chore(deps): update dependency undici to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
undici (source)	^6.16.1 -> ^7.0.0

---

Release Notes

nodejs/undici (undici)

v7.16.0

Compare Source

What's Changed

• Drop npm token, use OIDC instead by @​mcollina in #​4447
• fetch: instantiate readableStream in extractBody with sync methods by @​Uzlopak in #​4350
• fix: remove async on [kClose] and [kDestroy], only return Promise by @​Uzlopak in #​4450
• fetch: make consumeBody sync by @​Uzlopak in #​4449
• perf: make client.connect() sync by @​Uzlopak in #​4455
• fetch: remove promise in exported fetch by @​Uzlopak in #​4452
• fix(#​4451): implement http2 cookie support by @​metcoder95 in #​4453
• test: cache store tests should properly be skipped by @​Uzlopak in #​4463
• test: fix IPv6 skip check for test/client.js by @​Uzlopak in #​4466
• test: remove skip check for AbortSignal.timeout, as it exists since node18 by @​Uzlopak in #​4464
• test: investigate macos failing by @​Uzlopak in #​4467
• test: remove obsolete < node v18 test case for http2 by @​Uzlopak in #​4461
• perf: avoid intermediate promise on BodyReadable.dump by @​Uzlopak in #​4459
• test: remove skip check for long-lived-abort-controller test (was flaky 10 months ago) by @​Uzlopak in #​4465
• test: remove skip checks for existance of global available Blob and File by @​Uzlopak in #​4460
• perf (fetch): use less promises for ReadableStream by @​Uzlopak in #​4457
• fix: catch synchronous errors in request callbacks by @​mcollina in #​4443
• fix: avoid instanceof MockNotMatchedError by @​Uzlopak in #​4474
• eventsource: remove promise for #reconnect method by @​Uzlopak in #​4469
• feat: make UndiciErrors reliable to instanceof by @​Uzlopak in #​4472
• chore: call super() after type checks by @​Uzlopak in #​4475
• chore: FixedQueue does not need special constructor by @​Uzlopak in #​4476
• fix: buildAndValidateMockOptions should always get an object passed and always return an object by @​Uzlopak in #​4479
• fix: remove unused ResponseStatusCodeError by @​Uzlopak in #​4473
• chore: pool and dispatcherbase dont need constructor, use no array helper functions by @​Uzlopak in #​4477
• lint: avoid unintented use of globals in code and tests, improve test for installing/overwriting globals by @​Uzlopak in #​4478
• test: fix macos flakyness by @​Uzlopak in #​4468
• fix: 'no-referrer-when-downgrade' in determineRequestsReferrer should return referrerURL by @​Uzlopak in #​4482
• fix: deflake cache-fastimers-fix.js by @​Uzlopak in #​4491
• fix: improve validation of IP addresses as trustworthy, correct ipv4 check by @​Uzlopak in #​4489
• test (pool.js): fix flakyness of clientTtl test by @​Uzlopak in #​4494
• test (eventsource): refactor tests for eventsource, speed them up by @​Uzlopak in #​4493
• fix: remove useless catch in client-h1.js by @​Uzlopak in #​4481
• test: skip flaky encoding test on macos and node20 by @​Uzlopak in #​4497
• fix: implement proper stale-while-revalidate behavior per RFC 5861 by @​mcollina in #​4492
• test (websocket): speed up test/websocket/issue-2679.js by @​Uzlopak in #​4501
• webidl: fix existing and add missing buffer source converters by @​Renegade334 in #​4503
• use real wpt test server by @​KhafraDev in #​4486
• test: another try to fix flaky macos and node 20 by @​Uzlopak in #​4490
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​4507
• build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.3 by @​dependabot[bot] in #​4509
• fix writing to websocketstream with SharedArrayBuffer/SharedArrayBuff… by @​KhafraDev in #​4504
• test: use faketimers for test/client-keep-alive, refactor a little by @​Uzlopak in #​4499
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.0 by @​dependabot[bot] in #​4510
• build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 by @​dependabot[bot] in #​4508
• fix(h2): adjust :scheme on h2 requests by @​metcoder95 in #​4454
• chore: use lowercase filenames, remove unused verifyVersion.js by @​Uzlopak in #​4514
• chore: refactor workflows by @​Uzlopak in #​4513
• chore: use [] instead of new Array(0) by @​Uzlopak in #​4435
• change webidl attribute to bitwise flag by @​KhafraDev in #​4505
• chore: make also cache-tests integrated as a submodule by @​Uzlopak in #​4517
• ci: fine grained test nodejs workflow by @​Uzlopak in #​4516
• feat: Support for capping the number of origins in Agent by @​JoshMock in #​4365
• wpt: properly handle write permissions errors in wpt-runner setup by @​Uzlopak in #​4518
• fetch: process content-encoding header only if relevant by @​Uzlopak in #​4496
• websocket: always emit error event by @​KhafraDev in #​4521
• refactor: parseHttpDate by @​Uzlopak in #​4421
• fix: wpt should use master branch by @​Uzlopak in #​4524
• fix: shell command built from environment values by @​ptrgits in #​4392
• example: use metcoders https-pem for the example by @​Uzlopak in #​4436
• Disable SIMD for PPC64 architecture, add UNDICI_NO_WASM_SIMD env to facilitate testing by @​mcollina in #​4530
• fix: make error symbols non enumerable by @​Uzlopak in #​4531

New Contributors

• @​Renegade334 made their first contribution in #​4503
• @​JoshMock made their first contribution in #​4365
• @​ptrgits made their first contribution in #​4392

Full Changelog: nodejs/undici@v7.15.0...v7.16.0

v7.15.0

Compare Source

What's Changed

• feat: extract sri from fetch, upgrade to latest spec by @​Uzlopak in #​4307
• Update WPT by @​github-actions[bot] in #​4422
• build(deps-dev): bump @​fastify/busboy from 3.1.1 to 3.2.0 by @​dependabot[bot] in #​4428
• fix: memory leak in Agent by @​hexchain in #​4425
• chore: remove lib/api/util.js by @​Uzlopak in #​3578
• ci: reenable shared builtin CI tests by @​richardlau in #​4426
• Decompression Interceptor by @​FelixVaughan in #​4317
• chore: update llhttp by @​Uzlopak in #​4431
• chore: remove unused exceptions in try catch blocks by @​Uzlopak in #​4440
• types: remove type Error = unknown for diagnostic-channels by @​Uzlopak in #​4438
• chore: avoid overriding global escape and unescape by @​Uzlopak in #​4437
• cache : serialize Query only if needed, avoid throwing error by @​Uzlopak in #​4441
• types: add SnapshotRecorderMode by @​Uzlopak in #​4442

New Contributors

• @​hexchain made their first contribution in #​4425

Full Changelog: nodejs/undici@v7.14.0...v7.15.0

v7.14.0

Compare Source

What's Changed

• Fix flaky snapshot-testing by @​mcollina in #​4367
• Actually flush the file in lib/mock/snapshot-recorder.js by @​mcollina in #​4378
• docs: clarify Node.js version support in LTS table by @​mcollina in #​4375
• cache: fix excessive caching and some other lack of caching by @​fredericDelaporte in #​4335
• feat(websocket): add handshake response info to undici:websocket:open diagnostic event by @​tawseefnabi in #​4396
• feat: add install() function to type definitions by @​jsaguet in #​4384
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in #​4380
• build(deps): bump cronometro from 4.0.3 to 5.3.0 in /benchmarks by @​dependabot[bot] in #​4171
• build(deps): bump step-security/harden-runner from 2.12.0 to 2.13.0 by @​dependabot[bot] in #​4379
• fix: h2 CI by @​metcoder95 in #​4395
• feat: EventSource can be configured with reconnectionTime by @​Uzlopak in #​4260
• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in #​4404
• eventsource: deflake reconnectionTime tests by @​Uzlopak in #​4406
• cache: change normaliseHeaders to normalizeHeaders by @​Uzlopak in #​4408
• build(deps-dev): bump jest from 29.7.0 to 30.0.5 by @​dependabot[bot] in #​4387
• build(deps-dev): bump cross-env from 7.0.3 to 10.0.0 by @​dependabot[bot] in #​4386
• cache-control: no-cache: use quoted-string form by @​alxndrsn in #​4177
• test: fix snapshot testing flaky test by @​Uzlopak in #​4410
• fix formdata constructor args mark optional by @​tsctx in #​4411
• Update WPT by @​github-actions[bot] in #​4358
• Update Cache Tests by @​github-actions[bot] in #​4096
• chore: improve imports and requires by @​Uzlopak in #​4418
• refactor: snapshot-recorder by @​Uzlopak in #​4413
• Update WPT by @​github-actions[bot] in #​4416
• fix: better set a finalizer on cloned response by @​tsctx in #​4419

New Contributors

• @​tawseefnabi made their first contribution in #​4396
• @​jsaguet made their first contribution in #​4384

Full Changelog: nodejs/undici@v7.13.0...v7.14.0

v7.13.0

Compare Source

What's Changed

• MockAgent.prototype.get support ignoreTrailingSlash option by @​lisez in #​4344
• chore: more jsdoc and minor improvements for lib/api/readable.js, by @​Uzlopak in #​4351
• ci: skip Node.js 20 tests on Windows by @​mcollina in #​4353
• Update WPT by @​github-actions[bot] in #​4267
• feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#​4180) by @​caitp in #​4340
• fix: detect and prevent redirect loops with Client/Pool by @​mcollina in #​4361
• remove node:buffer imports by @​KhafraDev in #​4362
• fix: remove deprecated maxRedirections option from types by @​mcollina in #​4363
• Amend the GC warning in the README to clarify that consuming bodies is recommended but not required by @​mcollina in #​4364
• fix(inteceptor/dump): handle preemptive network errors by @​metcoder95 in #​4354
• feat: add SnapshotAgent for HTTP request recording and playback by @​mcollina in #​4270

New Contributors

• @​lisez made their first contribution in #​4344

Full Changelog: nodejs/undici@v7.12.0...v7.13.0

v7.12.0

Compare Source

What's Changed

• test: remove tspl on 2283 test by @​Uzlopak in #​4301
• chore: reduce amount of intermediate functions by @​Uzlopak in #​4298
• ci: disable shared builtin CI tests by @​mcollina in #​4276
• webidl: remove unnecessary parameters from webidl.converters.RequestInfo and webidl.converters.RequestInit by @​Uzlopak in #​4304
• fetch: remove await, add jsdoc for some body read functions by @​Uzlopak in #​4303
• test: use assert and not testcontext in issue-2283.js by @​Uzlopak in #​4306
• chore: jsdoc use @returns everywhere by @​Uzlopak in #​4302
• chore: fix typo by @​pimothyxd in #​4312
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in #​4315
• feat: throw error when maxRedirections is used with undici.request() by @​mcollina in #​4311
• Clarify the type option of the cache interceptor by @​fredericDelaporte in #​4299
• cache: allow caching heuristically cacheable error status codes by @​mcollina in #​4318
• chore(doc): update undici vs fetch by @​styfle in #​4319
• don't set a finalizer on cloned request by @​tsctx in #​4320
• websocketstream: close readablestream properly by @​KhafraDev in #​4322
• add ping(websocket, payload) util by @​KhafraDev in #​4325
• fix sending ping with no payload by @​KhafraDev in #​4329
• refactor: eliminate eager llhttp promise creation by @​mcollina in #​4337
• Fix misleading cacheByDefault documentation by @​fredericDelaporte in #​4338
• add websocket to websocket diagnostic channels by @​KhafraDev in #​4321
• speed up flaky websocket test by @​KhafraDev in #​4343
• fetch: minor modifications by @​Uzlopak in #​4347
• fetch: make readable-stream methods sync by @​Uzlopak in #​4346
• remove creating an extra Promise just for common cleanup by @​bmeck in #​4339
• chore: extract createDeferredPromise from fetch/utils.js by @​Uzlopak in #​4345

New Contributors

• @​pimothyxd made their first contribution in #​4312
• @​fredericDelaporte made their first contribution in #​4299
• @​bmeck made their first contribution in #​4339

Full Changelog: nodejs/undici@v7.11.0...v7.12.0

v7.11.0

Compare Source

What's Changed

• Update WPT by @​github-actions in #​4214
• feat(fetch): add zstandard decompression support by @​J3m5 in #​4238
• fix(debug): remove extra forward slash in logs by @​aidant in #​4236
• types: EventSource short handlers can be null by @​Uzlopak in #​4246
• remove finalizationregistry workaround by @​mcollina in #​4250
• build(deps): bump actions/dependency-review-action from 4.5.0 to 4.7.1 by @​dependabot in #​4255
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.18 by @​dependabot in #​4252
• build(deps): bump codecov/codecov-action from 5.1.2 to 5.4.3 by @​dependabot in #​4253
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot in #​4254
• Query unaware interceptors cache fix by @​FelixVaughan in #​4240
• docs: fix interceptor order description in compose method by @​mcollina in #​4251
• chore: require node native modules with node:-prefix by @​Uzlopak in #​4256
• fix: eventsource does not reconnect on network error by @​Uzlopak in #​4247
• fix: add guard by @​GeoffreyBooth in #​4262
• Extract webidl by @​Uzlopak in #​4259
• build(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 by @​dependabot in #​4132
• build(deps-dev): bump fast-check from 3.23.2 to 4.1.1 by @​dependabot in #​4167
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot in #​4137
• build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @​dependabot in #​4168
• build(deps): bump hendrikmuhs/ccache-action from 1.2.14 to 1.2.18 by @​dependabot in #​4190
• build(deps): bump fastify/github-action-merge-dependabot from 3.11.0 to 3.11.1 by @​dependabot in #​4135
• build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 by @​dependabot in #​4188
• build(deps-dev): bump borp from 0.19.0 to 0.20.0 by @​dependabot in #​4194
• Fix several WPT failures by @​tsctx in #​4263
• Update WPT by @​github-actions in #​4235
• node.js fetch is wrongly typed (#​4271) by @​bpasero in #​4272
• Fix: Provide body on retry error, preserve socket by @​fatal10110 in #​4228
• add cause to WebSocket error by @​KhafraDev in #​4274
• doc: undici vs fetch by @​FelixVaughan in #​4245
• bench: add websockets by @​tsctx in #​3203
• webidl: remove fallback for USVString by @​Uzlopak in #​4264
• fix: Use correct Dispatcher.RequestOptions by @​IvanDimanov-OfficeRnD in #​4281
• feat: add install() function for global WHATWG fetch classes by @​mcollina in #​4286
• Fixed RedirectHandler type by @​rahulyadav5524 in #​4278
• feat(#​4086): proxy keep alive by @​metcoder95 in #​4128
• Add cleanMocks to MockClient and MockPool by @​DemianParkhomenko in #​4176
• fetch: add missing new operator on TypeError instantiation in readAllBytes by @​Uzlopak in #​4297
• Skip failing wpts by @​mcollina in #​4294
• feat: add request body diagnostic channels by @​legendecas in #​4289
• Fix timer guards to avoid TypeError under fake‐timers and polyfilled … by @​1ly4s0 in #​4213
• cache: update MemoryCacheStore default limits by @​mcollina in #​4292
• fix: EnvHttpProxyAgent.Options should accept ProxyAgent.Options by @​urugator in #​4243

New Contributors

• @​J3m5 made their first contribution in #​4238
• @​aidant made their first contribution in #​4236
• @​bpasero made their first contribution in #​4272
• @​IvanDimanov-OfficeRnD made their first contribution in #​4281
• @​rahulyadav5524 made their first contribution in #​4278
• @​DemianParkhomenko made their first contribution in #​4176
• @​1ly4s0 made their first contribution in #​4213
• @​urugator made their first contribution in #​4243

Full Changelog: nodejs/undici@v7.10.0...v7.11.0

v7.10.0

Compare Source

What's Changed

• Add "clientLifetime" option to close and remove connections from the pool after a specified time. by @​dhalbrook in #​4175
• remove spurious only by @​mcollina in #​4207
• add node v24 workflow by @​tsctx in #​4206
• Update WPT by @​github-actions in #​4172
• chore: add pnpm-lock.yaml to .gitignore by @​styfle in #​4227
• fix: agent memory leak by @​styfle in #​4223
• Add ability to detect when MemoryCacheStore reaches max size by @​FelixVaughan in #​4224
• feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections by @​caitp in #​4180
• docs: correct example in FormData request by @​inyourtime in #​4226

New Contributors

• @​dhalbrook made their first contribution in #​4175
• @​caitp made their first contribution in #​4180
• @​inyourtime made their first contribution in #​4226

Full Changelog: nodejs/undici@v7.9.0...v7.10.0

v7.9.0

Compare Source

What's Changed

• build(deps): bump step-security/harden-runner from 2.10.2 to 2.11.1 by @​dependabot in #​4134
• Update WPT by @​github-actions in #​4155
• Update WPT by @​github-actions in #​4170
• feat: add new acceptNonStandardSearchParameters MockAgent option by @​dario-piotrowicz in #​4148
• fix: cache: treat cache-control request header case-insensitively by @​alxndrsn in #​4131
• cache: honour unqualified no-cache response directive by @​alxndrsn in #​4178
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot in #​4079
• Ensure conflicting flat headers in HTTP/2 are combined correctly by @​pimterry in #​4196
• Add stats of client and pool to be accessible through agent by @​tdeekens in #​4157
• Fix missing code in diagnostics example by @​islandryu in #​4195
• Doc cors spec compliance by @​FelixVaughan in #​4202
• Restore cache tests & fix max-age behavior by @​mcollina in #​4198

New Contributors

• @​tdeekens made their first contribution in #​4157
• @​islandryu made their first contribution in #​4195
• @​FelixVaughan made their first contribution in #​4202

Full Changelog: nodejs/undici@v7.8.0...v7.9.0

v7.8.0

Compare Source

What's Changed

• cache: more efficient sqlite indices by @​ronag in #​4142
• skip now failing wpts by @​mcollina in #​4145
• apply some sqlite pragma optimizations by @​ronag in #​4147
• types(websocket): Import from stream/web by @​Jiralite in #​4038
• cache: don't check size if not necessary by @​ronag in #​4140
• docs: fix inteceptors typo by @​dario-piotrowicz in #​4151
• Update WPT by @​github-actions in #​4141
• build(deps-dev): bump esbuild from 0.24.2 to 0.25.2 by @​dependabot in #​4130

New Contributors

• @​Jiralite made their first contribution in #​4038
• @​dario-piotrowicz made their first contribution in #​4151

Full Changelog: nodejs/undici@v7.7.0...v7.8.0

v7.7.0

Compare Source

What's Changed

• fix: export UndiciHeaders type and set dispatch headers to UndiciHeaders by @​dancastillo in #​3849
• feat(h2): emit connectionerror upon GOAWAY frame by @​metcoder95 in #​4123
• Update WPT by @​github-actions in #​4126
• Update DNS caching example to include other interceptors, production configuration by @​GeoffreyBooth in #​4127
• feat: implement h2c client by @​metcoder95 in #​4118

New Contributors

• @​GeoffreyBooth made their first contribution in #​4127

Full Changelog: nodejs/undici@v7.6.0...v7.7.0

v7.6.0

Compare Source

What's Changed

• Update WPT by @​github-actions in #​4067
• lib: limit string split length by @​gurgunday in #​4098
• docs/PULL_REQUEST_TEMPLATE: deep-link to certificate of origin by @​alxndrsn in #​4102
• cache: fix typo by @​alxndrsn in #​4101
• disable header de-duplication in test servers by @​alxndrsn in #​4110
• CacheRevalidationHandler: add missing header to comment by @​alxndrsn in #​4111
• Fix typo in Agent.md by @​Exifers in #​4115
• build(deps-dev): bump @​matteo.collina/tspl from 0.1.1 to 0.2.0 by @​dependabot in #​4119
• fix 4105 by @​KhafraDev in #​4117
• Update WPT by @​github-actions in #​4100
• cache: ensure vary & revalidation headers are case-insensitive by @​alxndrsn in #​4112

New Contributors

• @​alxndrsn made their first contribution in #​4102
• @​Exifers made their first contribution in #​4115

Full Changelog: nodejs/undici@v7.5.0...v7.6.0

v7.5.0

Compare Source

What's Changed

• feat(docs): button to switch dark and light mode by @​shivarm in #​4044
• feat: add mock call history to access request configuration in test by @​blephy in #​4029
• fix: Fix retry-handler.js when retry-after header is a Date by @​fgiova in #​4084
• Update Cache Tests by @​github-actions in #​4027
• Allow disabling autoSelectFamily in an Agent by @​hitsthings in #​4070
• Removed clients with unrecoverable errors from the Pool by @​mcollina in #​4088

New Contributors

• @​blephy made their first contribution in #​4029
• @​fgiova made their first contribution in #​4084
• @​hitsthings made their first contribution in #​4070

Full Changelog: nodejs/undici@v7.4.0...v7.5.0

v7.4.0

Compare Source

What's Changed

• fix: apply byte offset on Buffer.from by @​ronag in #​4019
• fix: fetch body fallback random number generation by @​Uzlopak in #​4023
• Add release instructions by @​mcollina in #​4022
• Update Cache Tests by @​github-actions in #​4020
• Update WPT by @​github-actions in #​4011
• docs: document about global dispatcher and errors (#​3987) by @​zuozp8 in #​4014
• docs: fix incorrect method signature of onResponseError by @​tmair in #​4030
• feat(docs): copy to clipboard button by @​shivarm in #​4037
• don't check AbortSignal maxListeners on some node versions by @​KhafraDev in #​4045
• feat: mark EnvHttpProxyAgent as stable by @​aduh95 in #​4049
• test: fix windows wpt by @​metcoder95 in #​4050
• fix: do not throw unhandled exception when data is undefined in interceptor.reply by @​frederikprijck in #​4036
• fix: handle missing vary header values by @​gurgunday in #​4031
• Update WPT by @​github-actions in #​4028
• Update WPT by @​github-actions in #​4062
• fix: fix EnvHttpProxyAgent for the Node.js bundle by @​joyeecheung in #​4064

New Contributors

• @​zuozp8 made their first contribution in #​4014
• @​tmair made their first contribution in #​4030
• @​shivarm made their first contribution in #​4037
• @​frederikprijck made their first contribution in #​4036
• @​joyeecheung made their first contribution in #​4064

Full Changelog: nodejs/undici@v7.3.0...v7.4.0

v7.3.0

Compare Source

What's Changed

• fix: sqlite null ref by @​ronag in #​4016
• fix: sqlite remove unnecessary parameter by @​ronag in #​4017
• feat: sqlite add set and minor cleanup by @​ronag in #​4018

Full Changelog: nodejs/undici@v7.2.3...v7.3.0

v7.2.3

Compare Source

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

• Fix typo in update cache tests action by @​flakey5 in #​4008

Full Changelog: nodejs/undici@v7.2.2...v7.2.3

v7.2.2

Compare Source

What's Changed

• Update WPT by @​github-actions in #​3991
• fix: dual-stack retries infinite loop by [@​luddd3](https://redirect.github.com/ludd

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@​6.21.3 ⏵ 7.16.0	+1		+1

View full report