[Snyk] Upgrade: , , , solid-start, undici

[X-oss-byte]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@solid-auth/next
from 0.0.19 to 0.0.23 | 3 versions ahead of your current version | 2 years ago
on 2022-12-24
@solidjs/meta
from 0.28.7 to 0.29.4 | 4 versions ahead of your current version | 4 months ago
on 2024-05-15
@solidjs/router
from 0.6.0 to 0.14.3 | 53 versions ahead of your current version | a month ago
on 2024-08-14
solid-start
from 0.2.32 to 0.3.11 | 20 versions ahead of your current version | 6 months ago
on 2024-03-20
undici
from 5.11.0 to 5.28.4 | 46 versions ahead of your current version | 5 months ago
on 2024-04-02

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UNDICI-3323845	551	Proof of Concept
	CRLF Injection SNYK-JS-UNDICI-3323844	551	Proof of Concept
	Information Exposure SNYK-JS-UNDICI-5962466	551	No Known Exploit
	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	551	No Known Exploit
	Improper Access Control SNYK-JS-UNDICI-6564963	551	No Known Exploit
	Improper Authorization SNYK-JS-UNDICI-6564964	551	No Known Exploit

Release notes

Package name: @solidjs/meta

• 0.29.4 - 2024-05-15
• 0.29.3 - 2023-12-13
• 0.29.1 - 2023-10-27
• 0.29.0 - 2023-10-26
• 0.28.7 - 2023-10-26

from @solidjs/meta GitHub release notes

Package name: @solidjs/router

• 0.14.3 - 2024-08-14
• 0.14.2 - 2024-08-12
• 0.14.1 - 2024-07-08
• 0.14.0 - 2024-07-08
• 0.13.6 - 2024-06-18
• 0.13.5 - 2024-05-31
• 0.13.4 - 2024-05-29
• 0.13.3 - 2024-05-01
• 0.13.2 - 2024-04-10
• 0.13.1 - 2024-03-18
• 0.13.0 - 2024-03-07
• 0.12.5 - 2024-03-04
• 0.12.4 - 2024-02-20
• 0.12.3 - 2024-02-16
• 0.12.2 - 2024-02-16
• 0.12.1 - 2024-02-16
• 0.12.0 - 2024-02-09
• 0.11.5 - 2024-02-07
• 0.11.4 - 2024-02-07
• 0.11.3 - 2024-02-02
• 0.11.2 - 2024-02-01
• 0.11.1 - 2024-02-01
• 0.11.0 - 2024-02-01
• 0.10.10 - 2024-01-24
• 0.10.9 - 2024-01-12
• 0.10.8 - 2024-01-10
• 0.10.7 - 2024-01-08
• 0.10.6 - 2024-01-04
• 0.10.5 - 2023-12-18
• 0.10.4 - 2023-12-17
• 0.10.3 - 2023-12-14
• 0.10.2 - 2023-12-13
• 0.10.1 - 2023-12-08
• 0.10.0 - 2023-12-07
• 0.10.0-beta.9 - 2023-12-06
• 0.10.0-beta.8 - 2023-12-04
• 0.10.0-beta.7 - 2023-12-04
• 0.10.0-beta.6 - 2023-12-01
• 0.10.0-beta.5 - 2023-11-30
• 0.10.0-beta.4 - 2023-11-29
• 0.10.0-beta.3 - 2023-11-27
• 0.10.0-beta.2 - 2023-11-21
• 0.10.0-beta.1 - 2023-11-17
• 0.10.0-beta.0 - 2023-11-15
• 0.9.1 - 2023-11-10
• 0.9.0 - 2023-11-07
• 0.8.4 - 2023-11-06
• 0.8.3 - 2023-08-08
• 0.8.2 - 2023-03-25
• 0.8.1 - 2023-03-20
• 0.8.0 - 2023-03-10
• 0.7.1 - 2023-03-10
• 0.7.0 - 2023-01-20
• 0.6.0 - 2022-12-21

from @solidjs/router GitHub release notes

Package name: solid-start

• 0.3.11 - 2024-03-20
• 0.3.10 - 2023-11-07
• 0.3.9 - 2023-11-01
• 0.3.8 - 2023-10-23
• 0.3.7 - 2023-10-17
• 0.3.6 - 2023-09-21
• 0.3.5 - 2023-08-29
• 0.3.4 - 2023-08-23
• 0.3.3 - 2023-08-14
• 0.3.2 - 2023-08-11
• 0.3.1 - 2023-08-08
  

  This release has a ton of code changes that had been orphaned on an experimental branch. Mostly around Islands router. Biggest update for those is those feature options are under experimental option now, and Islands use use client. This may not be the final API but it allows us to take the next steps.

  // new config
  import solid from "solid-start/vite";
  import { defineConfig } from "vite";
  export default defineConfig({
    plugins: [
      solid({
        experimental: { islands: true, islandsRouter: true },
      })
    ]
  });

  We have updated Docs, and added Movies and Notes apps. These only really work under this Islands mode and will serve as a basis as we fill in the features as we work on the R&D that is being funding by the Chrome team.

  Now that codebase is completely merged, we can resume our rebase effort with all the code in place. So to be clear this release is still the same SolidStart and is not built on another system.

  We have also changed the base version of SolidStart to be Node 18. This simplifies the need for polyfills and 16 is end of life next month anyway.

• 0.3.0 - 2023-08-08
• 0.3.0-alpha.7 - 2023-06-02
• 0.3.0-alpha.6 - 2023-05-27
• 0.3.0-alpha.5 - 2023-05-17
• 0.3.0-alpha.4 - 2023-05-04
• 0.3.0-alpha.3 - 2023-04-20
• 0.3.0-alpha.2 - 2023-04-19
• 0.3.0-alpha.1 - 2023-04-18
• 0.3.0-alpha.0 - 2023-04-18
• 0.2.32 - 2023-08-10

from solid-start GitHub release notes

Package name: undici

• 5.28.4 - 2024-04-02
  

  ⚠️ Security Release ⚠️

  • Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
  • Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

  Full Changelog: v5.28.3...v5.28.4

• 5.28.3 - 2024-02-05
• 5.28.2 - 2023-11-30
• 5.28.1 - 2023-11-27
• 5.28.0 - 2023-11-24
• 5.27.2 - 2023-11-03
• 5.27.1 - 2023-11-03
• 5.27.0 - 2023-10-26
• 5.26.5 - 2023-10-23
• 5.26.4 - 2023-10-19
• 5.26.3 - 2023-10-11
• 5.26.2 - 2023-10-11
• 5.26.1 - 2023-10-11
• 5.26.0 - 2023-10-11
• 5.25.4 - 2023-10-03
• 5.25.3 - 2023-10-01
• 5.25.2 - 2023-09-22
• 5.25.1 - 2023-09-20
• 5.25.0 - 2023-09-20
• 5.24.0 - 2023-09-08
• 5.24.0-test.6 - 2023-09-20
• 5.24.0-test.5 - 2023-09-19
• 5.24.0-test.4 - 2023-09-19
• 5.24.0-test.3 - 2023-09-19
• 5.24.0-test.2 - 2023-09-19
• 5.24.0-test.1 - 2023-09-19
• 5.24.0-test.0 - 2023-09-19
• 5.23.0 - 2023-08-03
• 5.22.1 - 2023-05-11
• 5.22.0 - 2023-04-20
• 5.21.2 - 2023-04-09
• 5.21.1 - 2023-04-08
• 5.21.0 - 2023-03-13
• 5.20.0 - 2023-02-18
• 5.19.1 - 2023-02-13
• 5.19.0 - 2023-02-13
• 5.18.0 - 2023-02-06
• 5.17.1 - 2023-02-04
• 5.17.0 - 2023-02-04
• 5.16.0 - 2023-01-23
• 5.15.2 - 2023-01-22
• 5.15.1 - 2023-01-19
• 5.15.0 - 2023-01-11
• 5.14.0 - 2022-12-08
• 5.13.0 - 2022-11-25
• 5.12.0 - 2022-10-27
• 5.11.0 - 2022-10-03

from undici GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5f4a824

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.