[Snyk] Security upgrade undici from 5.23.0 to 5.28.4

[notscrappie]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	416/1000 Why? Recently disclosed, Has a fix available, CVSS 2.6	Improper Access Control SNYK-JS-UNDICI-6564963	No	No Known Exploit
	481/1000 Why? Recently disclosed, Has a fix available, CVSS 3.9	Improper Authorization SNYK-JS-UNDICI-6564964	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: undici

The new version differs by 161 commits.

• fb98306 Bumped v5.28.4
• 2b39440 Merge pull request from GHSA-9qxr-qj54-h672
• 64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
• 723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
• 0e9d54b skip failing test due to Node.js changes
• e71cb4c Bumped v5.28.3
• 20c65b8 Fix tests for Node.js v20.11.0 (#2618)
• 8ec52cd Fix tests for Node.js v21 (#2609)
• d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
• 9a14e5f Bumped v5.28.2
• fcdfe87 build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#2302)
• 169c157 build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)
• 9788177 build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 (#2392)
• 1f6d159 build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 (#2395)
• a393a86 build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#2396)
• ea2f606 build(deps-dev): bump sinon from 16.1.3 to 17.0.1 (#2405)
• 80979ed build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 (#2472)
• 08183ea fix: Added support for inline URL username:password proxy auth (#2473)
• 28759f4 refactor: better integrity check (#2462)
• ed15e98 Make call to onBodySent conditional in RetryHandler (#2478)
• 19c69a0 fix: check response for timinginfo allow flag (#2477)
• c5d73ca fix: correctly handle data URL with hashes. (#2475)
• 0437f69 Add `null` to `signal` in `RequestInit` (#2455)
• 56efa96 fix: handle SharedArrayBuffer correctly (#2466)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Access Control

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud