Bump undici and release-it

[dependabot]

Bumps undici to 7.24.5 and updates ancestor dependency release-it. These dependencies need to be updated together.

Updates undici from 6.21.2 to 7.24.5

Release notes

Sourced from undici's releases.

v7.24.5

What's Changed

• Formdata tests by @​KhafraDev in nodejs/undici#4902
• test: add unexpected disconnect guards to more client test files by @​samayer12 in nodejs/undici#4844
• fix(cache): only apply 1-year deleteAt for immutable responses by @​metalix2 in nodejs/undici#4913

New Contributors

• @​metalix2 made their first contribution in nodejs/undici#4913

Full Changelog: nodejs/undici@v7.24.4...v7.24.5

v7.24.4

What's Changed

• fix(fetch): handle URL credentials in dispatch path extraction by @​mcollina in nodejs/undici#4892

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

What's Changed

• fix(h2): TypeError: Cannot read properties of null (reading 'push') i… by @​hxinhan in nodejs/undici#4881

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

What's Changed

• fix fetch path logic by @​KhafraDev in nodejs/undici#4890
• remove maxDecompressedMessageSize by @​KhafraDev in nodejs/undici#4891

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

• fix: proto pollution by @​rahulyadav5524 in nodejs/undici#4885

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

... (truncated)

Commits

• 51fd661 Bumped v7.24.5 (#4915)
• 9077500 fix(cache): only apply 1-year deleteAt for immutable responses (#4913)
• 1c5dc1a test: add unexpected disconnect guards to more client test files (#4844)
• 2885361 Formdata tests (#4902)
• 4991f3e Bumped v7.24.4
• ea3a06d fix(fetch): preserve path for credentialed URLs (#4892)
• 9b96516 Bumped v7.24.3
• 7926660 Ignore .githuman
• 9eaa5af fix(h2): TypeError: Cannot read properties of null (reading 'push') in Reques...
• a9bfe21 ignore .pi
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Updates release-it from 19.0.1 to 20.0.0

Release notes

Sourced from release-it's releases.

Release 20.0.0

• fix: remove leading slashes from owner (#1288) (5585b720e9389fa857ba50f86161245ccb3b9589) - thanks @​driiftkiing!
• Fix write: false guard in npm.bump (resolve #1267) (a2d1b99bfe52fff1b6768f904cae5c4aaa78cfb1)
• Format (f427a85758999073a5ea4f666c6ddb4cd5586d61)

Release 20.0.0-1

• Fix test (56cae4cd441e00a58d3d91fbc15b1503d423a775)
• Update changelog & docs for v20 (509e50b043003f8adf3f347af949819e2954b639)
• Improve guessPreReleaseTag → getRegistryDistTags (a62509e6c7374e3d6898b17ae9ec8c365296fe64)

Release 20.0.0-0

• fix: upgrade undici from 6.23.0 to 7.24.3 to resolve security vulnerabilities (#1285) (cd100eb1368d084f5892a9a2bbad0c14d511125e) - thanks @​nbouvrette!
• Fix Logger.info() on Node.js 25 (#1284) (dcc0b43fc6bb693b3ec176cd8d77bbb40f454164) - thanks @​bidord!
• Update proxy-agent to fix DEP0169 (#1287) (c660ef5f34536988abd203807f53ec3ea5c1c742) - thanks @​risantos!
• Update dependencies (9dc313e29e617af912ace05a5aaa5cc34fdf35a3)
• Fix lint issues (a0522ff8777fc6877bf03f5f441e33561c9dc25b)
• Bump engines.node (5654b9badae6dd08a3d654772d2f280f6b1d84c3)
• Don't roll back if isReleased is set (resolve #1281) (f2a31231f587cb4809415f4eae81a99617177341)
• Fix if not running test using npm (332f40536ec32bbd816f9872bb89bc864ee66136)
• Migrate to @​inquirer/prompts (resolve #1260) (6c21e95c9188e88d41bb30840672cbd5fe99f5b6)
• Pop it (c90c4c97e11da8f90b398f045e5337f8ec5e0439)

Release 19.2.4

• chore: update dependencies to resolve security vulnerabilities (#1273) (b45dd1aa3749d74ce279600dea242cb3c9dd5e8d) - thanks @​Yeom-JinHo!
• Update a few dev deps (cd8acdc8fdb50cf60ba45e8bd5128c4669a04f00)

Release 19.2.3

• Reuse generated changelog (316dbfa458d670fc92d2da7fe7298ad90f44dc68)
• Remove obsolete eslint compat packages/config (f6cc8f3622995ebe98c43a8a5adb8d62b2de70b8)
• Update remark-preset-webpro and fix broken links (6e6dd4b893bd53a621ea2bee9ad48d5fa42f6279)

Release 19.2.2

• Improve getChangelog method (7a56364997d8ca4a640251bc9be37ed7cbf8568c)

Release 19.2.1

• Improve commit prompt (b7aca7c159b3d34fe45f6fb722bb5f664c4bae9a)
• Remedy potential edge case in template helper (5c0a6eeeddf7ed1ce0e4cfcffc1c2c72ab63a01b)

Release 19.2.0

• Add option to exit gracefully (e1f825dce259118401f17c1d9de0002233e21e67)
• Update dependencies (424c9f6c1d9681f4e4a3a37552dd2a99a750a3d2)
• Auto-format docs (06f41bbb4b0cbb59ef39a6bd426ee9034b6f396e)
• fix: add shell mode for npm commands on windows (#1266) (382e3464095628c23ef9c85c363933f3bf1db09e) - thanks @​julienbenac!
• Feat: Add publishPackageManager config option in NPM plugin to allow using different package manager for publishing (e.g. Bun) (#1169) (0dafc0b72159931f088e7232da6c34f0f1e8b06f) - thanks @​chrispader!
• Only use --workspaces=false with npm (12bb89ccaacdc2cbc0ba231f93d7bd389241d6a4)
• Fix up docs/types a bit (05a59863648a0b4ce9186b65cd21225a8421e181)
• Format (c9d6ebf0415d264e42945f967baae845401d016b)

Release 19.1.0

• Ignore .npmrc (8ccd060)

... (truncated)

Changelog

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: [https://github.com/release-it/release-it/releases][1]

v20 (2026-03-24)

• Upgraded undici from v6 to v7 to resolve security vulnerabilities.
• Upgraded proxy-agent from v6 to v7 to fix DEP0169 (url.parse() deprecation).
• Migrated from deprecated inquirer to @inquirer/prompts.
• Bumped engines.node to minimum Node.js v20.19.0 (was v20.12.0).

v19 (2025-04-18)

• No breaking changes (dependency party)

v18 (2025-01-06)

• Removed support for Node.js v18.

v17 (2023-11-11)

• Removed support for Node.js v16.

v16 (2023-07-05)

• Removed support for Node.js v14.

v15 (2022-04-30)

• Removed support for Node.js v10 and v12.
• Removed support for GitLab v12.4 and lower.
• Removed anonymous metrics (and the option to disable it).
• Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

• Removed global property from plugins. Use this.config[key] instead.
• Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

• Dropped support for Node v8
• Dropped support for GitLab v11.6 and lower.
• Deprecated scripts are removed (in favor of [hooks][2]).
• Removed deprecated --non-interactive (-n) argument. Use --ci instead.
• Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

... (truncated)

Commits

• c03780d Release 20.0.0
• f427a85 Format
• a2d1b99 Fix write: false guard in npm.bump (resolve #1267)
• 5585b72 fix: remove leading slashes from owner (#1288)
• 5a36283 Release 20.0.0-1
• a62509e Improve guessPreReleaseTag → getRegistryDistTags
• 509e50b Update changelog & docs for v20
• 56cae4c Fix test
• 12e33f5 Release 20.0.0-0
• c90c4c9 Pop it
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.