Bump undici from 7.16.0 to 7.21.0 by dependabot[bot] · Pull Request #1852 · stellar/laboratory

dependabot · 2026-02-07T16:31:19Z

Bumps undici from 7.16.0 to 7.21.0.

Release notes

v7.21.0

What's Changed

build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @dependabot[bot] in nodejs/undici#4796

test: restore global dispatcher after fetch tests by @mcollina in nodejs/undici#4790

Add missing close method to WebSocketStream interface by @piotr-cz in nodejs/undici#4802

fix: error stream instead of canceling by @KhafraDev in nodejs/undici#4804

Fix clientTtl cleanup race in Agent by @mcollina in nodejs/undici#4807

feat(#4230): Implement pingInterval for dispatching PING frames by @metcoder95 in nodejs/undici#4296

fix: handle undefined __filename in bundled environments by @mcollina in nodejs/undici#4812

fix: set finalizer only for fetch responses by @tsctx in nodejs/undici#4803

New Contributors

@piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

What's Changed

fix: preserve fetch stack traces by @mcollina in nodejs/undici#4778

Fix error handling in MockPool example by @dave-kennedy in nodejs/undici#4781

feat: expose statusText in request() ResponseData by @domenic in nodejs/undici#4784

test: reduce retry-after invalid date flake by @mcollina in nodejs/undici#4788

extractBody fixes by @KhafraDev in nodejs/undici#4791

fix: MockAgent delayed response with AbortSignal (#4693) by @mcollina in nodejs/undici#4772

fix: onParserTimeout potentially accessing undefined by @vbfox in nodejs/undici#4758

New Contributors

@dave-kennedy made their first contribution in nodejs/undici#4781

@vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

Minor code cleanups to decompress interceptor by @domenic in nodejs/undici#4754

fix(h2): fix flaky stream end handling on macOS by @mcollina in nodejs/undici#4762

return response when receiving 401 instead of network error by @KhafraDev in nodejs/undici#4769

fix: properly close idle connections in test server cleanup by @mcollina in nodejs/undici#4764

fix: decode HTTP headers as latin1 instead of utf8 by @mcollina in nodejs/undici#4768

fix: submodule update by @Uzlopak in nodejs/undici#4648

build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @dependabot[bot] in nodejs/undici#4720

New Contributors

@domenic made their first contribution in nodejs/undici#4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

v7.19.1

What's Changed

fix: use commit hash when generating release (#4757) by @fenichelar in nodejs/undici#4759

... (truncated)

Commits

393c0da Bumped v7.21.0 (#4813)
47f9b96 fix: set finalizer only for fetch responses (#4803)
92e38fc fix: handle undefined __filename in bundled environments (#4812)
283f2aa feat(#4230): Implement pingInterval for dispatching PING frames (#4296)
9cc025b Fix clientTtl cleanup race (#4807)
fc8bb75 fix: error stream instead of canceling (#4804)
ff6bc5a Add close method to WebSocketStream interface (#4802)
dae4d91 test: restore global dispatcher after fetch tests (#4790)
072c17a build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 (#4796)
6cc668d Bumped v7.20.0 (#4792)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [undici](https://github.com/nodejs/undici) from 7.16.0 to 7.21.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.16.0...v7.21.0) --- updated-dependencies: - dependency-name: undici dependency-version: 7.21.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

socket-security · 2026-02-07T16:31:55Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: npm `caniuse-lite` under CC-BY-4.0 License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (npm metadata) License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/LICENSE) License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/package.json) From: pnpm-lock.yaml → `npm/@sentry/nextjs@10.29.0` → `npm/caniuse-lite@1.0.30001769` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/caniuse-lite@1.0.30001769`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 7, 2026

Copilot AI review requested due to automatic review settings February 7, 2026 16:31

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 7, 2026

github-project-automation bot moved this to Backlog (Not Ready) in DevX Feb 7, 2026

github-project-automation bot added this to DevX Feb 7, 2026

dependabot bot mentioned this pull request Feb 7, 2026

Bump undici from 7.16.0 to 7.19.2 #1839

Closed

Copilot AI reviewed Feb 7, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump undici from 7.16.0 to 7.21.0#1852

Bump undici from 7.16.0 to 7.21.0#1852
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/undici-7.21.0

dependabot bot commented on behalf of github Feb 7, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

socket-security bot commented Feb 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 7, 2026

v7.21.0

What's Changed

New Contributors

v7.20.0

What's Changed

New Contributors

v7.19.2

What's Changed

New Contributors

v7.19.1

What's Changed

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Uh oh!

socket-security bot commented Feb 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants