deps: update undici to 7.18.2 by nodejs-github-bot · Pull Request #61283 · nodejs/node

nodejs-github-bot · 2026-01-05T16:42:45Z

This is an automated update of undici to 7.18.2.

nodejs-github-bot · 2026-01-05T16:42:50Z

Review requested:

@nodejs/security-wg

mcollina

lgtm

github-actions · 2026-01-05T16:49:05Z

Fast-track has been requested by @mcollina. Please 👍 to approve.

nodejs-github-bot · 2026-01-05T16:58:59Z

CI: https://ci.nodejs.org/job/node-test-pull-request/70685/

richardlau · 2026-01-05T17:26:39Z

@mcollina The without-ssl failures look relevant.

codecov · 2026-01-05T19:31:12Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.53%. Comparing base (bcdf2e0) to head (fd0e334).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #61283   +/-   ##
=======================================
  Coverage   88.53%   88.53%           
=======================================
  Files         704      704           
  Lines      208759   208759           
  Branches    40281    40278    -3     
=======================================
  Hits       184816   184816           
  Misses      15947    15947           
  Partials     7996     7996

see 26 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

mcollina

lgtm

mcollina

lgtm

nodejs-github-bot · 2026-01-06T19:27:10Z

CI: https://ci.nodejs.org/job/node-test-pull-request/70691/ -> https://ci.nodejs.org/job/node-test-pull-request/70692/

nodejs-github-bot · 2026-01-06T21:56:03Z

CI: https://ci.nodejs.org/job/node-test-pull-request/70692/

nodejs-github-bot · 2026-01-07T07:47:43Z

Landed in b946823

PR-URL: #61283 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Aviv Keller <me@aviv.sh> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `25.2.1` → `25.3.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v25.3.0`](https://github.com/nodejs/node/releases/tag/v25.3.0): 2026-01-13, Version 25.3.0 (Current), @RafaelGSS [Compare Source](nodejs/node@v25.2.1...v25.3.0) This is a security release. ##### Notable Changes lib: - (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) [nodejs-private/node-private#750](https://github.com/nodejs-private/node-private/pull/750) permission: - (CVE-2026-21636) add network check on pipe\_wrap connect (RafaelGSS) [nodejs-private/node-private#784](https://github.com/nodejs-private/node-private/pull/784) - (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) [nodejs-private/node-private#760](https://github.com/nodejs-private/node-private/pull/760) - (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) [nodejs-private/node-private#748](https://github.com/nodejs-private/node-private/pull/748) src: - (CVE-2025-59466) rethrow stack overflow exceptions in async\_hooks (Matteo Collina) [nodejs-private/node-private#773](https://github.com/nodejs-private/node-private/pull/773) src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) [nodejs-private/node-private#759](https://github.com/nodejs-private/node-private/pull/759) tls: - (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) [nodejs-private/node-private#790](https://github.com/nodejs-private/node-private/pull/790) ##### Commits - \[[`a6a74b89a7`](nodejs/node@a6a74b89a7)] - **deps**: update c-ares to v1.34.6 (Node.js GitHub Bot) [#60997](nodejs/node#60997) - \[[`5100614e26`](nodejs/node@5100614e26)] - **deps**: update undici to 7.18.2 (Node.js GitHub Bot) [#61283](nodejs/node#61283) - \[[`f0a8916887`](nodejs/node@f0a8916887)] - **(CVE-2025-59465)** **lib**: add TLSSocket default error handler (RafaelGSS) [nodejs-private/node-private#750](https://github.com/nodejs-private/node-private/pull/750) - \[[`b4b887c5f7`](nodejs/node@b4b887c5f7)] - **(CVE-2025-55132)** **lib**: disable futimes when permission model is enabled (RafaelGSS) [nodejs-private/node-private#748](https://github.com/nodejs-private/node-private/pull/748) - \[[`26be208039`](nodejs/node@26be208039)] - **(CVE-2025-55130)** **lib,permission**: require full read and write to symlink APIs (RafaelGSS) [nodejs-private/node-private#760](https://github.com/nodejs-private/node-private/pull/760) - \[[`bdf5873d44`](nodejs/node@bdf5873d44)] - **(CVE-2026-21636)** **permission**: add network check on pipe\_wrap connect (RafaelGSS) [nodejs-private/node-private#784](https://github.com/nodejs-private/node-private/pull/784) - \[[`0578e3e921`](nodejs/node@0578e3e921)] - **(CVE-2025-59466)** **src**: rethrow stack overflow exceptions in async\_hooks (Matteo Collina) [nodejs-private/node-private#773](https://github.com/nodejs-private/node-private/pull/773) - \[[`4d6b55a6d1`](nodejs/node@4d6b55a6d1)] - **(CVE-2025-55131)** **src,lib**: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) [nodejs-private/node-private#759](https://github.com/nodejs-private/node-private/pull/759) - \[[`c357a39e14`](nodejs/node@c357a39e14)] - **(CVE-2026-21637)** **tls**: route callback exceptions through error handlers (Matteo Collina) [nodejs-private/node-private#790](https://github.com/nodejs-private/node-private/pull/790) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

PR-URL: nodejs#61283 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Aviv Keller <me@aviv.sh> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>

nodejs-github-bot added the dependencies Pull requests that update a dependency file. label Jan 5, 2026

nodejs-github-bot added the needs-ci PRs that need a full CI run. label Jan 5, 2026

mcollina approved these changes Jan 5, 2026

View reviewed changes

richardlau approved these changes Jan 5, 2026

View reviewed changes

mcollina added the fast-track PRs that do not need to wait for 48 hours to land. label Jan 5, 2026

mcollina added the request-ci Add this label to start a Jenkins CI on a PR. label Jan 5, 2026

marco-ippolito approved these changes Jan 5, 2026

View reviewed changes

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 5, 2026

avivkeller approved these changes Jan 5, 2026

View reviewed changes

mcollina mentioned this pull request Jan 5, 2026

Test and Fix running without SSL nodejs/undici#4727

Merged

cjihrig approved these changes Jan 6, 2026

View reviewed changes

nodejs-github-bot force-pushed the actions/tools-update-undici branch from e4c24de to 9424b1c Compare January 6, 2026 13:26

nodejs-github-bot changed the title ~~deps: update undici to 7.18.0~~ deps: update undici to 7.18.1 Jan 6, 2026

mcollina approved these changes Jan 6, 2026

View reviewed changes

mcollina added the request-ci Add this label to start a Jenkins CI on a PR. label Jan 6, 2026

RafaelGSS approved these changes Jan 6, 2026

View reviewed changes

deps: update undici to 7.18.2

fd0e334

nodejs-github-bot changed the title ~~deps: update undici to 7.18.1~~ deps: update undici to 7.18.2 Jan 6, 2026

nodejs-github-bot force-pushed the actions/tools-update-undici branch from 9424b1c to fd0e334 Compare January 6, 2026 16:15

mcollina approved these changes Jan 6, 2026

View reviewed changes

aduh95 added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. and removed request-ci Add this label to start a Jenkins CI on a PR. labels Jan 6, 2026

KhafraDev approved these changes Jan 7, 2026

View reviewed changes

marco-ippolito added the commit-queue Add this label to land a pull request using GitHub Actions. label Jan 7, 2026

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jan 7, 2026

nodejs-github-bot merged commit b946823 into main Jan 7, 2026
66 of 67 checks passed

nodejs-github-bot deleted the actions/tools-update-undici branch January 7, 2026 07:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps: update undici to 7.18.2#61283

deps: update undici to 7.18.2#61283
nodejs-github-bot merged 1 commit intomainfrom
actions/tools-update-undici

nodejs-github-bot commented Jan 5, 2026 •

edited

Loading

Uh oh!

nodejs-github-bot commented Jan 5, 2026

Uh oh!

mcollina left a comment

Uh oh!

github-actions bot commented Jan 5, 2026

Uh oh!

nodejs-github-bot commented Jan 5, 2026

Uh oh!

richardlau commented Jan 5, 2026

Uh oh!

codecov bot commented Jan 5, 2026 •

edited

Loading

Uh oh!

mcollina left a comment

Uh oh!

mcollina left a comment

Uh oh!

nodejs-github-bot commented Jan 6, 2026 •

edited by RafaelGSS

Loading

Uh oh!

nodejs-github-bot commented Jan 6, 2026

Uh oh!

Uh oh!

nodejs-github-bot commented Jan 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

Uh oh!

Conversation

nodejs-github-bot commented Jan 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Jan 5, 2026

Uh oh!

mcollina left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Jan 5, 2026

Uh oh!

nodejs-github-bot commented Jan 5, 2026

Uh oh!

richardlau commented Jan 5, 2026

Uh oh!

codecov bot commented Jan 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

mcollina left a comment

Choose a reason for hiding this comment

Uh oh!

mcollina left a comment

Choose a reason for hiding this comment

Uh oh!

nodejs-github-bot commented Jan 6, 2026 • edited by RafaelGSS Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Jan 6, 2026

Uh oh!

Uh oh!

nodejs-github-bot commented Jan 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

nodejs-github-bot commented Jan 5, 2026 •

edited

Loading

codecov bot commented Jan 5, 2026 •

edited

Loading

nodejs-github-bot commented Jan 6, 2026 •

edited by RafaelGSS

Loading