Security Warning with "undici": "^5.28.4"

[nakulrao]

Hello!

We're getting security error via Synk for undici@5.28.4 currently used in testcontainers/redpanda

✗ Insecure Randomness [High Severity][https://security.snyk.io/vuln/SNYK-JS-UNDICI-8641354] in undici@5.28.4 introduced by @testcontainers/redpanda@10.16.0 > testcontainers@10.16.0 > undici@5.28.4 and 1 other path(s) This issue was fixed in versions: 5.28.5, 6.[21](...).1, 7.2.3

testcontainers-node/packages/testcontainers/package.json

Line 47 in f3aa07c

"undici": "^5.28.4"

Would it be possible to bump this to 7.x?

Thanks,

[cristianrgreco]

Hi @nakulrao, upgrading to Undici 7.x is a breaking change for Node versions. There's a PR in progress which will update dep major versions which will come soon. In the meantime the fix for the Undici security vuln is here #900. Will merge/release a patch soon.