Skip to content

chore(deps): bump undici from 7.28.0 to 8.7.0#190

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/undici-8.7.0
Closed

chore(deps): bump undici from 7.28.0 to 8.7.0#190
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/undici-8.7.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps undici from 7.28.0 to 8.7.0.

Release notes

Sourced from undici's releases.

v8.7.0

What's Changed

New Contributors

Full Changelog: nodejs/undici@v8.6.0...v8.7.0

v8.6.0

What's Changed

... (truncated)

Commits
  • cb4c2f1 Bumped v8.7.0 (#5501)
  • a8d1a95 fix: auto-detect HTTP proxy tunneling (#5116)
  • cb30e58 fix: add static buildDispatch method to RedirectHandler type definition (#5442)
  • 0c08579 fix(h2): requeue request on GOAWAY'd session instead of crashing (#5453)
  • e5b3364 fix(h2): guard onResponse against a 'response' event delivered after completi...
  • c0007f4 docs: add reproduction guide and update bug report template (#5451)
  • e529cab fix: ignore an unparseable Set-Cookie Expires attribute (#5488)
  • 754742c fix(h2): destroy the stream on abort instead of relying on close() (#5462)
  • db34f5f fix(readable): ignore late consume chunks (#5375)
  • 4ea05a8 fix: reject non-ascii octets in validateCookiePath (#5452)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Updated a runtime dependency to a newer version, which may improve compatibility and reliability.

Bumps [undici](https://github.com/nodejs/undici) from 7.28.0 to 8.7.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.28.0...v8.7.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 8.7.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

The pull request updates the undici dependency version in package.json from ^7.16.0 to ^8.7.0. No other manifest fields, scripts, or code were changed.

Changes

Dependency Update

Layer / File(s) Summary
Update undici version
package.json
Bumped the undici dependency from ^7.16.0 to ^8.7.0.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

Suggested reviewers: ruili-testsprite, zeshi-du

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: upgrading the undici dependency to 8.7.0.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/undici-8.7.0

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Test Coverage Report

Metric Coverage
Lines 88.02%
Statements 88.02%
Functions 82.37%
Branches 86.14%

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 53: The Undici dependency bump is incompatible with the currently
advertised Node support range. Either keep the dependency on Undici v7 in
package.json, or update the Node engines floor to 22.19.0 (and align any related
compatibility checks) so the declared runtime support matches the version
required by Undici 8.7.0.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: e319fbe5-c4c7-4b84-964e-c97acd4b2c72

📥 Commits

Reviewing files that changed from the base of the PR and between b9e9601 and 204bc10.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json, !package-lock.json
📒 Files selected for processing (1)
  • package.json

Comment thread package.json
"dependencies": {
"commander": "^12.1.0",
"undici": "^7.16.0",
"undici": "^8.7.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the package's Node engine requirement
jq '.engines' package.json

# Search for any usage of the legacy undici handler callbacks removed in v8
rg -nP '\bon(Headers|Data|Complete|Error)\s*\(' --type=ts --type=js -g '!node_modules'

Repository: TestSprite/testsprite-cli

Length of output: 208


🌐 Web query:

Undici 8.7.0 Node.js support engines release notes supported Node versions

💡 Result:

Undici version 8.7.0, released on July 4, 2026, officially requires Node.js version 22.19.0 or higher [1][2][3]. According to the official Undici documentation, the 8.x release line is designed to align with the Node.js LTS schedule and maintains support for Node.js versions >= 22.19.0, with testing performed on Node.js 22, 24, and 26 [2][4]. Summary of Undici 8.7.0 key details: - Release Date: July 4, 2026 [1][3] - Required Node.js Version: >= 22.19.0 [2] - Main Changes: Version 8.7.0 includes various fixes, such as guarding balanced-pool error port lookups, optimizing HTTP/2 request paths, and handling cookie path/expiration validation [5][6]. For users upgrading from Undici 7 to 8, it is mandatory to verify that the runtime environment meets the minimum Node.js 22.19.0 requirement, as earlier versions of Node.js are not supported by the 8.x branch [2][7].

Citations:


Keep Undici on v7 or raise the Node floor to 22.19.0

package.json still advertises Node ^20.19.0 || ^22.13.0 || >=24, but Undici 8.7.0 requires Node >=22.19.0. This makes the bump incompatible with the currently supported Node 20 line.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 53, The Undici dependency bump is incompatible with the
currently advertised Node support range. Either keep the dependency on Undici v7
in package.json, or update the Node engines floor to 22.19.0 (and align any
related compatibility checks) so the declared runtime support matches the
version required by Undici 8.7.0.

@zeshi-du

zeshi-du commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

undici 8 requires Node >=22.19, which breaks our supported engines range (^20.19.0) — Node 20 installs would fail with engine-strict. Staying on undici 7 until we drop Node 20 (see the #169 review thread).

@dependabot ignore this major version

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you about version 8.x.x again, unless you re-open this PR.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/undici-8.7.0 branch July 6, 2026 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant