chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
undici@>=6.0.0 (source)	^6.21.1 -> ^6.21.2

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

---

Release Notes

nodejs/undici (undici@>=6.0.0)

v6.21.2

Compare Source

What's Changed

• fix(types): add missing DNS interceptor by @​slagiewka in #​4024
• [v6.x] fix wpts on windows by @​mcollina in #​4093
• Removed clients with unrecoverable errors from the Pool #​4088

New Contributors

• @​slagiewka made their first contribution in #​4024

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for brilliant-pasca-3e80ec canceled.

Name	Link
🔨 Latest commit	8744e77
🔍 Latest deploy log	https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/68efb29e1031fb00084232f8

[github-actions]

🚀 Performance Test Results

Test Configuration:

• VUs: 4
• Duration: 1m0s

Test Metrics:

• Requests/s: 45.57
• Iterations/s: 15.22
• Failed Requests: 0.00% (0 of 2740)

📜 Logs

> [email protected] run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 989 kB 17 kB/s
     data_sent......................: 2.1 MB 35 kB/s
     http_req_blocked...............: avg=7.25µs   min=2.36µs   med=5.19µs  max=1.13ms   p(90)=6.36µs   p(95)=6.92µs  
     http_req_connecting............: avg=775ns    min=0s       med=0s      max=1.08ms   p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=87.2ms   min=6.78ms   med=71.92ms max=492.92ms p(90)=150.58ms p(95)=169.36ms
       { expected_response:true }...: avg=87.2ms   min=6.78ms   med=71.92ms max=492.92ms p(90)=150.58ms p(95)=169.36ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2740
     http_req_receiving.............: avg=82.96µs  min=27.66µs  med=72.13µs max=3.54ms   p(90)=105.95µs p(95)=125.81µs
     http_req_sending...............: avg=33.17µs  min=9.83µs   med=26.59µs max=2.19ms   p(90)=38.25µs  p(95)=49.35µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s      max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=87.08ms  min=6.58ms   med=71.76ms max=492.84ms p(90)=150.48ms p(95)=169.29ms
     http_reqs......................: 2740   45.565212/s
     iteration_duration.............: avg=262.68ms min=181.06ms med=246.3ms max=990.69ms p(90)=324.24ms p(95)=353.2ms 
     iterations.....................: 915    15.21612/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4