This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://redirect.github.com/nodejs/undici)) | [`6.21.1` -> `6.21.2`](https://renovatebot.com/diffs/npm/undici/6.21.1/6.21.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/6.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/6.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/6.21.1/6.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/6.21.1/6.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-47279](https://redirect.github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3) ### Impact Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. ### Patches This has been patched in [https://github.com/nodejs/undici/pull/4088](https://redirect.github.com/nodejs/undici/pull/4088). ### Workarounds If a webhook fails, avoid keep calling it repeatedly. ### References Reported as: [https://github.com/nodejs/undici/issues/3895](https://redirect.github.com/nodejs/undici/issues/3895) --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v6.21.2`](https://redirect.github.com/nodejs/undici/releases/tag/v6.21.2) [Compare Source](https://redirect.github.com/nodejs/undici/compare/v6.21.1...v6.21.2) #### What's Changed - fix(types): add missing DNS interceptor by [@slagiewka](https://redirect.github.com/slagiewka) in [https://github.com/nodejs/undici/pull/4024](https://redirect.github.com/nodejs/undici/pull/4024) - \[v6.x] fix wpts on windows by [@mcollina](https://redirect.github.com/mcollina) in [https://github.com/nodejs/undici/pull/4093](https://redirect.github.com/nodejs/undici/pull/4093) - Removed clients with unrecoverable errors from the Pool [https://github.com/nodejs/undici/pull/4088](https://redirect.github.com/nodejs/undici/pull/4088) #### New Contributors - [@slagiewka](https://redirect.github.com/slagiewka) made their first contribution in [https://github.com/nodejs/undici/pull/4024](https://redirect.github.com/nodejs/undici/pull/4024) **Full Changelog**: nodejs/undici@v6.21.1...v6.21.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/octokit/rest.js).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>