From e9af3ab5bc98a83f5486b84859e0c25e0a371a05 Mon Sep 17 00:00:00 2001 From: Phillip Pan Date: Tue, 17 Feb 2026 07:41:48 -0800 Subject: [PATCH] upgrade undici from 5.29.0 to 6.23.0 (#55574) Summary: Pull Request resolved: https://github.com/facebook/react-native/pull/55574 Upgrade the undici devDependency in react-native/dev-middleware from ^5.29.0 to ^6.23.0 to address security vulnerabilities. undici v6 drops the fastify/busboy dependency and requires Node.js >= 18, which is already satisfied by the engine requirements. The API surface used (Agent, request) remains compatible. Changelog: [Internal] Reviewed By: robhogan Differential Revision: D93298172 --- .../npm/{undici_v5.x.x.js => undici_v6.x.x.js} | 0 packages/dev-middleware/package.json | 2 +- yarn.lock | 15 ++++----------- 3 files changed, 5 insertions(+), 12 deletions(-) rename flow-typed/npm/{undici_v5.x.x.js => undici_v6.x.x.js} (100%) diff --git a/flow-typed/npm/undici_v5.x.x.js b/flow-typed/npm/undici_v6.x.x.js similarity index 100% rename from flow-typed/npm/undici_v5.x.x.js rename to flow-typed/npm/undici_v6.x.x.js diff --git a/packages/dev-middleware/package.json b/packages/dev-middleware/package.json index 7d7321ab44b3..93c7607d41aa 100644 --- a/packages/dev-middleware/package.json +++ b/packages/dev-middleware/package.json @@ -47,7 +47,7 @@ "devDependencies": { "@react-native/debugger-shell": "0.85.0-main", "selfsigned": "^4.0.0", - "undici": "^5.29.0", + "undici": "^6.23.0", "wait-for-expect": "^3.0.2" }, "engines": { diff --git a/yarn.lock b/yarn.lock index 4b75bc9e466e..f10b91fb7137 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1211,11 +1211,6 @@ dependencies: cross-spawn "^7.0.3" -"@fastify/busboy@^2.0.0": - version "2.1.1" - resolved "https://registry.yarnpkg.com/@fastify/busboy/-/busboy-2.1.1.tgz#b9da6a878a371829a0502c9b6c1c143ef6663f4d" - integrity sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA== - "@hapi/hoek@^9.0.0", "@hapi/hoek@^9.3.0": version "9.3.0" resolved "https://registry.yarnpkg.com/@hapi/hoek/-/hoek-9.3.0.tgz#8368869dcb735be2e7f5cb7647de78e167a251fb" @@ -9043,12 +9038,10 @@ undici-types@~6.21.0: resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.21.0.tgz#691d00af3909be93a7faa13be61b3a5b50ef12cb" integrity sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ== -undici@^5.29.0: - version "5.29.0" - resolved "https://registry.yarnpkg.com/undici/-/undici-5.29.0.tgz#419595449ae3f2cdcba3580a2e8903399bd1f5a3" - integrity sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg== - dependencies: - "@fastify/busboy" "^2.0.0" +undici@^6.23.0: + version "6.23.0" + resolved "https://registry.yarnpkg.com/undici/-/undici-6.23.0.tgz#7953087744d9095a96f115de3140ca3828aff3a4" + integrity sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g== unicode-canonical-property-names-ecmascript@^2.0.0: version "2.0.0"