Skip to content

chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security]#3433

Closed
renovate[bot] wants to merge 1 commit into
mainfrom
renovate-npm-undici>=5.0.0-vulnerability
Closed

chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security]#3433
renovate[bot] wants to merge 1 commit into
mainfrom
renovate-npm-undici>=5.0.0-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 15, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
undici@>=5.0.0 (source) ^5.28.5 -> ^5.29.0 age confidence

GitHub Vulnerability Alerts

CVE-2025-47279

Impact

Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak.

Patches

This has been patched in https://github.com/nodejs/undici/pull/4088.

Workarounds

If a webhook fails, avoid keep calling it repeatedly.

References

Reported as: https://github.com/nodejs/undici/issues/3895

Release Notes

nodejs/undici (undici@>=5.0.0)

v5.29.0

Compare Source

What's Changed

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency label May 15, 2025
@netlify
Copy link
Copy Markdown

netlify Bot commented May 15, 2025
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit 9187f61
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/6901138ee793c10008467774

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2025
edited
Loading

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 42.85
  • Iterations/s: 14.29
  • Failed Requests: 0.00% (0 of 2579)
📜 Logs 

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 931 kB 16 kB/s
     data_sent......................: 2.0 MB 33 kB/s
     http_req_blocked...............: avg=7.25µs   min=2.49µs   med=5.46µs   max=1.86ms   p(90)=6.8µs    p(95)=7.45µs  
     http_req_connecting............: avg=436ns    min=0s       med=0s       max=464.69µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=92.7ms   min=7.31ms   med=75.08ms  max=513.64ms p(90)=160.08ms p(95)=188.41ms
       { expected_response:true }...: avg=92.7ms   min=7.31ms   med=75.08ms  max=513.64ms p(90)=160.08ms p(95)=188.41ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2579
     http_req_receiving.............: avg=92.72µs  min=25.29µs  med=81.61µs  max=2.32ms   p(90)=119.54µs p(95)=147.97µs
     http_req_sending...............: avg=35.64µs  min=10.27µs  med=28.18µs  max=2ms      p(90)=40.17µs  p(95)=53.72µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=92.58ms  min=7.17ms   med=74.92ms  max=513.56ms p(90)=159.97ms p(95)=188.28ms
     http_reqs......................: 2579   42.850545/s
     iteration_duration.............: avg=279.68ms min=178.86ms med=264.61ms max=1.01s    p(90)=345.03ms p(95)=379.37ms
     iterations.....................: 860    14.289053/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4

@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 1ab9d89 to 188110b Compare May 19, 2025 18:00
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] May 19, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 188110b to 342c16d Compare May 20, 2025 00:06
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] May 20, 2025
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] May 28, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch 2 times, most recently from 573fbd1 to 14ab84d Compare May 28, 2025 18:45
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] May 28, 2025
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] May 28, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch 2 times, most recently from 00f2fe9 to 206e9aa Compare May 29, 2025 02:41
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] May 29, 2025
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jun 4, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch 2 times, most recently from 4a09574 to c263937 Compare June 4, 2025 11:51
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jun 4, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from c263937 to d1055ba Compare June 6, 2025 02:04
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jun 6, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from d1055ba to 1d7e00a Compare June 6, 2025 23:38
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jun 6, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 1d7e00a to 2bb744d Compare June 9, 2025 11:57
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jun 9, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 2bb744d to e69ee53 Compare June 9, 2025 15:05
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jun 9, 2025
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jun 9, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch 2 times, most recently from bb8eb47 to 6eeaf30 Compare June 9, 2025 22:36
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jun 17, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 17f0399 to 97c0a26 Compare June 17, 2025 22:47
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jun 17, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 97c0a26 to 8cc8fdc Compare June 18, 2025 11:30
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jun 18, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 8cc8fdc to 8463443 Compare June 18, 2025 16:57
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jun 18, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 8463443 to d7e4bdc Compare June 22, 2025 15:05
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jun 22, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from d7e4bdc to 2836e59 Compare June 22, 2025 18:06
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jun 22, 2025
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jul 2, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch 2 times, most recently from 908b78e to ac77add Compare July 2, 2025 10:30
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jul 2, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from ac77add to 3294e59 Compare July 2, 2025 15:44
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jul 2, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 3294e59 to cee39e0 Compare July 3, 2025 03:44
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jul 3, 2025
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jul 6, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch 2 times, most recently from ffe1c12 to eab302e Compare July 6, 2025 16:40
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jul 6, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from eab302e to 437f602 Compare July 8, 2025 11:07
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jul 8, 2025
@renovate renovate Bot force-pushed the renovate-npm-undici>=5.0.0-vulnerability branch from 437f602 to e6a87cf Compare July 8, 2025 11:36
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] chore(deps): update dependency undici@>=5.0.0 to v6 [security] Jul 8, 2025
@renovate renovate Bot changed the title chore(deps): update dependency undici@>=5.0.0 to v6 [security] chore(deps): update dependency undici@>=5.0.0 to ^5.29.0 [security] Jul 8, 2025
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Oct 30, 2025

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^5.29.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mkurapov