Update undici dependency to latest

[adam-rgare]

Hello,

I was wondering if it would be possible to update undici to the latest version in order to resolve CVE-2024-24750.

Reference: https://security.snyk.io/vuln/SNYK-JS-UNDICI-6252341

Thank you.

[cristianrgreco]

Hi @adam-rgare. I need some more info on this one. AFAIK Undici 6.x drops support for Node 18. However Node 18 still has some 6 months left of security support. Upgrading Undici would be a breaking change for everyone using this library with Node 18. It seems undici haven't released a security fix for 5.x, we are using the latest 5.x version. What do you advise? I reckon we'll have to wait for undici to release a 5.x fix.

[adam-rgare]

Appreciate the prompt response!