Skip to content

chore(deps): bump undici from 6.23.0 to 6.24.0#7780

Merged
BridgeAR merged 1 commit intomasterfrom
dependabot/npm_and_yarn/undici-6.24.0
Mar 13, 2026
Merged

chore(deps): bump undici from 6.23.0 to 6.24.0#7780
BridgeAR merged 1 commit intomasterfrom
dependabot/npm_and_yarn/undici-6.24.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026

Bumps undici from 6.23.0 to 6.24.0.

Release notes

Sourced from undici's releases.

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

Not applicable to v6

Affected and patched ranges (v6)

References

Commits
  • 8873c94 Bumped v6.24.0
  • 411bd01 test(websocket): use node:assert for Node 18 compatibility
  • 844bf59 test: fix http2 lint regressions in backport
  • a444e4f test: stabilize h2 and tls-cert-leak under current test runner
  • dc032a1 fix: h2 CI (#4395)
  • 4cd3f4b test: increase bitness in test/fixtures/*.pem (#3659)
  • 7df6442 fix: adapt websocket frame-limit handling for v6 parser
  • 4e0179a fix: reject duplicate content-length and host headers
  • 5a97f08 Fix websocket 64-bit length overflow
  • e43e898 fix: validate upgrade header to prevent CRLF injection
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump undici from 6.23.0 to 6.24.0
dea838b 
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.23.0...v6.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependabot dependencies javascript Pull requests that update javascript code semver-patch labels Mar 13, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 13, 2026 20:36
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.33%. Comparing base (1198526) to head (dea838b).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #7780   +/-   ##
=======================================
  Coverage   80.33%   80.33%           
=======================================
  Files         743      743           
  Lines       32227    32227           
=======================================
+ Hits        25889    25891    +2     
+ Misses       6338     6336    -2
Flag Coverage Δ
aiguard-macos 39.08% <ø> (-0.10%) ⬇️
aiguard-ubuntu 39.20% <ø> (-0.10%) ⬇️
aiguard-windows 38.93% <ø> (-0.10%) ⬇️
apm-capabilities-tracing-macos 48.86% <ø> (-0.01%) ⬇️
apm-capabilities-tracing-ubuntu 48.91% <ø> (ø)
apm-capabilities-tracing-windows 48.59% <ø> (-0.02%) ⬇️
apm-integrations-child-process 38.38% <ø> (-0.10%) ⬇️
apm-integrations-couchbase-18 37.16% <ø> (-0.10%) ⬇️
apm-integrations-couchbase-eol 37.76% <ø> (-0.10%) ⬇️
apm-integrations-oracledb 37.60% <ø> (-0.10%) ⬇️
appsec-express 55.19% <ø> (-0.09%) ⬇️
appsec-fastify 51.53% <ø> (-0.07%) ⬇️
appsec-graphql 51.72% <ø> (-0.07%) ⬇️
appsec-kafka 44.26% <ø> (-0.08%) ⬇️
appsec-ldapjs 43.92% <ø> (-0.08%) ⬇️
appsec-lodash 43.58% <ø> (-0.08%) ⬇️
appsec-macos 58.19% <ø> (-0.07%) ⬇️
appsec-mongodb-core 48.69% <ø> (-0.08%) ⬇️
appsec-mongoose 49.35% <ø> (-0.09%) ⬇️
appsec-mysql 50.79% <ø> (-0.07%) ⬇️
appsec-node-serialize 43.10% <ø> (-0.08%) ⬇️
appsec-passport 47.54% <ø> (-0.09%) ⬇️
appsec-postgres 50.51% <ø> (-0.07%) ⬇️
appsec-sourcing 42.50% <ø> (-0.08%) ⬇️
appsec-template 43.26% <ø> (-0.08%) ⬇️
appsec-ubuntu 58.28% <ø> (-0.07%) ⬇️
appsec-windows 58.04% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-bluebird 32.25% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-body-parser 40.40% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-child_process 37.70% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-cookie-parser 34.23% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-express 34.55% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-express-mongo-sanitize 34.36% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-express-session 40.04% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-fs 31.87% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-generic-pool 29.68% <ø> (ø)
instrumentations-instrumentation-http 39.67% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-knex 32.26% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-mongoose 33.39% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-multer 40.15% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-mysql2 38.16% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-passport 43.96% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-passport-http 43.63% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-passport-local 44.16% <ø> (-0.09%) ⬇️
instrumentations-instrumentation-pg 37.59% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-promise 32.18% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-promise-js 32.19% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-q 32.23% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-url 32.16% <ø> (-0.10%) ⬇️
instrumentations-instrumentation-when 32.20% <ø> (-0.10%) ⬇️
llmobs-ai 42.14% <ø> (-0.09%) ⬇️
llmobs-anthropic 40.13% <ø> (-0.09%) ⬇️
llmobs-bedrock 39.12% <ø> (-0.08%) ⬇️
llmobs-google-genai 39.68% <ø> (-0.09%) ⬇️
llmobs-langchain 39.92% <ø> (-0.08%) ⬇️
llmobs-openai 43.86% <ø> (-0.09%) ⬇️
llmobs-vertex-ai 39.93% <ø> (-0.02%) ⬇️
platform-core 31.47% <ø> (ø)
platform-esbuild 34.42% <ø> (ø)
platform-instrumentations-misc 48.35% <ø> (ø)
platform-shimmer 37.56% <ø> (ø)
platform-unit-guardrails 32.89% <ø> (ø)
plugins-azure-durable-functions 25.62% <ø> (ø)
plugins-azure-event-hubs 25.79% <ø> (ø)
plugins-azure-service-bus 25.15% <ø> (ø)
plugins-bullmq 44.21% <ø> (-0.05%) ⬇️
plugins-cassandra 37.64% <ø> (-0.23%) ⬇️
plugins-cookie 26.84% <ø> (ø)
plugins-cookie-parser 26.63% <ø> (ø)
plugins-crypto 26.73% <ø> (ø)
plugins-dd-trace-api 38.21% <ø> (-0.10%) ⬇️
plugins-express-mongo-sanitize 26.78% <ø> (ø)
plugins-express-session 26.59% <ø> (ø)
plugins-fastify 42.11% <ø> (-0.09%) ⬇️
plugins-fetch 38.21% <ø> (-0.09%) ⬇️
plugins-fs 38.48% <ø> (-0.10%) ⬇️
plugins-generic-pool 25.83% <ø> (ø)
plugins-google-cloud-pubsub 45.33% <ø> (-0.09%) ⬇️
plugins-grpc 40.79% <ø> (-0.09%) ⬇️
plugins-handlebars 26.82% <ø> (ø)
plugins-hapi 40.03% <ø> (-0.10%) ⬇️
plugins-hono 40.29% <ø> (-0.10%) ⬇️
plugins-ioredis 38.29% <ø> (-0.10%) ⬇️
plugins-knex 26.46% <ø> (ø)
plugins-ldapjs 24.32% <ø> (ø)
plugins-light-my-request 26.19% <ø> (ø)
plugins-limitd-client 32.53% <ø> (-0.10%) ⬇️
plugins-lodash 25.92% <ø> (ø)
plugins-mariadb 39.34% <ø> (-0.10%) ⬇️
plugins-memcached 38.01% <ø> (-0.10%) ⬇️
plugins-microgateway-core 39.10% <ø> (-0.10%) ⬇️
plugins-moleculer 40.39% <ø> (-0.09%) ⬇️
plugins-mongodb 39.03% <ø> (-0.10%) ⬇️
plugins-mongodb-core 38.86% <ø> (-0.10%) ⬇️
plugins-mongoose 38.73% <ø> (-0.10%) ⬇️
plugins-multer 26.59% <ø> (ø)
plugins-mysql 39.02% <ø> (-0.10%) ⬇️
plugins-mysql2 39.12% <ø> (-0.10%) ⬇️
plugins-node-serialize 26.89% <ø> (ø)
plugins-opensearch 37.47% <ø> (-0.10%) ⬇️
plugins-passport-http 26.64% <ø> (ø)
plugins-postgres 35.52% <ø> (-0.09%) ⬇️
plugins-process 26.73% <ø> (ø)
plugins-pug 26.84% <ø> (ø)
plugins-redis 38.75% <ø> (-0.09%) ⬇️
plugins-router 42.84% <ø> (-0.10%) ⬇️
plugins-sequelize 25.43% <ø> (ø)
plugins-test-and-upstream-amqp10 38.37% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-amqplib 43.75% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-apollo 39.00% <ø> (-0.09%) ⬇️
plugins-test-and-upstream-avsc 38.54% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-bunyan 33.79% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-connect 40.69% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-graphql 39.98% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-koa 40.28% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-protobufjs 38.76% <ø> (-0.10%) ⬇️
plugins-test-and-upstream-rhea 43.92% <ø> (-0.13%) ⬇️
plugins-undici 38.98% <ø> (-0.09%) ⬇️
plugins-url 26.73% <ø> (ø)
plugins-valkey 37.96% <ø> (-0.10%) ⬇️
plugins-vm 26.73% <ø> (ø)
plugins-winston 33.98% <ø> (-0.10%) ⬇️
plugins-ws 41.74% <ø> (-0.10%) ⬇️
profiling-macos 39.79% <ø> (-0.10%) ⬇️
profiling-ubuntu 40.32% <ø> (-0.10%) ⬇️
profiling-windows 41.50% <ø> (+0.30%) ⬆️
serverless-azure-functions-client 25.50% <ø> (ø)
serverless-azure-functions-eventhubs 25.50% <ø> (ø)
serverless-azure-functions-servicebus 25.50% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 13, 2026

Overall package size

Self size: 4.97 MB
Deduped: 5.81 MB
No deduping: 5.81 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 3.0.0 | 81.15 kB | 815.98 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@pr-commenter
Copy link
Copy Markdown

pr-commenter bot commented Mar 13, 2026

Benchmarks

Benchmark execution time: 2026-03-13 20:43:21

Comparing candidate commit dea838b in PR branch dependabot/npm_and_yarn/undici-6.24.0 with baseline commit 1198526 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 231 metrics, 29 unstable metrics.

@BridgeAR BridgeAR merged commit 53a032e into master Mar 13, 2026
797 checks passed
@BridgeAR BridgeAR deleted the dependabot/npm_and_yarn/undici-6.24.0 branch March 13, 2026 22:24
dd-octo-sts bot pushed a commit that referenced this pull request Mar 14, 2026
@dependabot @rochdev
chore(deps): bump undici from 6.23.0 to 6.24.0 (#7780)
a263d24 
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.23.0...v6.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dd-octo-sts dd-octo-sts bot mentioned this pull request Mar 14, 2026
Merged
CarlesDD pushed a commit that referenced this pull request Mar 16, 2026
@dependabot @CarlesDD
chore(deps): bump undici from 6.23.0 to 6.24.0 (#7780)
318fdb0 
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.23.0...v6.24.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BridgeAR BridgeAR BridgeAR approved these changes

Assignees

No one assigned

Labels

dependabot dependencies javascript Pull requests that update javascript code semver-patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BridgeAR