chore(deps): bump undici from 6.23.0 to 6.24.0 by dependabot[bot] · Pull Request #15152 · webdriverio/webdriverio

dependabot · 2026-03-13T22:59:25Z

Bumps undici from 6.23.0 to 6.24.0.

Release notes

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
Malicious WebSocket 64-bit frame length handling could crash the client.

GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
CRLF injection via the upgrade option.

GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.

GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
Unbounded memory consumption in WebSocket permessage-deflate decompression.

Not applicable to v6

GHSA-phc3-fgpg-7m6h / CVE-2026-2581 affects >= 7.17.0 < 7.24.0 only.

Affected and patched ranges (v6)

CVE-2026-1525: affected < 6.24.0, patched 6.24.0

CVE-2026-1528: affected >= 6.0.0 < 6.24.0, patched 6.24.0

CVE-2026-1527: affected < 6.24.0, patched 6.24.0

CVE-2026-2229: affected < 6.24.0, patched 6.24.0

CVE-2026-1526: affected < 6.24.0, patched 6.24.0

References

GitHub Security Advisories: https://github.com/nodejs/undici/security/advisories

NVD CVE-2026-1525: https://nvd.nist.gov/vuln/detail/CVE-2026-1525

NVD CVE-2026-1528: https://nvd.nist.gov/vuln/detail/CVE-2026-1528

NVD CVE-2026-1527: https://nvd.nist.gov/vuln/detail/CVE-2026-1527

NVD CVE-2026-2229: https://nvd.nist.gov/vuln/detail/CVE-2026-2229

NVD CVE-2026-1526: https://nvd.nist.gov/vuln/detail/CVE-2026-1526

Commits

8873c94 Bumped v6.24.0
411bd01 test(websocket): use node:assert for Node 18 compatibility
844bf59 test: fix http2 lint regressions in backport
a444e4f test: stabilize h2 and tls-cert-leak under current test runner
dc032a1 fix: h2 CI (#4395)
4cd3f4b test: increase bitness in test/fixtures/*.pem (#3659)
7df6442 fix: adapt websocket frame-limit handling for v6 parser
4e0179a fix: reject duplicate content-length and host headers
5a97f08 Fix websocket 64-bit length overflow
e43e898 fix: validate upgrade header to prevent CRLF injection
Additional commits viewable in compare view

pkg-pr-new · 2026-03-13T23:01:46Z

Open in StackBlitz

create-wdio

npm i https://pkg.pr.new/webdriverio/webdriverio/create-wdio@15152

eslint-plugin-wdio

npm i https://pkg.pr.new/webdriverio/webdriverio/eslint-plugin-wdio@15152

@wdio/allure-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/allure-reporter@15152

@wdio/appium-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/appium-service@15152

@wdio/browser-runner

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/browser-runner@15152

@wdio/browserstack-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/browserstack-service@15152

@wdio/cli

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/cli@15152

@wdio/concise-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/concise-reporter@15152

@wdio/config

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/config@15152

@wdio/cucumber-framework

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/cucumber-framework@15152

@wdio/dot-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/dot-reporter@15152

@wdio/firefox-profile-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/firefox-profile-service@15152

@wdio/globals

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/globals@15152

@wdio/jasmine-framework

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/jasmine-framework@15152

@wdio/json-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/json-reporter@15152

@wdio/junit-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/junit-reporter@15152

@wdio/lighthouse-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/lighthouse-service@15152

@wdio/local-runner

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/local-runner@15152

@wdio/logger

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/logger@15152

@wdio/mocha-framework

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/mocha-framework@15152

@wdio/protocols

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/protocols@15152

@wdio/repl

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/repl@15152

@wdio/reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/reporter@15152

@wdio/runner

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/runner@15152

@wdio/sauce-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/sauce-service@15152

@wdio/shared-store-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/shared-store-service@15152

@wdio/smoke-test-cjs-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/smoke-test-cjs-service@15152

@wdio/smoke-test-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/smoke-test-reporter@15152

@wdio/smoke-test-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/smoke-test-service@15152

@wdio/spec-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/spec-reporter@15152

@wdio/static-server-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/static-server-service@15152

@wdio/sumologic-reporter

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/sumologic-reporter@15152

@wdio/testingbot-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/testingbot-service@15152

@wdio/types

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/types@15152

@wdio/utils

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/utils@15152

@wdio/webdriver-mock-service

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/webdriver-mock-service@15152

@wdio/xvfb

npm i https://pkg.pr.new/webdriverio/webdriverio/@wdio/xvfb@15152

webdriver

npm i https://pkg.pr.new/webdriverio/webdriverio/webdriver@15152

webdriverio

npm i https://pkg.pr.new/webdriverio/webdriverio@15152

commit: 60dfff7

dependabot · 2026-03-14T13:16:49Z

Dependabot can't authenticate to a private package registry. Because of this, Dependabot cannot update this pull request.

dependabot · 2026-03-15T11:42:52Z

Dependabot can't resolve your JavaScript dependency files. Because of this, Dependabot cannot update this pull request.

Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.23.0...v6.24.0) --- updated-dependencies: - dependency-name: undici dependency-version: 6.24.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 13, 2026

dependabot Bot mentioned this pull request Mar 13, 2026

chore(deps): bump undici from 6.21.3 to 6.23.0 #15025

Closed

dependabot Bot force-pushed the dependabot/npm_and_yarn/undici-6.24.0 branch from c356af0 to 1ddfb93 Compare March 15, 2026 16:10

dependabot Bot force-pushed the dependabot/npm_and_yarn/undici-6.24.0 branch from 1ddfb93 to ae3268c Compare April 3, 2026 16:47

dependabot Bot force-pushed the dependabot/npm_and_yarn/undici-6.24.0 branch from ae3268c to 60dfff7 Compare April 4, 2026 15:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump undici from 6.23.0 to 6.24.0#15152

chore(deps): bump undici from 6.23.0 to 6.24.0#15152
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/undici-6.24.0

dependabot Bot commented on behalf of github Mar 13, 2026 •

edited

Loading

Uh oh!

pkg-pr-new Bot commented Mar 13, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Mar 14, 2026

Uh oh!

dependabot Bot commented on behalf of github Mar 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Mar 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

Upgrade guidance

Fixed advisories

Not applicable to v6

Affected and patched ranges (v6)

References

Uh oh!

pkg-pr-new Bot commented Mar 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot Bot commented on behalf of github Mar 14, 2026

Uh oh!

dependabot Bot commented on behalf of github Mar 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Mar 13, 2026 •

edited

Loading

pkg-pr-new Bot commented Mar 13, 2026 •

edited

Loading