build(deps): bump undici from 8.1.0 to 8.2.0 by dependabot[bot] · Pull Request #288 · roebi/github-api-get

dependabot · 2026-05-04T05:53:36Z

Bumps undici from 8.1.0 to 8.2.0.

Release notes

v8.2.0

What's Changed

chore: use native addAbortListener by @trivikr in nodejs/undici#5021

fix: fix the logic for the UNDICI_NO_WASM_SIMD environment variable by @ShenHongFei in nodejs/undici#5026

fix(http2): send body for non-expectsPayload methods with content by @mcollina in nodejs/undici#5030

fix(fetch): correct 'navigator' typo to 'navigate' in fetchFinale by @deepview-autofix in nodejs/undici#5044

fix(webidl): correct signed integer bounds in ConvertToInt by @deepview-autofix in nodejs/undici#5038

fix(fetch): use || for CRLF check in multipart formdata-parser by @deepview-autofix in nodejs/undici#5049

fix(websocket): correct argument order in WebSocketStream UTF-8 failure by @deepview-autofix in nodejs/undici#5050

fix(pool): propagate useH2c to connector when connections > 1 by @SAY-5 in nodejs/undici#5031

fix(cache): return immutable staleAt in milliseconds by @deepview-autofix in nodejs/undici#5048

fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing by @deepview-autofix in nodejs/undici#5041

fix(cache): evict oldest entries first in SqliteCacheStore prune by @deepview-autofix in nodejs/undici#5039

fix(socks5): correctly expand IPv6 '::' compressed notation by @deepview-autofix in nodejs/undici#5046

Remove unused func and unnecessary shim by @tsctx in nodejs/undici#5053

fix: reject malformed content-length request headers by @trivikr in nodejs/undici#5060

fix(request): reject NaN highWaterMark during option validation by @trivikr in nodejs/undici#5062

docs: fix broken links in docsify sidebar by @maruthang in nodejs/undici#5065

fix(fetch): prefer filename* over filename in multipart form-data by @maruthang in nodejs/undici#5068

fix(http2): reject websocket upgrades on non-200 responses by @trivikr in nodejs/undici#5072

feat: support username-only proxy authentication in ProxyAgent by @rossilor95 in nodejs/undici#4935

build(deps): bump uWebSockets.js from v20.58.0 to v20.64.0 in /benchmarks by @dependabot[bot] in nodejs/undici#5083

fix(client-h2): stop double-decrementing kOpenStreams on stream timeout by @SAY-5 in nodejs/undici#5076

fix(http2): reject upgrade streams closed before response headers by @trivikr in nodejs/undici#5069

fix(http2): allow GET and HEAD request bodies over h2 by @trivikr in nodejs/undici#5058

fix(cache): include query in cache key when opts.path is undefined by @maruthang in nodejs/undici#5081

fix: avoid premature cleanup of dispatcher in Agent by @bienzaaron in nodejs/undici#5034

fix(http2): record ping failures on the socket by @trivikr in nodejs/undici#5075

add undici security policy by @mcollina in nodejs/undici#5056

fix(mock): make filterCalls AND operator actually intersect results by @deepview-autofix in nodejs/undici#5045

fix(socks5): enforce authenticated state before CONNECT by @trivikr in nodejs/undici#5097

fix(cache): skip expired sqlite vary entries during lookup by @trivikr in nodejs/undici#5095

fix: enforce maxCachedSessions in TLS session cache by @trivikr in nodejs/undici#5102

fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly by @trivikr in nodejs/undici#5099

fix: handle invalid HTTP/2 connection headers (#4356) by @mcollina in nodejs/undici#5101

fix(interceptor): add throwOnMaxRedirect to types and interceptor opts by @maruthang in nodejs/undici#5066

fix(websocket): avoid double-closing canceled stream readers by @colinaaa in nodejs/undici#5105

fix(cache): persist vary when updating sqlite cache entries by @trivikr in nodejs/undici#5109

refactor(h1): track HEAD keep-alive override as boolean by @trivikr in nodejs/undici#5110

client: cache llhttp wasm buffer view by @trivikr in nodejs/undici#5115

deps: update llhttp to 9.3.1 by @mcollina in nodejs/undici#5113

fix(http2): preserve accepted streams after GOAWAY by @trivikr in nodejs/undici#5090

fix: reuse parser WeakRef for timeout callbacks by @trivikr in nodejs/undici#5125

fix: stop buffering data after SOCKS5 connect by @trivikr in nodejs/undici#5118

perf(http2): avoid response header reserialization by @trivikr in nodejs/undici#5085

fix(cache): enforce sqlite maxCount after insert by @trivikr in nodejs/undici#5112

perf: reduce EventSourceStream parser allocations by @trivikr in nodejs/undici#5032

types(dispatcher): use OutgoingHttpHeaders for request headers by @maruthang in nodejs/undici#5067

cleanup: delete redundant .gitkeep file by @shivarm in nodejs/undici#5133

fix(http2): respect peer max concurrent streams by @trivikr in nodejs/undici#5135

... (truncated)

Commits

bf684f7 Bumped v8.2.0 (#5152)
0ca054a fix: replace stale pool clients under connection limit (#5145)
7af90e9 perf: avoid redundant scans in BalancedPool dispatcher selection (#5146)
abb9d06 fix: validate H2CClient maxConcurrentStreams option (#5143)
72a7591 perf(http2): avoid cloning headers when removing status (#5127)
96fd5e9 fix(cache): allow streamed entries at maxEntrySize limit (#5129)
f41e53f perf: use byteLength property for binary body chunks (#5126)
bec4961 chore(deps): add lockfile (#5139)
86f1242 perf(http2): reduce writeH2 per-request callback allocations (#5138)
cad3f70 perf(client): parse h1 content-length statelessly (#5124)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [undici](https://github.com/nodejs/undici) from 8.1.0 to 8.2.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.1.0...v8.2.0) --- updated-dependencies: - dependency-name: undici dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-05-04T05:53:53Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@8.1.0 ⏵ 8.2.0	⁺¹		⁺¹

View full report

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 4, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump undici from 8.1.0 to 8.2.0#288

build(deps): bump undici from 8.1.0 to 8.2.0#288
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/undici-8.2.0

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

socket-security Bot commented May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026

v8.2.0

What's Changed

Uh oh!

socket-security Bot commented May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants