chore(deps): update dependency undici@>=6.0.0 to ^6.21.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
undici@>=6.0.0 (source)	^6.21.1 -> ^6.21.2

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

---

Release Notes

nodejs/undici (undici@>=6.0.0)

v6.21.2

Compare Source

What's Changed

• fix(types): add missing DNS interceptor by @​slagiewka in #​4024
• [v6.x] fix wpts on windows by @​mcollina in #​4093
• Removed clients with unrecoverable errors from the Pool #​4088

New Contributors

• @​slagiewka made their first contribution in #​4024

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for brilliant-pasca-3e80ec canceled.

Name	Link
🔨 Latest commit	2e7530f
🔍 Latest deploy log	https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/69011346c6c064000815f0e2

[github-actions]

🚀 Performance Test Results

Test Configuration:

• VUs: 4
• Duration: 1m0s

Test Metrics:

• Requests/s: 44.69
• Iterations/s: 14.91
• Failed Requests: 0.00% (0 of 2691)

📜 Logs

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 971 kB 16 kB/s
     data_sent......................: 2.1 MB 34 kB/s
     http_req_blocked...............: avg=7.87µs   min=2.13µs   med=5.03µs   max=3.98ms   p(90)=6.06µs   p(95)=6.61µs  
     http_req_connecting............: avg=422ns    min=0s       med=0s       max=526.3µs  p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=88.86ms  min=14.42ms  med=71.7ms   max=544.6ms  p(90)=153.34ms p(95)=172.88ms
       { expected_response:true }...: avg=88.86ms  min=14.42ms  med=71.7ms   max=544.6ms  p(90)=153.34ms p(95)=172.88ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2691
     http_req_receiving.............: avg=83.6µs   min=27.08µs  med=73.87µs  max=1.35ms   p(90)=108.12µs p(95)=136.87µs
     http_req_sending...............: avg=35.38µs  min=8.97µs   med=26.35µs  max=2.06ms   p(90)=38.25µs  p(95)=52.08µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=88.74ms  min=14.03ms  med=71.61ms  max=544.48ms p(90)=153.24ms p(95)=172.76ms
     http_reqs......................: 2691   44.690043/s
     iteration_duration.............: avg=267.86ms min=168.29ms med=249.21ms max=1.15s    p(90)=330.65ms p(95)=362.3ms 
     iterations.....................: 898    14.913288/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4