[Snyk] Security upgrade undici from 4.7.0 to 5.8.2

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • example/package.json
  • example/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	CRLF Injection SNYK-JS-UNDICI-2980276	Yes	No Known Exploit
	606/1000 Why? Recently disclosed, Has a fix available, CVSS 6.4	Server-side Request Forgery (SSRF) SNYK-JS-UNDICI-2980286	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: undici

The new version differs by 250 commits.

• 52d1ce5 Bumped v5.8.2
• 66165d6 Merge pull request from GHSA-f772-66g8-q5h3
• 124f7eb Merge pull request from GHSA-8qr4-xgw6-wmr3
• aef314c feat(webidl): better error message for ByteString converter (#1591)
• 2f4b3b6 docs: mock different endpoints in a single file (#1589)
• e1e1638 5.8.1
• c1dd24a fix: make mock headers case-insensitive (#1585)
• 1822ee6 docs: Fix DiagnosticsChannel sidebar link (#1582)
• dd613ef fix: follow signal.reason in Request (#1580)
• 40af2c0 fix: fetch a long base64 url will crash and nothing happens (close: #1574) (#1575)
• 2944587 fix(types): add missing pool stats (#1573)
• 0ef0e26 fix: add `isErrorLike` (#1570)
• 21d0604 fix: prioritise error events over timeouts (#1551)
• bd69341 fix: x-www-form-urlencoded parser keep the BOM (#1563)
• 7b25efc test: update client certificates with ones that expires in 100 years (#1566)
• 76f6627 fix(fetch): ByteString checks & conversion in Headers (#1560)
• 0ab421f fix(MockInterceptor): callback options.headers w/ fetch (#1559)
• 23f80fb docs: Fix spelling/grammar in "Mocking Request" (#1555)
• 784c6b4 Do not decode the body while we are following a redirect (#1554)
• 26f60b7 Bumped v5.8.0
• 0a5bee9 Merge pull request from GHSA-q768-x9m6-m9qp
• a29a151 Merge pull request from GHSA-3cvr-822r-rqcc
• 722976c docs: updated proxy docs - renamed already used const proxy to proxyServer (#1552)
• b6af4e6 fix(body mixin): only allow Uint8Array chunks (#1550)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 CRLF Injection
🦉 Server-side Request Forgery (SSRF)