Bump undici from 5.29.0 to 8.3.0 (via audit fix) by dependabot[bot] · Pull Request #90 · meshtastic/api

dependabot · 2026-05-14T23:57:22Z

Bumps undici from 5.29.0 to 8.3.0.

Release notes

v8.3.0

What's Changed

fix: preserve pool capacity after removing stale client by @trivikr in nodejs/undici#5151

build(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @dependabot[bot] in nodejs/undici#5157

build(deps): bump actions/upload-artifact from 5.0.0 to 7.0.1 by @dependabot[bot] in nodejs/undici#5162

build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @dependabot[bot] in nodejs/undici#5156

chore(http2): collapse duplicate request stream setup by @trivikr in nodejs/undici#5140

perf(client): cache HTTP/2 authority by @trivikr in nodejs/undici#5141

build(deps-dev): bump borp from 0.20.2 to 1.0.0 by @dependabot[bot] in nodejs/undici#4819

types: add TOpaque to client connect options by @samuel871211 in nodejs/undici#4928

build(deps): bump tinybench from 5.1.0 to 6.0.1 in /benchmarks by @dependabot[bot] in nodejs/undici#4688

build(deps): bump codecov/codecov-action from 5.5.1 to 6.0.0 by @dependabot[bot] in nodejs/undici#4950

build(deps): bump actions/dependency-review-action from 4.8.1 to 4.9.0 by @dependabot[bot] in nodejs/undici#4951

test(fetch): add userinfo coverage for issue-4897 URLs by @mcollina in nodejs/undici#4901

perf: avoid duplicate pool dispatcher selection on backpressure by @trivikr in nodejs/undici#5149

build(deps): bump actions/setup-node from 6.2.0 to 6.4.0 by @dependabot[bot] in nodejs/undici#5163

build(deps): bump step-security/harden-runner from 2.14.1 to 2.19.1 by @dependabot[bot] in nodejs/undici#5160

build(deps): bump cronometro from 5.3.0 to 6.0.3 in /benchmarks by @dependabot[bot] in nodejs/undici#4687

build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @dependabot[bot] in nodejs/undici#5161

build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @dependabot[bot] in nodejs/undici#4853

build(deps): bump hendrikmuhs/ccache-action from 1.2.22 to 1.2.23 by @dependabot[bot] in nodejs/undici#5158

build(deps): bump fastify/github-action-merge-dependabot from 3.11.2 to 3.12.0 by @dependabot[bot] in nodejs/undici#5159

build(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @dependabot[bot] in nodejs/undici#4854

build(deps): bump uWebSockets.js from v20.64.0 to v20.66.0 in /benchmarks by @dependabot[bot] in nodejs/undici#5130

docs: mention install() also installs WebSocket globals by @mcollina in nodejs/undici#5174

types: stop interfering with @types/node by @Renegade334 in nodejs/undici#5173

fix: align h2 empty body content-length methods with h1 by @trivikr in nodejs/undici#5172

build(deps-dev): bump fast-check from 4.6.0 to 4.7.0 by @dependabot[bot] in nodejs/undici#5192

build(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @dependabot[bot] in nodejs/undici#5191

test: move cleanup from finally to after hooks by @trivikr in nodejs/undici#5194

test: resolve flaky timeout in issue-3356 by @trivikr in nodejs/undici#5188

SnapshotAgent: Add normalizeBody and normalizeQuery by @GeoffreyBooth in nodejs/undici#5121

fix(socks5): use configured connector in Socks5ProxyAgent by @trivikr in nodejs/undici#5168

perf(http2): avoid isArray checks for common headers by @trivikr in nodejs/undici#5170

fix(test): make deduplicate body-streaming test non-flaky by @mcollina in nodejs/undici#5196

test(retry): add regression test for RetryAgent + HTTP/2 stream timeout (#5137) by @mcollina in nodejs/undici#5176

fix(socks5): preserve dispatch backpressure return value by @trivikr in nodejs/undici#5166

perf(http2): end zero-length request bodies with headers by @trivikr in nodejs/undici#5169

fix(test): make issue-2898-comment.js assertion robust against flakiness by @mcollina in nodejs/undici#5208

test: disable timeouts in h2 high concurrency regression by @trivikr in nodejs/undici#5205

test: deflake stream compat coverage by @mcollina in nodejs/undici#5209

fix(dispatcher): remove unreachable assert in writeBlob by @SAY-5 in nodejs/undici#5231

fix: clean up benchmark resources before worker exit by @trivikr in nodejs/undici#5225

test: avoid per-chunk assertions in diagnostics get by @trivikr in nodejs/undici#5224

test: capture cache test worker stderr and preserve failures by @trivikr in nodejs/undici#5206

chore: gitignore benchmarks/package-lock.json by @trivikr in nodejs/undici#5228

perf(proxy-agent): avoid extra header allocations in auth guard by @trivikr in nodejs/undici#5164

test(wpt): retry WPT server startup on port conflicts or timeout by @trivikr in nodejs/undici#5215

test: make websocket diagnostics ping-pong ordering deterministic by @trivikr in nodejs/undici#5222

test(websocket): fix flaky send test by @mcollina in nodejs/undici#5232

... (truncated)

Commits

aa33b19 Bumped v8.3.0 (#5305)
f33a6cb test: fix flaky http2-dispatcher WebSocket upgrade tests (#5304)
ca0cb16 build(deps): bump uWebSockets.js in /benchmarks (#5299)
e1f9035 build(deps-dev): bump jest from 30.3.0 to 30.4.2 (#5297)
314ba6a perf(client-h2): reuse request upgrade stream handlers (#5293)
be9a544 Add Node 26 to the matrix (#5271)
45f7bd3 test: retry crashed cache-test workers once (#5294)
08cf765 build(deps-dev): bump fast-check from 4.7.0 to 4.8.0 (#5298)
df5ded9 cache formdata boundary (#5292)
e101dcb test: include after in parser-issues (#5284)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for undici since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Bumps [undici](https://github.com/nodejs/undici) from 5.29.0 to 8.3.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.29.0...v8.3.0) --- updated-dependencies: - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-10T11:12:44Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 14, 2026

dependabot Bot changed the title ~~Bump undici from 5.28.3 to 5.29.0~~ Bump undici from 5.29.0 to 8.3.0 (via audit fix) May 19, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/undici-5.29.0 branch from 80de08e to 51da370 Compare May 19, 2026 00:22

thebentern closed this Jun 10, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/undici-5.29.0 branch June 10, 2026 11:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump undici from 5.29.0 to 8.3.0 (via audit fix)#90

Bump undici from 5.29.0 to 8.3.0 (via audit fix)#90
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/undici-5.29.0

dependabot Bot commented on behalf of github May 14, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.3.0

What's Changed

Uh oh!

dependabot Bot commented on behalf of github Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 14, 2026 •

edited

Loading