chore(deps): bump undici from 7.28.0 to 8.7.0#190
Conversation
Bumps [undici](https://github.com/nodejs/undici) from 7.28.0 to 8.7.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.28.0...v8.7.0) --- updated-dependencies: - dependency-name: undici dependency-version: 8.7.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
WalkthroughThe pull request updates the ChangesDependency Update
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Test Coverage Report
|
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Line 53: The Undici dependency bump is incompatible with the currently
advertised Node support range. Either keep the dependency on Undici v7 in
package.json, or update the Node engines floor to 22.19.0 (and align any related
compatibility checks) so the declared runtime support matches the version
required by Undici 8.7.0.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: e319fbe5-c4c7-4b84-964e-c97acd4b2c72
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json,!package-lock.json
📒 Files selected for processing (1)
package.json
| "dependencies": { | ||
| "commander": "^12.1.0", | ||
| "undici": "^7.16.0", | ||
| "undici": "^8.7.0", |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check the package's Node engine requirement
jq '.engines' package.json
# Search for any usage of the legacy undici handler callbacks removed in v8
rg -nP '\bon(Headers|Data|Complete|Error)\s*\(' --type=ts --type=js -g '!node_modules'Repository: TestSprite/testsprite-cli
Length of output: 208
🌐 Web query:
Undici 8.7.0 Node.js support engines release notes supported Node versions
💡 Result:
Undici version 8.7.0, released on July 4, 2026, officially requires Node.js version 22.19.0 or higher [1][2][3]. According to the official Undici documentation, the 8.x release line is designed to align with the Node.js LTS schedule and maintains support for Node.js versions >= 22.19.0, with testing performed on Node.js 22, 24, and 26 [2][4]. Summary of Undici 8.7.0 key details: - Release Date: July 4, 2026 [1][3] - Required Node.js Version: >= 22.19.0 [2] - Main Changes: Version 8.7.0 includes various fixes, such as guarding balanced-pool error port lookups, optimizing HTTP/2 request paths, and handling cookie path/expiration validation [5][6]. For users upgrading from Undici 7 to 8, it is mandatory to verify that the runtime environment meets the minimum Node.js 22.19.0 requirement, as earlier versions of Node.js are not supported by the 8.x branch [2][7].
Citations:
- 1: https://github.com/nodejs/undici/releases/tag/v8.7.0
- 2: https://undici.nodejs.org/best-practices/migrating-from-v7-to-v8
- 3: https://www.npmjs.com/package/undici
- 4: https://github.com/nodejs/undici
- 5: https://github.com/nodejs/undici/releases
- 6: Bump undici from 6.27.0 to 8.7.0 hifiwi-fi/breadcrum.net#864
- 7: Node 18 not supported anymore by 8.x Release? auth0/auth0-deploy-cli#1042
Keep Undici on v7 or raise the Node floor to 22.19.0
package.json still advertises Node ^20.19.0 || ^22.13.0 || >=24, but Undici 8.7.0 requires Node >=22.19.0. This makes the bump incompatible with the currently supported Node 20 line.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 53, The Undici dependency bump is incompatible with the
currently advertised Node support range. Either keep the dependency on Undici v7
in package.json, or update the Node engines floor to 22.19.0 (and align any
related compatibility checks) so the declared runtime support matches the
version required by Undici 8.7.0.
|
undici 8 requires Node >=22.19, which breaks our supported engines range ( @dependabot ignore this major version |
|
OK, I won't notify you about version 8.x.x again, unless you re-open this PR. |
Bumps undici from 7.28.0 to 8.7.0.
Release notes
Sourced from undici's releases.
... (truncated)
Commits
cb4c2f1Bumped v8.7.0 (#5501)a8d1a95fix: auto-detect HTTP proxy tunneling (#5116)cb30e58fix: add static buildDispatch method to RedirectHandler type definition (#5442)0c08579fix(h2): requeue request on GOAWAY'd session instead of crashing (#5453)e5b3364fix(h2): guard onResponse against a 'response' event delivered after completi...c0007f4docs: add reproduction guide and update bug report template (#5451)e529cabfix: ignore an unparseable Set-Cookie Expires attribute (#5488)754742cfix(h2): destroy the stream on abort instead of relying on close() (#5462)db34f5ffix(readable): ignore late consume chunks (#5375)4ea05a8fix: reject non-ascii octets in validateCookiePath (#5452)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by CodeRabbit