chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
undici@>=6.0.0 (source)	^6.21.1 -> ^6.21.2

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

---

Release Notes

nodejs/undici (undici@>=6.0.0)

v6.21.2

Compare Source

What's Changed

• fix(types): add missing DNS interceptor by @​slagiewka in #​4024
• [v6.x] fix wpts on windows by @​mcollina in #​4093
• Removed clients with unrecoverable errors from the Pool #​4088

New Contributors

• @​slagiewka made their first contribution in #​4024

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for brilliant-pasca-3e80ec canceled.

Name	Link
🔨 Latest commit	6bff99a
🔍 Latest deploy log	https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/68e7b365e5e5b600085fdb9c

[github-actions]

🚀 Performance Test Results

Test Configuration:

• VUs: 4
• Duration: 1m0s

Test Metrics:

• Requests/s: 42.40
• Iterations/s: 14.15
• Failed Requests: 0.00% (0 of 2553)

📜 Logs

> [email protected] run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 922 kB 15 kB/s
     data_sent......................: 2.0 MB 33 kB/s
     http_req_blocked...............: avg=6.84µs   min=2.25µs   med=5.19µs  max=1.49ms   p(90)=6.14µs   p(95)=6.69µs  
     http_req_connecting............: avg=1.12µs   min=0s       med=0s      max=1.39ms   p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=93.65ms  min=9.61ms   med=76.44ms max=574.05ms p(90)=161.47ms p(95)=178.78ms
       { expected_response:true }...: avg=93.65ms  min=9.61ms   med=76.44ms max=574.05ms p(90)=161.47ms p(95)=178.78ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2553
     http_req_receiving.............: avg=88.74µs  min=25.92µs  med=79.08µs max=1.04ms   p(90)=113.93µs p(95)=144.55µs
     http_req_sending...............: avg=34.86µs  min=9.81µs   med=27.78µs max=1.42ms   p(90)=39.45µs  p(95)=54.23µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s      max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=93.52ms  min=9.47ms   med=76.29ms max=573.93ms p(90)=161.26ms p(95)=178.67ms
     http_reqs......................: 2553   42.398037/s
     iteration_duration.............: avg=282.23ms min=187.34ms med=272.2ms max=1.13s    p(90)=328.36ms p(95)=381.44ms
     iterations.....................: 852    14.149286/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4