fix(socks5): enforce authenticated state before CONNECT

[trivikr]

This relates to...

Fixes: #5096

Rationale

Socks5Client emitted 'authenticated' on successful handshake/authentication but never transitioned into an authenticated state. As a result, connect() only rejected the already-connected state and could write a SOCKS CONNECT frame from invalid states such as initial, handshaking, authenticating, closed, or error.

This also affected Socks5ProxyAgent, which checks socks5Client.state === 'authenticated' in the NO_AUTH flow. Since that state was never set, the agent could miss the already-emitted 'authenticated' event and wait until the authentication timeout.

Changes

• add an explicit AUTHENTICATED state to Socks5Client
• transition to AUTHENTICATED before emitting 'authenticated' in both auth-success paths
• reject Socks5Client.connect() unless the client is authenticated
• update Socks5ProxyAgent to check STATES.AUTHENTICATED

Features

N/A

Bug Fixes

• prevent Socks5Client.connect() from sending CONNECT before authentication completes
• prevent Socks5Client.connect() from sending CONNECT after invalid lifecycle states
• fix Socks5ProxyAgent’s NO_AUTH authentication readiness check to use the actual authenticated state

Breaking Changes and Deprecations

This changes the internal Socks5Client.state value after successful authentication from the previous implicit/incorrect behavior to an explicit authenticated state. Socks5Client is not part of the public top-level undici API, so there is no intended public API break.

Status

• I have read and agreed to the Developer's Certificate of Origin
• Tested
• Benchmarked (optional)
• Documented
• Review ready
• In review
• Merge ready

Assisted-by: openai:gpt-5.4

[codecov-commenter]

Codecov Report

❌ Patch coverage is 87.50000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.13%. Comparing base (2a6f9c7) to head (0c2bf29).

Files with missing lines	Patch %	Lines
lib/core/socks5-client.js	85.71%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5097   +/-   ##
=======================================
  Coverage   93.13%   93.13%           
=======================================
  Files         110      110           
  Lines       35816    35826   +10     
=======================================
+ Hits        33356    33368   +12     
+ Misses       2460     2458    -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mcollina]

lgtm