[Snyk] Security upgrade undici from 5.8.2 to 5.26.2 (#74)

<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br /><h3>Snyk has created this PR to fix one or more
vulnerable packages in the `npm` dependencies of this project.</h3>



#### Changes included in this PR

- Changes to the following files to upgrade the vulnerable dependencies
to a fixed version:
    - packages/plugin-votes/package.json
    - packages/plugin-votes/package-lock.json



#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit
Maturity

:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
![low
severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png
"low severity") | **481/1000** <br/> **Why?** Recently disclosed, Has a
fix available, CVSS 3.9 | Information Exposure
<br/>[SNYK-JS-UNDICI-5962466](https://snyk.io/vuln/SNYK-JS-UNDICI-5962466)
| No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.





<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>undici</b></summary>
    The new version differs by 250 commits.</br>
    <ul>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/12a62187d45f332cf39dd405f7c52b759cf40cdd">12a6218</a>
Bumped v5.26.2</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76">e041de3</a>
Merge pull request from GHSA-wqq4-5wpv-mx2g</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/c8c80b1115d668664d8cf3acec7535b0258c3079">c8c80b1</a>
5.26.1</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/7bcb80c0a22509ceba1b786847faba5aded1bea0">7bcb80c</a>
Fix node detection omfg (#2341)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/69ea7b94434e2a3746e6ad1477d122a8d4075c76">69ea7b9</a>
hopefully this fixes it for good (#2338)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/4006aaf43ac8b30e16d6d3b89fa2e0df4b7eef33">4006aaf</a>
Bumped v5.26.0</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/df9795883fb75eb97d27f86ce97a491bf023717c">df97958</a>
fix: 🐛 fix process http2 header (#2332)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/b9d83681443405bcc4e77a4c196e559944f1dfa1">b9d8368</a>
fix: 🏷️ add allowH2 to BuildOptions (#2334)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/06380f6a10d25df963c06023c3190e3f9160ed8a">06380f6</a>
Fix stuck when using http2 POST Buffer (#2336)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/3a9f48171d7486a558ac6f62a7c521d46fdd208b">3a9f481</a>
fix fetch with coverage enabled (#2330)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/882ff6dae52b85fd03ddcc1c047067d594d8eb1d">882ff6d</a>
[StepSecurity] ci: Harden GitHub Actions (#2325)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/470ee38145c5e6b367874b8b67f45143b67557c0">470ee38</a>
disallow setting host header in fetch (#2322)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/e5c9d703e63cd5ad691b8ce26e3f9a81c598f2e3">e5c9d70</a>
fix(#2311): End stream after body sent (#2314)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/045d4dbce3f5768b33fe944a3ee233466c2530ef">045d4db</a>
feat: respect &#x60;--max-http-header-size&#x60; Node.js flag
(#2234)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/af78c983b7dab87dbe7bf176bf23bbc9b5b28259">af78c98</a>
test: handle npm ignore-scripts settings (#2313)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/2de330fe93382cc7127b43aa2c87212a1bad44ec">2de330f</a>
build(deps-dev): bump sinon from 15.2.0 to 16.1.0 (#2312)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/e6450127d1cf5f84f4192ce1dd516d492426cf95">e645012</a>
fix: Agent.Options.factory should accept URL object or string as
parameter (#2295)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/898040d251c8928f5f78d58133f42de5ffa60af2">898040d</a>
chore: change order of the pseudo-headers (#2308)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/fcc1e39bc2771f9f8d9baa7bba47354b1b3b51d1">fcc1e39</a>
change default header to &#x60;node&#x60; (#2310)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/0fde27d39d4e49b1be8e1fb7cc640350f98e6555">0fde27d</a>
use npm install instead of npm ci (#2309)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/5e654f351a9a813fed3e9feff4388b5c4fbda787">5e654f3</a>
Bumped v5.23.4</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/7c2486d6f1560e7eb9cc127ea56dd4829998d8ea">7c2486d</a>
feat: disable FinalizationRegistry if NODE_V8_COVERAGE is set
(#2304)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/402446852bd65a7d2ba46973381fc8574f7165d1">4024468</a>
Further automate publishing of undici-types using GitHub Actions
workflow (#2290)</li>
<li><a
href="https://snyk.io/redirect/github/nodejs/undici/commit/5a750054ce7d473d336a7fa7ea4f42aee56afd0e">5a75005</a>
build(deps): bump actions/dependency-review-action from 3.0.8 to 3.1.0
(#2301)</li>
    </ul>

<a
href="https://snyk.io/redirect/github/nodejs/undici/compare/52d1ce56f7641d0c0d8359fc76537ebe15473e7e...12a62187d45f332cf39dd405f7c52b759cf40cdd">See
the full diff</a>
  </details>
</details>






Check the changes in this PR to ensure they won't cause issues with your
project.



------------



**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxNmMwNzcyNS1kMWY0LTQ1YjItYTE3MS1mYmZhMTQyYjk2N2QiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE2YzA3NzI1LWQxZjQtNDViMi1hMTcxLWZiZmExNDJiOTY3ZCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/xhyrom/project/fd5cbd46-97fe-48fd-a700-7b0ddb559796?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)

🛠 [Adjust project
settings](https://app.snyk.io/org/xhyrom/project/fd5cbd46-97fe-48fd-a700-7b0ddb559796?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)

📚 [Read more about Snyk's upgrade and patch
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

[//]: #
(snyk:metadata:{"prId":"16c07725-d1f4-45b2-a171-fbfa142b967d","prPublicId":"16c07725-d1f4-45b2-a171-fbfa142b967d","dependencies":[{"name":"undici","from":"5.8.2","to":"5.26.2"}],"packageManager":"npm","projectPublicId":"fd5cbd46-97fe-48fd-a700-7b0ddb559796","projectUrl":"https://app.snyk.io/org/xhyrom/project/fd5cbd46-97fe-48fd-a700-7b0ddb559796?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-UNDICI-5962466"],"upgrade":["SNYK-JS-UNDICI-5962466"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[481],"remediationStrategy":"vuln"})

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Learn about vulnerability in an interactive lesson of Snyk
Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)

Author: xhyrom

packages/plugin-votes/package-lock.json

@@ -43,6 +43,6 @@
   },
   "dependencies": {
     "express": "^4.17.2",
-    "undici": "^5.8.2"
+    "undici": "^5.26.2"
   }
 }