/v5.23.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.22.1...v5.23.0) #### What's Changed - bump engines to node >= 16 by [@ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2119](https://togithub.com/nodejs/undici/pull/2119) - Revert "bump engines to node >= 16 ([#2119](https://togithub.com/nodejs/undici/issues/2119))" by [@ronag](https://togithub.com/ronag) in [https://github.com/nodejs/undici/pull/2121](https://togithub.com/nodejs/undici/pull/2121) - fetch: set referrer properly by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2125](https://togithub.com/nodejs/undici/pull/2125) - fix: support truncated gzip by [@jimmywarting](https://togithub.com/jimmywarting) in [https://github.com/nodejs/undici/pull/2126](https://togithub.com/nodejs/undici/pull/2126) - workflow: apply security best practices by [@step-security-bot](https://togithub.com/step-security-bot) in [https://github.com/nodejs/undici/pull/2130](https://togithub.com/nodejs/undici/pull/2130) - build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2135](https://togithub.com/nodejs/undici/pull/2135) - build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2133](https://togithub.com/nodejs/undici/pull/2133) - build(deps): bump node from 18-alpine to 20-alpine in /build by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2131](https://togithub.com/nodejs/undici/pull/2131) - build(deps): bump pkgjs/action from 0.1.6 to 0.1.7 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2136](https://togithub.com/nodejs/undici/pull/2136) - build(deps): bump actions/checkout from 3.1.0 to 3.5.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2132](https://togithub.com/nodejs/undici/pull/2132) - build(deps-dev): bump jsdom from 21.1.2 to 22.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2142](https://togithub.com/nodejs/undici/pull/2142) - build(deps): bump fastify/github-action-merge-dependabot from 3.7.0 to 3.8.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2148](https://togithub.com/nodejs/undici/pull/2148) - fix(pr): use correct pr template file by [@AugustinMauroy](https://togithub.com/AugustinMauroy) in [https://github.com/nodejs/undici/pull/2141](https://togithub.com/nodejs/undici/pull/2141) - Additional WebSocket send tests to cover all payload size categories by [@jawj](https://togithub.com/jawj) in [https://github.com/nodejs/undici/pull/2149](https://togithub.com/nodejs/undici/pull/2149) - fix: reverse decompression order of "Content-Encoding" encodings (fixes [#2158](https://togithub.com/nodejs/undici/issues/2158)) by [@rychkog](https://togithub.com/rychkog) in [https://github.com/nodejs/undici/pull/2159](https://togithub.com/nodejs/undici/pull/2159) - fix: keep running WPTs if a test times out by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2165](https://togithub.com/nodejs/undici/pull/2165) - feat: add build environment info by [@mhdawson](https://togithub.com/mhdawson) in [https://github.com/nodejs/undici/pull/2168](https://togithub.com/nodejs/undici/pull/2168) - fix: forward error reason to fetch controller by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2172](https://togithub.com/nodejs/undici/pull/2172) - stricter types for bodymixin.json by [@KhafraDev](https://togithub.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2181](https://togithub.com/nodejs/undici/pull/2181) - chore: Renable autoSelectFamily tests. by [@ShogunPanda](https://togithub.com/ShogunPanda) in [https://github.com/nodejs/undici/pull/2180](https://togithub.com/nodejs/undici/pull/2180) - build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2147](https://togithub.com/nodejs/undici/pull/2147) - build(deps): bump github/codeql-action from 2.3.2 to 2.20.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2185](https://togithub.com/nodejs/undici/pull/2185) - fix: fetch resource timing performance entry names should be strings by [@GaryWilber](https://togithub.com/GaryWilber) in [https://github.com/nodejs/undici/pull/2188](https://togithub.com/nodejs/undici/pull/2188) - build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2176](https://togithub.com/nodejs/undici/pull/2176) - build(deps): bump fastify/github-action-merge-dependabot from 3.8.0 to 3.9.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2177](https://togithub.com/nodejs/undici/pull/2177) - build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2178](https://togithub.com/nodejs/undici/pull/2178) - build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2175](https://togithub.com/nodejs/undici/pull/2175) - test: fix `autoselectfamily` on platforms without IPv6 support by [@LiviaMedeiros](https://togithub.com/LiviaMedeiros) in [https://github.com/nodejs/undici/pull/2197](https://togithub.com/nodejs/undici/pull/2197) - fix: make multipart/form-data boundary string more consistent by [@LiviaMedeiros](https://togithub.com/LiviaMedeiros) in [https://github.com/nodejs/undici/pull/2196](https://togithub.com/nodejs/undici/pull/2196) - docs: add proxy agent options docs by [@dancastillo](https://togithub.com/dancastillo) in [https://github.com/nodejs/undici/pull/2193](https://togithub.com/nodejs/undici/pull/2193) - build(deps): bump github/codeql-action from 2.20.3 to 2.21.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/nodejs/undici/pull/2205](https://togithub.com/nodejs/undici/pull/2205) - feat: make use of `addAbortListener` where applicable by [@atlowChemi](https://togithub.com/atlowChemi) in [https://github.com/nodejs/undici/pull/2195](https://togithub.com/nodejs/undici/pull/2195) #### New Contributors - [@step-security-bot](https://togithub.com/step-security-bot) made their first contribution in [https://github.com/nodejs/undici/pull/2130](https://togithub.com/nodejs/undici/pull/2130) - [@AugustinMauroy](https://togithub.com/AugustinMauroy) made their first contribution in [https://github.com/nodejs/undici/pull/2141](https://togithub.com/nodejs/undici/pull/2141) - [@rychkog](https://togithub.com/rychkog) made their first contribution in [https://github.com/nodejs/undici/pull/2159](https://togithub.com/nodejs/undici/pull/2159) - [@mhdawson](https://togithub.com/mhdawson) made their first contribution in [https://github.com/nodejs/undici/pull/2168](https://togithub.com/nodejs/undici/pull/2168) - [@GaryWilber](https://togithub.com/GaryWilber) made their first contribution in [https://github.com/nodejs/undici/pull/2188](https://togithub.com/nodejs/undici/pull/2188) - [@atlowChemi](https://togithub.com/atlowChemi) made their first contribution in [https://github.com/nodejs/undici/pull/2195](https://togithub.com/nodejs/undici/pull/2195) **Full Changelog**: nodejs/undici@v5.22.1...v5.23.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/octokit/rest.js).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>