[Security] Upgrade Undici dependency to latest version
Opened this issue · 0 comments
Dieman89 commented
Detailed paths
Introduced through: › apollo-datasource-http@0.21.0 › undici@4.16.0
Fix: Upgrade to undici@5.5.1
Overview
undici is an An HTTP/1.1 client, written from scratch for Node.js
Affected versions of this package are vulnerable to Improper Certificate Validation due to Undici.ProxyAgent missing verification of the remote server's certificate, which leads to exposure of all the requests and responses data to the proxy.