Skip to content

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 15, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
undici@>=6.0.0 (source) ^6.21.1 -> ^6.21.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

Release Notes

nodejs/undici (undici@>=6.0.0)

v6.21.2

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency label May 15, 2025
@netlify Netlify
Copy link

netlify bot commented May 15, 2025
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit 7c82b4f
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/685845f7ba54f300080c3246

@github-actions GitHub Actions
Copy link

github-actions bot commented May 15, 2025
edited
Loading

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 43.47
  • Iterations/s: 14.51
  • Failed Requests: 0.00% (0 of 2616)
📜 Logs 

> [email protected] run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 912 kB 15 kB/s
     data_sent......................: 1.8 MB 31 kB/s
     http_req_blocked...............: avg=7.22µs   min=2.17µs   med=5.08µs   max=3.08ms   p(90)=6.22µs   p(95)=6.63µs  
     http_req_connecting............: avg=257ns    min=0s       med=0s       max=179.36µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=91.39ms  min=8.7ms    med=77.39ms  max=602.78ms p(90)=157ms    p(95)=179.23ms
       { expected_response:true }...: avg=91.39ms  min=8.7ms    med=77.39ms  max=602.78ms p(90)=157ms    p(95)=179.23ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2616
     http_req_receiving.............: avg=78.74µs  min=24.29µs  med=71.57µs  max=1.54ms   p(90)=101.91µs p(95)=119.61µs
     http_req_sending...............: avg=33.87µs  min=8.8µs    med=26.84µs  max=2.52ms   p(90)=39.8µs   p(95)=53.9µs  
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=91.28ms  min=8.57ms   med=77.25ms  max=602.69ms p(90)=156.75ms p(95)=179.14ms
     http_reqs......................: 2616   43.467957/s
     iteration_duration.............: avg=275.45ms min=166.96ms med=265.91ms max=1.14s    p(90)=327.32ms p(95)=361.58ms
     iterations.....................: 873    14.505935/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4

@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 19, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 6940acd to 3ec9b2d Compare May 20, 2025 00:06
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 20, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 3ec9b2d to 23148f9 Compare May 28, 2025 13:58
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 23148f9 to aea5dce Compare May 28, 2025 18:45
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 28, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 53e8534 to c2642ef Compare May 29, 2025 02:40
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 29, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from c2642ef to 8b1c8bc Compare June 4, 2025 08:10
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 4, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 4, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 9a03252 to 93b5f3f Compare June 6, 2025 02:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 93b5f3f to e5e1809 Compare June 6, 2025 23:38
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e5e1809 to 1c2fa2f Compare June 9, 2025 11:56
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 1c2fa2f to 031b7d2 Compare June 9, 2025 15:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 031b7d2 to 85c3890 Compare June 9, 2025 19:24
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 85c3890 to e7ff9f7 Compare June 9, 2025 22:36
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e7ff9f7 to 23869aa Compare June 10, 2025 11:47
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 10, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 23869aa to 3d1abcd Compare June 10, 2025 12:25
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 10, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 3d1abcd to e4f0455 Compare June 12, 2025 17:02
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 12, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e4f0455 to 7b87e44 Compare June 12, 2025 17:20
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 12, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 7b87e44 to 8ac8f34 Compare June 13, 2025 19:36
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 13, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 8ac8f34 to 0a83556 Compare June 13, 2025 19:44
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 13, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 0a83556 to dfe63db Compare June 17, 2025 18:34
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 17, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from dfe63db to 9cd6213 Compare June 17, 2025 22:46
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 17, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 9cd6213 to 2022720 Compare June 18, 2025 11:30
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 18, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 2022720 to 9e727e7 Compare June 18, 2025 16:56
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 18, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 9e727e7 to d205a7e Compare June 22, 2025 15:05
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 22, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from d205a7e to 7c82b4f Compare June 22, 2025 18:05
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants