Skip to content

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] #3432

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 15, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
undici@>=6.0.0 (source) ^6.21.1 -> ^6.21.2 age confidence

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

Release Notes

nodejs/undici (undici@>=6.0.0)

v6.21.2

Compare Source

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency label May 15, 2025
@netlify Netlify
Copy link

netlify bot commented May 15, 2025
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit c23c63d
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/6877d3f00d32bf00080b4251

@github-actions GitHub Actions
Copy link

github-actions bot commented May 15, 2025
edited
Loading

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 44.63
  • Iterations/s: 14.90
  • Failed Requests: 0.00% (0 of 2683)
📜 Logs 

> [email protected] run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 969 kB 16 kB/s
     data_sent......................: 2.1 MB 34 kB/s
     http_req_blocked...............: avg=6.24µs   min=2.09µs  med=4.97µs   max=738.72µs p(90)=5.93µs   p(95)=6.39µs  
     http_req_connecting............: avg=341ns    min=0s      med=0s       max=379.62µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=88.97ms  min=6.57ms  med=75.67ms  max=517.86ms p(90)=148.68ms p(95)=172.49ms
       { expected_response:true }...: avg=88.97ms  min=6.57ms  med=75.67ms  max=517.86ms p(90)=148.68ms p(95)=172.49ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2683
     http_req_receiving.............: avg=85.75µs  min=21.06µs med=75.75µs  max=888.81µs p(90)=113.16µs p(95)=149.8µs 
     http_req_sending...............: avg=36.05µs  min=9.93µs  med=26.98µs  max=2.44ms   p(90)=38.68µs  p(95)=53.31µs 
     http_req_tls_handshaking.......: avg=0s       min=0s      med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=88.85ms  min=6.42ms  med=75.56ms  max=517.79ms p(90)=148.6ms  p(95)=172.38ms
     http_reqs......................: 2683   44.629253/s
     iteration_duration.............: avg=268.04ms min=139.2ms med=255.51ms max=1.04s    p(90)=332.28ms p(95)=367.35ms
     iterations.....................: 896    14.904141/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4

@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 19, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 6940acd to 3ec9b2d Compare May 20, 2025 00:06
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 20, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 3ec9b2d to 23148f9 Compare May 28, 2025 13:58
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 23148f9 to aea5dce Compare May 28, 2025 18:45
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 28, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] May 28, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 53e8534 to c2642ef Compare May 29, 2025 02:40
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] May 29, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from c2642ef to 8b1c8bc Compare June 4, 2025 08:10
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 4, 2025
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 4, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch 2 times, most recently from 9a03252 to 93b5f3f Compare June 6, 2025 02:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 93b5f3f to e5e1809 Compare June 6, 2025 23:38
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e5e1809 to 1c2fa2f Compare June 9, 2025 11:56
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 1c2fa2f to 031b7d2 Compare June 9, 2025 15:04
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 031b7d2 to 85c3890 Compare June 9, 2025 19:24
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jun 9, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 85c3890 to e7ff9f7 Compare June 9, 2025 22:36
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 2, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 0b8b6b2 to a68f2c0 Compare July 2, 2025 15:43
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jul 2, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from a68f2c0 to 5f48080 Compare July 3, 2025 03:44
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 3, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 5f48080 to 3d234cc Compare July 6, 2025 12:38
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jul 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 3d234cc to f4dd559 Compare July 6, 2025 16:40
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 6, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from f4dd559 to 5c53906 Compare July 8, 2025 11:07
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jul 8, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 5c53906 to a4bfe3c Compare July 8, 2025 11:36
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 8, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from a4bfe3c to 78a9be1 Compare July 8, 2025 12:51
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jul 8, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 78a9be1 to 627de88 Compare July 8, 2025 12:59
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 8, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 627de88 to 1165471 Compare July 8, 2025 14:57
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jul 8, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 1165471 to fa21da2 Compare July 8, 2025 21:00
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 8, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from fa21da2 to 81fad73 Compare July 10, 2025 08:42
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jul 10, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from 81fad73 to c5b4380 Compare July 10, 2025 08:50
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 10, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from c5b4380 to e4c3049 Compare July 16, 2025 11:47
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] Jul 16, 2025
@renovate renovate bot force-pushed the renovate-npm-undici>=6.0.0-vulnerability branch from e4c3049 to c23c63d Compare July 16, 2025 16:31
@renovate renovate bot changed the title chore(deps): update dependency undici@>=6.0.0 to ^6.21.3 [security] chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security] Jul 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants