Fix security alert regarding the undici package (PR #6163)

Fix security alert regarding the undici package, we can't upgrade it to v6 or further as it doesn't work for our use case which is msw/node
inmanta · Jan 22, 2025 · fb5cef9 · fb5cef9
1 parent 53cb013
commit fb5cef9
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/changelogs/unreleased/buildmaster-security-undici.yml b/changelogs/unreleased/buildmaster-security-undici.yml
@@ -0,0 +1,3 @@
+description: Fix security alert regarding the undici package
+change-type: patch
+destination-branches: [master, iso8, iso7]
diff --git a/package.json b/package.json
@@ -209,7 +209,7 @@
     "terser-webpack-plugin": "^1.4.5",
     "terser": "^5.14.2",
     "trim": "^0.0.3",
-    "undici": "^5",
+    "undici": "^5.28.5",
     "webpack": "^5.94.0",
     "word-wrap": "^1.2.4",
     "ws": "^8.17.1"

diff --git a/yarn.lock b/yarn.lock
@@ -15438,12 +15438,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"undici@npm:^5":
-  version: 5.28.4
-  resolution: "undici@npm:5.28.4"
+"undici@npm:^5.28.5":
+  version: 5.28.5
+  resolution: "undici@npm:5.28.5"
   dependencies:
     "@fastify/busboy": "npm:^2.0.0"
-  checksum: 10/a666a9f5ac4270c659fafc33d78b6b5039a0adbae3e28f934774c85dcc66ea91da907896f12b414bd6f578508b44d5dc206fa636afa0e49a4e1c9e99831ff065
+  checksum: 10/459cd84ab75fe90d696fa2634a8b5b23f9e1080b27236c6809bd74e51862be85df6d95b4a8fed3ee42554495008cb3c05f1bc9d4a1807478f433cca567003d70
   languageName: node
   linkType: hard