Skip to content

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 15, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
undici@>=6.0.0 (source) ^6.21.1 -> ^6.21.2 age confidence

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

Release Notes

nodejs/undici (undici@>=6.0.0)

v6.21.2

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency label May 15, 2025
@netlify Netlify
Copy link

netlify bot commented May 15, 2025
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit 3fd8c51
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/68f4cbe3389171000848f683

@github-actions GitHub Actions
Copy link

github-actions bot commented May 15, 2025
edited
Loading

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 42.92
  • Iterations/s: 14.32
  • Failed Requests: 0.00% (0 of 2583)
📜 Logs 

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 932 kB 16 kB/s
     data_sent......................: 2.0 MB 33 kB/s
     http_req_blocked...............: avg=7.47µs   min=2.41µs   med=5.34µs   max=961.3µs  p(90)=6.44µs   p(95)=7.05µs  
     http_req_connecting............: avg=583ns    min=0s       med=0s       max=871.64µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=92.51ms  min=6.83ms   med=75.67ms  max=618.46ms p(90)=156.22ms p(95)=178.5ms 
       { expected_response:true }...: avg=92.51ms  min=6.83ms   med=75.67ms  max=618.46ms p(90)=156.22ms p(95)=178.5ms 
     http_req_failed................: 0.00%  ✓ 0         ✗ 2583
     http_req_receiving.............: avg=91.97µs  min=25.32µs  med=79.03µs  max=2.11ms   p(90)=116.69µs p(95)=158.79µs
     http_req_sending...............: avg=37.63µs  min=9.87µs   med=28.53µs  max=3.07ms   p(90)=42.92µs  p(95)=55.69µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=92.38ms  min=6.65ms   med=75.57ms  max=618.2ms  p(90)=156.1ms  p(95)=178.4ms 
     http_reqs......................: 2583   42.91554/s
     iteration_duration.............: avg=278.88ms min=175.38ms med=264.59ms max=1.04s    p(90)=334.73ms p(95)=365.59ms
     iterations.....................: 862    14.321794/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4

@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 19, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 6940acd to 3ec9b2d Compare May 20, 2025 00:06
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 20, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 3ec9b2d to 23148f9 Compare May 28, 2025 13:58
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 23148f9 to aea5dce Compare May 28, 2025 18:45
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 28, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 53e8534 to c2642ef Compare May 29, 2025 02:40
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 29, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from c2642ef to 8b1c8bc Compare June 4, 2025 08:10
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 4, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 4, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 9a03252 to 93b5f3f Compare June 6, 2025 02:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 93b5f3f to e5e1809 Compare June 6, 2025 23:38
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e5e1809 to 1c2fa2f Compare June 9, 2025 11:56
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 1c2fa2f to 031b7d2 Compare June 9, 2025 15:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 031b7d2 to 85c3890 Compare June 9, 2025 19:24
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 85c3890 to e7ff9f7 Compare June 9, 2025 22:36
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Sep 25, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] Oct 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from c03868e to ff23cea Compare October 9, 2025 10:46
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Oct 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 6bff99a to 1650bdc Compare October 10, 2025 18:35
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] Oct 10, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 1650bdc to 3d53b55 Compare October 10, 2025 20:59
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Oct 10, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 3d53b55 to 13439b5 Compare October 13, 2025 11:11
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] Oct 13, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 13439b5 to 39f226d Compare October 13, 2025 12:25
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Oct 13, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] Oct 14, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from a111017 to 87f9bb3 Compare October 14, 2025 16:11
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Oct 14, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] Oct 15, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 87f9bb3 to 6fc077f Compare October 15, 2025 14:24
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Oct 15, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 8744e77 to e980a3c Compare October 16, 2025 18:09
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] Oct 16, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e980a3c to 74edd2b Compare October 16, 2025 23:06
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Oct 16, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 74edd2b to f6832eb Compare October 17, 2025 14:18
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] Oct 17, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from f6832eb to 3fd8c51 Compare October 19, 2025 11:30
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.22.0 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Oct 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants