Update dependency undici to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
undici (source)	^5.0.0 -> ^7.0.0

---

Release Notes

nodejs/undici (undici)

v7.15.0

Compare Source

What's Changed

• feat: extract sri from fetch, upgrade to latest spec by @​Uzlopak in #​4307
• Update WPT by @​github-actions[bot] in #​4422
• build(deps-dev): bump @​fastify/busboy from 3.1.1 to 3.2.0 by @​dependabot[bot] in #​4428
• fix: memory leak in Agent by @​hexchain in #​4425
• chore: remove lib/api/util.js by @​Uzlopak in #​3578
• ci: reenable shared builtin CI tests by @​richardlau in #​4426
• Decompression Interceptor by @​FelixVaughan in #​4317
• chore: update llhttp by @​Uzlopak in #​4431
• chore: remove unused exceptions in try catch blocks by @​Uzlopak in #​4440
• types: remove type Error = unknown for diagnostic-channels by @​Uzlopak in #​4438
• chore: avoid overriding global escape and unescape by @​Uzlopak in #​4437
• cache : serialize Query only if needed, avoid throwing error by @​Uzlopak in #​4441
• types: add SnapshotRecorderMode by @​Uzlopak in #​4442

New Contributors

• @​hexchain made their first contribution in #​4425

Full Changelog: nodejs/undici@v7.14.0...v7.15.0

v7.14.0

Compare Source

What's Changed

• Fix flaky snapshot-testing by @​mcollina in #​4367
• Actually flush the file in lib/mock/snapshot-recorder.js by @​mcollina in #​4378
• docs: clarify Node.js version support in LTS table by @​mcollina in #​4375
• cache: fix excessive caching and some other lack of caching by @​fredericDelaporte in #​4335
• feat(websocket): add handshake response info to undici:websocket:open diagnostic event by @​tawseefnabi in #​4396
• feat: add install() function to type definitions by @​jsaguet in #​4384
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in #​4380
• build(deps): bump cronometro from 4.0.3 to 5.3.0 in /benchmarks by @​dependabot[bot] in #​4171
• build(deps): bump step-security/harden-runner from 2.12.0 to 2.13.0 by @​dependabot[bot] in #​4379
• fix: h2 CI by @​metcoder95 in #​4395
• feat: EventSource can be configured with reconnectionTime by @​Uzlopak in #​4260
• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in #​4404
• eventsource: deflake reconnectionTime tests by @​Uzlopak in #​4406
• cache: change normaliseHeaders to normalizeHeaders by @​Uzlopak in #​4408
• build(deps-dev): bump jest from 29.7.0 to 30.0.5 by @​dependabot[bot] in #​4387
• build(deps-dev): bump cross-env from 7.0.3 to 10.0.0 by @​dependabot[bot] in #​4386
• cache-control: no-cache: use quoted-string form by @​alxndrsn in #​4177
• test: fix snapshot testing flaky test by @​Uzlopak in #​4410
• fix formdata constructor args mark optional by @​tsctx in #​4411
• Update WPT by @​github-actions[bot] in #​4358
• Update Cache Tests by @​github-actions[bot] in #​4096
• chore: improve imports and requires by @​Uzlopak in #​4418
• refactor: snapshot-recorder by @​Uzlopak in #​4413
• Update WPT by @​github-actions[bot] in #​4416
• fix: better set a finalizer on cloned response by @​tsctx in #​4419

New Contributors

• @​tawseefnabi made their first contribution in #​4396
• @​jsaguet made their first contribution in #​4384

Full Changelog: nodejs/undici@v7.13.0...v7.14.0

v7.13.0

Compare Source

What's Changed

• MockAgent.prototype.get support ignoreTrailingSlash option by @​lisez in #​4344
• chore: more jsdoc and minor improvements for lib/api/readable.js, by @​Uzlopak in #​4351
• ci: skip Node.js 20 tests on Windows by @​mcollina in #​4353
• Update WPT by @​github-actions[bot] in #​4267
• feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#​4180) by @​caitp in #​4340
• fix: detect and prevent redirect loops with Client/Pool by @​mcollina in #​4361
• remove node:buffer imports by @​KhafraDev in #​4362
• fix: remove deprecated maxRedirections option from types by @​mcollina in #​4363
• Amend the GC warning in the README to clarify that consuming bodies is recommended but not required by @​mcollina in #​4364
• fix(inteceptor/dump): handle preemptive network errors by @​metcoder95 in #​4354
• feat: add SnapshotAgent for HTTP request recording and playback by @​mcollina in #​4270

New Contributors

• @​lisez made their first contribution in #​4344

Full Changelog: nodejs/undici@v7.12.0...v7.13.0

v7.12.0

Compare Source

What's Changed

• test: remove tspl on 2283 test by @​Uzlopak in #​4301
• chore: reduce amount of intermediate functions by @​Uzlopak in #​4298
• ci: disable shared builtin CI tests by @​mcollina in #​4276
• webidl: remove unnecessary parameters from webidl.converters.RequestInfo and webidl.converters.RequestInit by @​Uzlopak in #​4304
• fetch: remove await, add jsdoc for some body read functions by @​Uzlopak in #​4303
• test: use assert and not testcontext in issue-2283.js by @​Uzlopak in #​4306
• chore: jsdoc use @returns everywhere by @​Uzlopak in #​4302
• chore: fix typo by @​pimothyxd in #​4312
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in #​4315
• feat: throw error when maxRedirections is used with undici.request() by @​mcollina in #​4311
• Clarify the type option of the cache interceptor by @​fredericDelaporte in #​4299
• cache: allow caching heuristically cacheable error status codes by @​mcollina in #​4318
• chore(doc): update undici vs fetch by @​styfle in #​4319
• don't set a finalizer on cloned request by @​tsctx in #​4320
• websocketstream: close readablestream properly by @​KhafraDev in #​4322
• add ping(websocket, payload) util by @​KhafraDev in #​4325
• fix sending ping with no payload by @​KhafraDev in #​4329
• refactor: eliminate eager llhttp promise creation by @​mcollina in #​4337
• Fix misleading cacheByDefault documentation by @​fredericDelaporte in #​4338
• add websocket to websocket diagnostic channels by @​KhafraDev in #​4321
• speed up flaky websocket test by @​KhafraDev in #​4343
• fetch: minor modifications by @​Uzlopak in #​4347
• fetch: make readable-stream methods sync by @​Uzlopak in #​4346
• remove creating an extra Promise just for common cleanup by @​bmeck in #​4339
• chore: extract createDeferredPromise from fetch/utils.js by @​Uzlopak in #​4345

New Contributors

• @​pimothyxd made their first contribution in #​4312
• @​fredericDelaporte made their first contribution in #​4299
• @​bmeck made their first contribution in #​4339

Full Changelog: nodejs/undici@v7.11.0...v7.12.0

v7.11.0

Compare Source

What's Changed

• Update WPT by @​github-actions in #​4214
• feat(fetch): add zstandard decompression support by @​J3m5 in #​4238
• fix(debug): remove extra forward slash in logs by @​aidant in #​4236
• types: EventSource short handlers can be null by @​Uzlopak in #​4246
• remove finalizationregistry workaround by @​mcollina in #​4250
• build(deps): bump actions/dependency-review-action from 4.5.0 to 4.7.1 by @​dependabot in #​4255
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.18 by @​dependabot in #​4252
• build(deps): bump codecov/codecov-action from 5.1.2 to 5.4.3 by @​dependabot in #​4253
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot in #​4254
• Query unaware interceptors cache fix by @​FelixVaughan in #​4240
• docs: fix interceptor order description in compose method by @​mcollina in #​4251
• chore: require node native modules with node:-prefix by @​Uzlopak in #​4256
• fix: eventsource does not reconnect on network error by @​Uzlopak in #​4247
• fix: add guard by @​GeoffreyBooth in #​4262
• Extract webidl by @​Uzlopak in #​4259
• build(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 by @​dependabot in #​4132
• build(deps-dev): bump fast-check from 3.23.2 to 4.1.1 by @​dependabot in #​4167
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot in #​4137
• build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @​dependabot in #​4168
• build(deps): bump hendrikmuhs/ccache-action from 1.2.14 to 1.2.18 by @​dependabot in #​4190
• build(deps): bump fastify/github-action-merge-dependabot from 3.11.0 to 3.11.1 by @​dependabot in #​4135
• build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 by @​dependabot in #​4188
• build(deps-dev): bump borp from 0.19.0 to 0.20.0 by @​dependabot in #​4194
• Fix several WPT failures by @​tsctx in #​4263
• Update WPT by @​github-actions in #​4235
• node.js fetch is wrongly typed (#​4271) by @​bpasero in #​4272
• Fix: Provide body on retry error, preserve socket by @​fatal10110 in #​4228
• add cause to WebSocket error by @​KhafraDev in #​4274
• doc: undici vs fetch by @​FelixVaughan in #​4245
• bench: add websockets by @​tsctx in #​3203
• webidl: remove fallback for USVString by @​Uzlopak in #​4264
• fix: Use correct Dispatcher.RequestOptions by @​IvanDimanov-OfficeRnD in #​4281
• feat: add install() function for global WHATWG fetch classes by @​mcollina in #​4286
• Fixed RedirectHandler type by @​rahulyadav5524 in #​4278
• feat(#​4086): proxy keep alive by @​metcoder95 in #​4128
• Add cleanMocks to MockClient and MockPool by @​DemianParkhomenko in #​4176
• fetch: add missing new operator on TypeError instantiation in readAllBytes by @​Uzlopak in #​4297
• Skip failing wpts by @​mcollina in #​4294
• feat: add request body diagnostic channels by @​legendecas in #​4289
• Fix timer guards to avoid TypeError under fake‐timers and polyfilled … by @​1ly4s0 in #​4213
• cache: update MemoryCacheStore default limits by @​mcollina in #​4292
• fix: EnvHttpProxyAgent.Options should accept ProxyAgent.Options by @​urugator in #​4243

New Contributors

• @​J3m5 made their first contribution in #​4238
• @​aidant made their first contribution in #​4236
• @​bpasero made their first contribution in #​4272
• @​IvanDimanov-OfficeRnD made their first contribution in #​4281
• @​rahulyadav5524 made their first contribution in #​4278
• @​DemianParkhomenko made their first contribution in #​4176
• @​1ly4s0 made their first contribution in #​4213
• @​urugator made their first contribution in #​4243

Full Changelog: nodejs/undici@v7.10.0...v7.11.0

v7.10.0

Compare Source

What's Changed

• Add "clientLifetime" option to close and remove connections from the pool after a specified time. by @​dhalbrook in #​4175
• remove spurious only by @​mcollina in #​4207
• add node v24 workflow by @​tsctx in #​4206
• Update WPT by @​github-actions in #​4172
• chore: add pnpm-lock.yaml to .gitignore by @​styfle in #​4227
• fix: agent memory leak by @​styfle in #​4223
• Add ability to detect when MemoryCacheStore reaches max size by @​FelixVaughan in #​4224
• feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections by @​caitp in #​4180
• docs: correct example in FormData request by @​inyourtime in #​4226

New Contributors

• @​dhalbrook made their first contribution in #​4175
• @​caitp made their first contribution in #​4180
• @​inyourtime made their first contribution in #​4226

Full Changelog: nodejs/undici@v7.9.0...v7.10.0

v7.9.0

Compare Source

What's Changed

• build(deps): bump step-security/harden-runner from 2.10.2 to 2.11.1 by @​dependabot in #​4134
• Update WPT by @​github-actions in #​4155
• Update WPT by @​github-actions in #​4170
• feat: add new acceptNonStandardSearchParameters MockAgent option by @​dario-piotrowicz in #​4148
• fix: cache: treat cache-control request header case-insensitively by @​alxndrsn in #​4131
• cache: honour unqualified no-cache response directive by @​alxndrsn in #​4178
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot in #​4079
• Ensure conflicting flat headers in HTTP/2 are combined correctly by @​pimterry in #​4196
• Add stats of client and pool to be accessible through agent by @​tdeekens in #​4157
• Fix missing code in diagnostics example by @​islandryu in #​4195
• Doc cors spec compliance by @​FelixVaughan in #​4202
• Restore cache tests & fix max-age behavior by @​mcollina in #​4198

New Contributors

• @​tdeekens made their first contribution in #​4157
• @​islandryu made their first contribution in #​4195
• @​FelixVaughan made their first contribution in #​4202

Full Changelog: nodejs/undici@v7.8.0...v7.9.0

v7.8.0

Compare Source

What's Changed

• cache: more efficient sqlite indices by @​ronag in #​4142
• skip now failing wpts by @​mcollina in #​4145
• apply some sqlite pragma optimizations by @​ronag in #​4147
• types(websocket): Import from stream/web by @​Jiralite in #​4038
• cache: don't check size if not necessary by @​ronag in #​4140
• docs: fix inteceptors typo by @​dario-piotrowicz in #​4151
• Update WPT by @​github-actions in #​4141
• build(deps-dev): bump esbuild from 0.24.2 to 0.25.2 by @​dependabot in #​4130

New Contributors

• @​Jiralite made their first contribution in #​4038
• @​dario-piotrowicz made their first contribution in #​4151

Full Changelog: nodejs/undici@v7.7.0...v7.8.0

v7.7.0

Compare Source

What's Changed

• fix: export UndiciHeaders type and set dispatch headers to UndiciHeaders by @​dancastillo in #​3849
• feat(h2): emit connectionerror upon GOAWAY frame by @​metcoder95 in #​4123
• Update WPT by @​github-actions in #​4126
• Update DNS caching example to include other interceptors, production configuration by @​GeoffreyBooth in #​4127
• feat: implement h2c client by @​metcoder95 in #​4118

New Contributors

• @​GeoffreyBooth made their first contribution in #​4127

Full Changelog: nodejs/undici@v7.6.0...v7.7.0

v7.6.0

Compare Source

What's Changed

• Update WPT by @​github-actions in #​4067
• lib: limit string split length by @​gurgunday in #​4098
• docs/PULL_REQUEST_TEMPLATE: deep-link to certificate of origin by @​alxndrsn in #​4102
• cache: fix typo by @​alxndrsn in #​4101
• disable header de-duplication in test servers by @​alxndrsn in #​4110
• CacheRevalidationHandler: add missing header to comment by @​alxndrsn in #​4111
• Fix typo in Agent.md by @​Exifers in #​4115
• build(deps-dev): bump @​matteo.collina/tspl from 0.1.1 to 0.2.0 by @​dependabot in #​4119
• fix 4105 by @​KhafraDev in #​4117
• Update WPT by @​github-actions in #​4100
• cache: ensure vary & revalidation headers are case-insensitive by @​alxndrsn in #​4112

New Contributors

• @​alxndrsn made their first contribution in #​4102
• @​Exifers made their first contribution in #​4115

Full Changelog: nodejs/undici@v7.5.0...v7.6.0

v7.5.0

Compare Source

What's Changed

• feat(docs): button to switch dark and light mode by @​shivarm in #​4044
• feat: add mock call history to access request configuration in test by @​blephy in #​4029
• fix: Fix retry-handler.js when retry-after header is a Date by @​fgiova in #​4084
• Update Cache Tests by @​github-actions in #​4027
• Allow disabling autoSelectFamily in an Agent by @​hitsthings in #​4070
• Removed clients with unrecoverable errors from the Pool by @​mcollina in #​4088

New Contributors

• @​blephy made their first contribution in #​4029
• @​fgiova made their first contribution in #​4084
• @​hitsthings made their first contribution in #​4070

Full Changelog: nodejs/undici@v7.4.0...v7.5.0

v7.4.0

Compare Source

What's Changed

• fix: apply byte offset on Buffer.from by @​ronag in #​4019
• fix: fetch body fallback random number generation by @​Uzlopak in #​4023
• Add release instructions by @​mcollina in #​4022
• Update Cache Tests by @​github-actions in #​4020
• Update WPT by @​github-actions in #​4011
• docs: document about global dispatcher and errors (#​3987) by @​zuozp8 in #​4014
• docs: fix incorrect method signature of onResponseError by @​tmair in #​4030
• feat(docs): copy to clipboard button by @​shivarm in #​4037
• don't check AbortSignal maxListeners on some node versions by @​KhafraDev in #​4045
• feat: mark EnvHttpProxyAgent as stable by @​aduh95 in #​4049
• test: fix windows wpt by @​metcoder95 in #​4050
• fix: do not throw unhandled exception when data is undefined in interceptor.reply by @​frederikprijck in #​4036
• fix: handle missing vary header values by @​gurgunday in #​4031
• Update WPT by @​github-actions in #​4028
• Update WPT by @​github-actions in #​4062
• fix: fix EnvHttpProxyAgent for the Node.js bundle by @​joyeecheung in #​4064

New Contributors

• @​zuozp8 made their first contribution in #​4014
• @​tmair made their first contribution in #​4030
• @​shivarm made their first contribution in #​4037
• @​frederikprijck made their first contribution in #​4036
• @​joyeecheung made their first contribution in #​4064

Full Changelog: nodejs/undici@v7.3.0...v7.4.0

v7.3.0

Compare Source

What's Changed

• fix: sqlite null ref by @​ronag in #​4016
• fix: sqlite remove unnecessary parameter by @​ronag in #​4017
• feat: sqlite add set and minor cleanup by @​ronag in #​4018

Full Changelog: nodejs/undici@v7.2.3...v7.3.0

v7.2.3

Compare Source

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

• Fix typo in update cache tests action by @​flakey5 in #​4008

Full Changelog: nodejs/undici@v7.2.2...v7.2.3

v7.2.2

Compare Source

What's Changed

• Update WPT by @​github-actions in #​3991
• fix: dual-stack retries infinite loop by @​luddd3 in #​4001
• build(deps): bump codecov/codecov-action from 5.0.7 to 5.1.2 by @​dependabot in #​3980
• build(deps): bump github/codeql-action from 3.27.0 to 3.28.1 by @​dependabot in #​4003
• tests: Update Cache Tests by @​github-actions in #​3965
• ReadableStreamFrom pull until cannot on empty enqueu by @​KhafraDev in #​4002
• Resolve circular dependency by @​mcollina in #​4006

Full Changelog: nodejs/undici@v7.2.1...v7.2.2

v7.2.1

Compare Source

What's Changed

• fix(3951): typo on errorede dns lookup by @​metcoder95 in #​3956
• feat: add missing error type by @​Gigioliva in #​3964
• websocket: improve frame parsing by @​tsctx in #​3447
• fix(#​3966): account for network errors by @​metcoder95 in #​3967
• build(deps-dev): bump @​fastify/busboy from 3.1.0 to 3.1.1 by @​dependabot in #​3971
• Update WPT by @​github-actions in #​3954
• docs: fix dispatcher stream example links by @​luddd3 in #​3972
• fix: undici:request:headers does not indicate completion of a response by @​legendecas in #​3974
• build(deps): bump cronometro from 3.0.2 to 4.0.1 in /benchmarks by @​dependabot in #​3976
• fix(#​3975): do not unref timeout by @​metcoder95 in #​3977
• fix: bad response on h2 server by @​metcoder95 in #​3978
• build(deps): bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 by @​dependabot in #​3981
• build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @​dependabot in #​3983
• chore: ensure automated v7 release compared to v7 by @​trivikr in #​3986
• test: ignore test for CITGM by @​metcoder95 in #​3993
• fix: retry flaky test by @​metcoder95 in #​3992

New Contributors

• @​legendecas made their first contribution in #​3974

Full Changelog: nodejs/undici@v7.2.0...v7.2.1

v7.2.0

Compare Source

What's Changed

• fix: dns interceptor undefined function by @​luddd3 in #​3958
• More cache fixes by @​flakey5 in #​3955
• [Release] v7.2.0 by @​github-actions in #​3962

Full Changelog: nodejs/undici@v7.1.1...v7.2.0

v7.1.1

Compare Source

What's Changed

• fix: publish undici:client:sendHeaders message on H2 by @​fengmk2 in #​3921
• Add support schedule by @​mcollina in #​3923
• cache: do not set undefined etag by @​mcollina in #​3925
• test: cleanup cache tests by @​flakey5 in #​3926
• fix mimetype parser wrong operator by @​tsctx in #​3924
• correctly set if-none-match by @​mcollina in #​3933
• Add example for request + "Garbage Collection" by @​WTCT-TOP in #​3916
• fix: response error interceptor by @​Gigioliva in #​3930
• build(deps-dev): bump neostandard from 0.11.9 to 0.12.0 by @​dependabot in #​3938
• fix(#​3937): respect correct host header by @​metcoder95 in #​3940
• fix: handle case no content type by @​Gigioliva in #​3931
• support array of headers in WrapHandler by @​KhafraDev in #​3941
• build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 by @​dependabot in #​3911
• test: Update WPT by @​github-actions in #​3888
• build(deps-dev): bump @​fastify/busboy from 3.0.0 to 3.1.0 by @​dependabot in #​3939
• Support SQLite unflagged without useless warnings by @​mcollina in #​3947
• docs: enhance documentation by @​metcoder95 in #​3945

New Contributors

• @​WTCT-TOP made their first contribution in #​3916

Full Changelog: nodejs/undici@v7.1.0...v7.1.1

v7.1.0

Compare Source

What's Changed

• Mark http/2 support as stable by @​mcollina in #​3893
• test: fix dns interceptor flakiness by @​luddd3 in #​3902
• fix(#​3901): migrate dns interceptor to new hooks by @​metcoder95 in #​3903
• feat(interceptors): migrate decorator handler to new hooks by @​metcoder95 in #​3905
• feat: Adjust allowed error codes for detecting node:sqlite by @​xconverge in #​3900
• build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @​dependabot in #​3913
• build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.7 by @​dependabot in #​3910
• Move Tomas to past collaborators by @​delvedor in #​3909
• docs: add advanced usage examples for ProxyAgent by @​mertcanaltin in #​3906
• [Release] v7.1.0 by @​github-actions in #​3922

Full Changelog: nodejs/undici@v7.0.0...v7.1.0

v7.0.0

Compare Source

What's Changed

• fetch: fix content-encoding order by @​tsctx in #​3343
• Add regression test for broken body by @​mcollina in #​3346
• build(deps): bump node from 075a5cc to 9af472b in /build by @​dependabot in #​3355
• fix: post request signal by @​Gigioliva in #​3354
• Revert "fix: post request signal (#​3354)" by @​ronag in #​3359
• websocket: don't use pooled buffer in mask pool by @​tsctx in #​3357
• fix: consider bytes read when dumping by @​ronag in [#​33

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.