Skip to content

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 15, 2025
edited
Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package Change Age Confidence
undici@>=6.0.0 (source) ^6.21.1 -> ^6.21.2 age confidence

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

Release Notes

nodejs/undici (undici@>=6.0.0)

v6.21.2

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency label May 15, 2025
@netlify Netlify
Copy link

netlify bot commented May 15, 2025
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit c03868e
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/68d5c2cb2dd3230008b86590

@github-actions GitHub Actions
Copy link

github-actions bot commented May 15, 2025
edited
Loading

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 43.75
  • Iterations/s: 14.61
  • Failed Requests: 0.00% (0 of 2632)
📜 Logs 

> [email protected] run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 950 kB 16 kB/s
     data_sent......................: 2.0 MB 34 kB/s
     http_req_blocked...............: avg=6.81µs   min=1.86µs   med=5.4µs    max=1.32ms   p(90)=6.36µs   p(95)=6.93µs  
     http_req_connecting............: avg=336ns    min=0s       med=0s       max=266.5µs  p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=90.77ms  min=7.09ms   med=74.53ms  max=614.89ms p(90)=157.47ms p(95)=184.35ms
       { expected_response:true }...: avg=90.77ms  min=7.09ms   med=74.53ms  max=614.89ms p(90)=157.47ms p(95)=184.35ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2632
     http_req_receiving.............: avg=92.19µs  min=26.08µs  med=79.38µs  max=2.51ms   p(90)=113.81µs p(95)=143.67µs
     http_req_sending...............: avg=38.29µs  min=8.42µs   med=28.47µs  max=1.66ms   p(90)=43.31µs  p(95)=59.37µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=90.64ms  min=6.92ms   med=74.43ms  max=614.78ms p(90)=157.27ms p(95)=184.2ms 
     http_reqs......................: 2632   43.747028/s
     iteration_duration.............: avg=273.52ms min=173.77ms med=259.61ms max=1.16s    p(90)=337.76ms p(95)=365.51ms
     iterations.....................: 879    14.610045/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4

@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 19, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 6940acd to 3ec9b2d Compare May 20, 2025 00:06
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 20, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 3ec9b2d to 23148f9 Compare May 28, 2025 13:58
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 23148f9 to aea5dce Compare May 28, 2025 18:45
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 28, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 53e8534 to c2642ef Compare May 29, 2025 02:40
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 29, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from c2642ef to 8b1c8bc Compare June 4, 2025 08:10
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 4, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 4, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 9a03252 to 93b5f3f Compare June 6, 2025 02:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 93b5f3f to e5e1809 Compare June 6, 2025 23:38
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e5e1809 to 1c2fa2f Compare June 9, 2025 11:56
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 1c2fa2f to 031b7d2 Compare June 9, 2025 15:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 031b7d2 to 85c3890 Compare June 9, 2025 19:24
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 85c3890 to e7ff9f7 Compare June 9, 2025 22:36
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 5b1e3cc to 0adb913 Compare August 22, 2025 13:37
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Aug 22, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 0adb913 to 214ac52 Compare August 22, 2025 15:36
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Aug 22, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 214ac52 to 6537bf5 Compare August 31, 2025 14:34
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Aug 31, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Aug 31, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 52b0240 to e3d5430 Compare September 5, 2025 09:41
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Sep 5, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Sep 5, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 8837e75 to d916798 Compare September 5, 2025 13:12
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Sep 5, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from d916798 to ded7713 Compare September 5, 2025 21:32
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Sep 5, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from ded7713 to a493532 Compare September 22, 2025 06:46
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Sep 22, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from a493532 to a8976be Compare September 22, 2025 10:00
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Sep 22, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Sep 25, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from a8976be to 5d31702 Compare September 25, 2025 14:50
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Sep 25, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 176720a to 392c701 Compare September 25, 2025 16:37
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Sep 25, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 392c701 to c03868e Compare September 25, 2025 22:31
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Sep 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants