Bump undici and release-it

[dependabot]

Bumps undici to 7.24.5 and updates ancestor dependency release-it. These dependencies need to be updated together.

Updates undici from 6.23.0 to 7.24.5

Release notes

Sourced from undici's releases.

v7.24.5

What's Changed

• Formdata tests by @​KhafraDev in nodejs/undici#4902
• test: add unexpected disconnect guards to more client test files by @​samayer12 in nodejs/undici#4844
• fix(cache): only apply 1-year deleteAt for immutable responses by @​metalix2 in nodejs/undici#4913

New Contributors

• @​metalix2 made their first contribution in nodejs/undici#4913

Full Changelog: nodejs/undici@v7.24.4...v7.24.5

v7.24.4

What's Changed

• fix(fetch): handle URL credentials in dispatch path extraction by @​mcollina in nodejs/undici#4892

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

What's Changed

• fix(h2): TypeError: Cannot read properties of null (reading 'push') i… by @​hxinhan in nodejs/undici#4881

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

What's Changed

• fix fetch path logic by @​KhafraDev in nodejs/undici#4890
• remove maxDecompressedMessageSize by @​KhafraDev in nodejs/undici#4891

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

• fix: proto pollution by @​rahulyadav5524 in nodejs/undici#4885

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

... (truncated)

Commits

• 51fd661 Bumped v7.24.5 (#4915)
• 9077500 fix(cache): only apply 1-year deleteAt for immutable responses (#4913)
• 1c5dc1a test: add unexpected disconnect guards to more client test files (#4844)
• 2885361 Formdata tests (#4902)
• 4991f3e Bumped v7.24.4
• ea3a06d fix(fetch): preserve path for credentialed URLs (#4892)
• 9b96516 Bumped v7.24.3
• 7926660 Ignore .githuman
• 9eaa5af fix(h2): TypeError: Cannot read properties of null (reading 'push') in Reques...
• a9bfe21 ignore .pi
• Additional commits viewable in compare view

Updates release-it from 19.2.4 to 20.0.0

Release notes

Sourced from release-it's releases.

Release 20.0.0

• fix: remove leading slashes from owner (#1288) (5585b720e9389fa857ba50f86161245ccb3b9589) - thanks @​driiftkiing!
• Fix write: false guard in npm.bump (resolve #1267) (a2d1b99bfe52fff1b6768f904cae5c4aaa78cfb1)
• Format (f427a85758999073a5ea4f666c6ddb4cd5586d61)

Release 20.0.0-1

• Fix test (56cae4cd441e00a58d3d91fbc15b1503d423a775)
• Update changelog & docs for v20 (509e50b043003f8adf3f347af949819e2954b639)
• Improve guessPreReleaseTag → getRegistryDistTags (a62509e6c7374e3d6898b17ae9ec8c365296fe64)

Release 20.0.0-0

• fix: upgrade undici from 6.23.0 to 7.24.3 to resolve security vulnerabilities (#1285) (cd100eb1368d084f5892a9a2bbad0c14d511125e) - thanks @​nbouvrette!
• Fix Logger.info() on Node.js 25 (#1284) (dcc0b43fc6bb693b3ec176cd8d77bbb40f454164) - thanks @​bidord!
• Update proxy-agent to fix DEP0169 (#1287) (c660ef5f34536988abd203807f53ec3ea5c1c742) - thanks @​risantos!
• Update dependencies (9dc313e29e617af912ace05a5aaa5cc34fdf35a3)
• Fix lint issues (a0522ff8777fc6877bf03f5f441e33561c9dc25b)
• Bump engines.node (5654b9badae6dd08a3d654772d2f280f6b1d84c3)
• Don't roll back if isReleased is set (resolve #1281) (f2a31231f587cb4809415f4eae81a99617177341)
• Fix if not running test using npm (332f40536ec32bbd816f9872bb89bc864ee66136)
• Migrate to @​inquirer/prompts (resolve #1260) (6c21e95c9188e88d41bb30840672cbd5fe99f5b6)
• Pop it (c90c4c97e11da8f90b398f045e5337f8ec5e0439)

Changelog

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: [https://github.com/release-it/release-it/releases][1]

v20 (2026-03-24)

• Upgraded undici from v6 to v7 to resolve security vulnerabilities.
• Upgraded proxy-agent from v6 to v7 to fix DEP0169 (url.parse() deprecation).
• Migrated from deprecated inquirer to @inquirer/prompts.
• Bumped engines.node to minimum Node.js v20.19.0 (was v20.12.0).

v19 (2025-04-18)

• No breaking changes (dependency party)

v18 (2025-01-06)

• Removed support for Node.js v18.

v17 (2023-11-11)

• Removed support for Node.js v16.

v16 (2023-07-05)

• Removed support for Node.js v14.

v15 (2022-04-30)

• Removed support for Node.js v10 and v12.
• Removed support for GitLab v12.4 and lower.
• Removed anonymous metrics (and the option to disable it).
• Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

• Removed global property from plugins. Use this.config[key] instead.
• Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

• Dropped support for Node v8
• Dropped support for GitLab v11.6 and lower.
• Deprecated scripts are removed (in favor of [hooks][2]).
• Removed deprecated --non-interactive (-n) argument. Use --ci instead.
• Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

... (truncated)

Commits

• c03780d Release 20.0.0
• f427a85 Format
• a2d1b99 Fix write: false guard in npm.bump (resolve #1267)
• 5585b72 fix: remove leading slashes from owner (#1288)
• 5a36283 Release 20.0.0-1
• a62509e Improve guessPreReleaseTag → getRegistryDistTags
• 509e50b Update changelog & docs for v20
• 56cae4c Fix test
• 12e33f5 Release 20.0.0-0
• c90c4c9 Pop it
• Additional commits viewable in compare view