chore(deps): update dependency undici to v6.24.0 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
undici (source)	6.21.3 → 6.24.0

GitHub Vulnerability Alerts

CVE-2026-1528

Impact

A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.

Patches

Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Workarounds

There are no workarounds.

---

Release Notes

nodejs/undici (undici)

v6.24.0

Compare Source

What's Changed

• fetch: fix content-encoding order by @​tsctx in #​3343
• Add regression test for broken body by @​mcollina in #​3346
• build(deps): bump node from 075a5cc to 9af472b in /build by @​dependabot[bot] in #​3355
• fix: post request signal by @​Gigioliva in #​3354
• Revert "fix: post request signal (#​3354)" by @​ronag in #​3359
• websocket: don't use pooled buffer in mask pool by @​tsctx in #​3357
• fix: consider bytes read when dumping by @​ronag in #​3360
• refactor: simplify signal handling by @​ronag in #​3362
• fix: use explicit flag for when use has interacted with stream by @​ronag in #​3361
• Refactor example documentation structure and add CacheableLookup example by @​DarkGL in #​3363
• refactor: simplify request error handling by @​ronag in #​3364
• fix: ensure onConnect is always called by @​ronag in #​3327
• Refactor responseHeader to responseHeaders by @​DarkGL in #​3375
• fix: don't override user defined MaxListeners by @​fawazahmed0 in #​3372
• fix: forward dispatch return value by @​ronag in #​3368
• build(deps): bump github/codeql-action from 3.25.7 to 3.25.11 by @​dependabot[bot] in #​3382
• build(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by @​dependabot[bot] in #​3384
• build(deps): bump actions/dependency-review-action from 4.3.2 to 4.3.3 by @​dependabot[bot] in #​3383
• build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @​dependabot[bot] in #​3381
• fix: throw on retry when payload is consume by downstream by @​climba03003 in #​3389
• Remove file by @​KhafraDev in #​3367
• build(deps): bump node from 9af472b to 138d0b5 in /build by @​dependabot[bot] in #​3392
• feat!: upgrade llhttp to 9.2.0 (#​2705) by @​metcoder95 in #​3388
• websocket: reduce memory usage by @​tsctx in #​3393
• feat: implement BodyReadable.bytes by @​tsctx in #​3391
• websocket: avoid using Buffer.byteLength by @​tsctx in #​3394
• separate whatwg websocket logic from rfc 6455 by @​KhafraDev in #​3396
• websocket: add fast-path for string input by @​tsctx in #​3395
• Add generic type for opaque object by @​jfhr in #​3385
• build(deps): bump node from 138d0b5 to 67225d4 in /build by @​dependabot[bot] in #​3398
• interceptors: move throwOnError to interceptor by @​mertcanaltin in #​3331
• chore!: drop interceptors by @​metcoder95 in #​3399
• build(deps-dev): bump @​fastify/busboy from 2.1.1 to 3.0.0 by @​dependabot[bot] in #​3404
• fix: don't call onConnect automatically by @​ronag in #​3407
• In CITGM, skip tests that are flaky there by @​mcollina in #​3413
• Update esbuild to 0.19.10 by @​mcollina in #​3415
• Fix signature of RetryHandler by @​JbIPS in #​3416
• docs: fix ToC in CONTRIBUTING.md by @​richardlau in #​3420
• Fix fetch duplex docs by @​Ethan-Arrowood in #​3422
• fix: restore externalized Node.js dep compatibility by @​richardlau in #​3421
• fix: cast falsy servername to null to avoid falsy inequality by @​ronag in #​3426
• Add backport action by @​mcollina in #​3427
• build(deps): bump node from 67225d4 to 858234a in /build by @​dependabot[bot] in #​3411
• build(deps): bump github/codeql-action from 3.25.11 to 3.25.15 by @​dependabot[bot] in #​3432
• build(deps): bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @​dependabot[bot] in #​3431
• build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @​dependabot[bot] in #​3430
• build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @​dependabot[bot] in #​3428
• build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 by @​dependabot[bot] in #​3429
• build(deps): bump superagent from 9.0.2 to 10.0.0 in /benchmarks by @​dependabot[bot] in #​3439
• build(deps): bump node from 17e6738 to 30c5be9 in /build by @​dependabot[bot] in #​3443
• docs: use default link of Web Streams API by @​trivikr in #​3446
• fix: increased memory in finalization first appearing in v6.16.0 by @​snyamathi in #​3445
• test: add test for memory leak by @​snyamathi in #​3450
• build: parametrize the location of wasm-opt by @​khardix in #​3454
• test: streamline test scripts in regard of without-intl and run more tests for without-intl case by @​Uzlopak in #​3453
• feat!: drop throwOnError by @​metcoder95 in #​3451
• types: allow non strict HTTPMethod by @​Uzlopak in #​3457
• build(deps-dev): bump borp from 0.15.0 to 0.17.0 by @​dependabot[bot] in #​3424
• remove core isErrored and isReadable by @​KhafraDev in #​3459
• use bodyUnusable to check if body is unusable by @​KhafraDev in #​3460
• perf: non-recursive implementation of euclidian gcd in balanced pool by @​Uzlopak in #​3461
• fix: do validation first before actual business logic, like super() by @​Uzlopak in #​3463
• use FinalizationRegistry for cloned response body by @​KhafraDev in #​3458
• perf: use isIPv6 for checking if hostname is isIPv6 by @​Uzlopak in #​3466
• fix: stripURLForReferrer jsdoc in fetch logic by @​Uzlopak in #​3471
• fix: remove kInterceptors in ProxyAgent by @​Uzlopak in #​3474
• fix: fix codesmells in retry-handler by @​Uzlopak in #​3475
• add autocompletable header types by @​KhafraDev in #​3462
• fix: add missing kOriginalDispatch Symbol in mock-logic by @​Uzlopak in #​3470
• fix: fix jsdoc in cookies/parse.js by @​Uzlopak in #​3469
• fix: remove unnecessary parameters in USVString calls by @​Uzlopak in #​3467
• fix: add jsdoc in tree.js, avoiding codesmells by @​Uzlopak in #​3476
• perf: set isLowerCase param on all calls of HeadersList.append by @​Uzlopak in #​3468
• fix: instantiation of ResponseError, pass headers and data correctly by @​Uzlopak in #​3472
• ci: add WPT updater by @​Uzlopak in #​3482
• meta: move nightly comment body to issue body by @​avivkeller in #​3484
• chore: improve jsdoc in cookies by @​Uzlopak in #​3478
• chore: improve jsdoc and minor changes in EventSource by @​Uzlopak in #​3480
• types: add Autocomplete utility type by @​Uzlopak in #​3479
• fix: instantiation of SecureProxyConnectionError should pass options to parent class by @​Uzlopak in #​3473
• chore: replace standard and snazzy with neostandard by @​Uzlopak in #​3485
• fix: workflow commit user by @​tsctx in #​3491
• build(deps): bump node from 30c5be9 to a20e858 in /build by @​dependabot[bot] in #​3496
• chore: add --noEmit for typescript tests by @​Uzlopak in #​3498
• perf: only create wasm buffer if requested by @​Uzlopak in #​3499
• fix(types): MockAgent accepts ProxyAgent, EnvHttpProxyAgent and RetryAgent for agent option by @​Uzlopak in #​3497
• stricter Headers brand checks in cookies by @​KhafraDev in #​3500
• Update WPT by @​github-actions[bot] in #​3488
• fix: setEncoding should not throw on body #​1125 by @​Uzlopak in #​3505
• websocket: set websocket readyState on fail by @​KhafraDev in #​3507
• build(deps-dev): bump jsdom from 24.1.3 to 25.0.0 by @​dependabot[bot] in #​3511
• build(deps): bump wait-on from 7.2.0 to 8.0.0 in /benchmarks by @​dependabot[bot] in #​3513
• Update WPT by @​github-actions[bot] in #​3515
• fix: reduce memory usage in client-h1 by @​Uzlopak in #​3510
• fix: refactor fast timers, fix UND_ERR_CONNECT_TIMEOUT on event loop blocking by @​Uzlopak in #​3495
• ci: make autobahn workflow reusable workflow, run the autobahn on nightly tests by @​Uzlopak in #​3503
• remove third party everything support in fetch by @​KhafraDev in #​3502
• remove double validation in webidl by @​KhafraDev in #​3516
• test: improve gc detection by @​Uzlopak in #​3504
• Update WPT by @​github-actions[bot] in #​3519
• populate defaultValues in webidl dict. converter when passing null or undefined by @​KhafraDev in #​3518
• change webidl.util.Type return to an enum value by @​KhafraDev in #​3520
• set default argument values to undefined instead of {} by @​KhafraDev in #​3521
• ci: fix nightly workflow by @​Uzlopak in #​3525
• Update WPT by @​github-actions[bot] in #​3527
• remove unused symbol by @​KhafraDev in #​3530
• fix formdata arg validation by @​KhafraDev in #​3529
• build(deps): bump github/codeql-action from 3.25.15 to 3.26.6 by @​dependabot[bot] in #​3534
• build(deps): bump hendrikmuhs/ccache-action from 1.2.13 to 1.2.14 by @​dependabot[bot] in #​3536
• build(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1 by @​dependabot[bot] in #​3535
• build(deps): bump actions/upload-artifact from 4.3.4 to 4.4.0 by @​dependabot[bot] in #​3537
• Remove patched DOM types by @​eXhumer in #​3533
• chore: minor changes in client-h1, use subarray instead of slice by @​Uzlopak in #​3538
• fix: run asserts first if possible by @​Uzlopak in #​3541
• build(deps): bump node from a20e858 to a17f484 in /build by @​dependabot[bot] in #​3542
• chore: noop per file by @​Uzlopak in #​3544
• build(deps): bump node from a17f484 to ef7b4bb in /build by @​dependabot[bot] in #​3547
• chore: rename buildUrl to serializePathWithQuery + jsdoc by @​Uzlopak in #​3545
• fix: add jsdoc and do minor changes in utils.js by @​Uzlopak in #​3550
• Update WPT by @​github-actions[bot] in #​3556
• Update WPT by @​github-actions[bot] in #​3561
• feat: jsdoc and minor optimizations in client-h1.js by @​Uzlopak in #​3551
• fix: handle websocket closed correctly by @​KhafraDev in #​3565
• fix: extract noop everywhere by @​Uzlopak in #​3559
• chore: add jsdoc for lib/web/websocket/util.js, minor rewrite of utf8Decode by @​Uzlopak in #​3563
• jsdoc: lib/api/readable.js, fix some types by @​Uzlopak in #​3567
• fix: use fasttimers for all connection timeouts by @​Uzlopak in #​3552
• chore: use 'use strict' in cjs files by @​Uzlopak in #​3568
• chore: update typescript testing deps by @​Uzlopak in #​3571
• build(deps)!: bump concurrently from 8.2.2 to 9.0.0 in /benchmarks (node < 18 unsupported) by @​dependabot[bot] in #​3574
• build(deps): bump node from ef7b4bb to 3cb4748 in /build by @​dependabot[bot] in #​3573
• chore: improve jsdoc of lib/core/tree.js by @​Uzlopak in #​3572
• Update WPT by @​github-actions[bot] in #​3576
• jsdoc: improve typing of deepClone by @​Uzlopak in #​3575
• chore: improve jsdoc of lib/core/constants.js by @​Uzlopak in #​3570
• chore: upgrade fixed queue, lint accordingly, add jsdoc by @​Uzlopak in #​3577
• Update WPT by @​github-actions[bot] in #​3581
• ci: less flaky test/request-timeout.js test by @​Uzlopak in #​3580
• chore: remove pluralizer by @​Uzlopak in #​3586
• util: rename validateHandler to assertRequestHandler, minor changes in util.js by @​Uzlopak in #​3583
• mock: remove Error.captureStackTrace in MockNotMatchedError by @​Uzlopak in #​3587
• fix: DRY up lib/core/diagnostics.js by @​Uzlopak in #​3585
• fix: husky deprecation warning by @​eXhumer in #​3593
• Update WPT by @​github-actions[bot] in #​3598
• chore: remove unused pre-commit dependency by @​eXhumer in #​3599
• diagnostics-channel: use not deprecated subscribe fn by @​Uzlopak in #​3600
• Update WPT by @​github-actions[bot] in #​3607
• fetch: make fullyReadBody sync by @​Uzlopak in #​3603
• jsdoc: add jsdoc to lib/web/fetch/constants.js by @​Uzlopak in #​3597
• fetch: pullAlgorithm passes the async resume function through by @​Uzlopak in #​3604
• fix: typo in Client.md by @​SkeLLLa in #​3612
• Update WPT by @​github-actions[bot] in #​3615
• Update WPT by @​github-actions[bot] in #​3622
• fetch: avoid async function in mainFetch to generate response by @​Uzlopak in #​3605
• Update WPT by @​github-actions[bot] in #​3626
• append crlf to formdata body by @​KhafraDev in #​3625
• fix: fire close on failed WebSocket connection by @​eXhumer in #​3566
• fix: fire close on failed WebSocket connection by @​KhafraDev in #​3628
• handle body errors by @​KhafraDev in #​3632
• make cloned request inherit dispatcher by @​KhafraDev in #​3631
• Remove symbols from web specs by @​KhafraDev in #​3633
• cleanup web symbol removal by @​KhafraDev in #​3638
• build(deps): bump mitata from 0.1.14 to 1.0.4 in /benchmarks by @​dependabot[bot] in #​3641
• feat: implement WebSocketStream by @​KhafraDev in #​3560
• export WebSocketStream, add docs and types by @​KhafraDev in #​3645
• build(deps): bump node from 3cb4748 to 83b4d7b in /build by @​dependabot[bot] in #​3621
• feat: add DNS interceptor by @​metcoder95 in #​3490
• prefer fail over close the websocket connection in error cases by @​KhafraDev in #​3651
• fix: various typos by @​NathanBaulch in #​3640
• Update WPT by @​github-actions[bot] in #​3634
• test: increase bitness in test/fixtures/*.pem by @​LiviaMedeiros in #​3659
• mock: fix mocking of Uint8Array and ArrayBuffers as provided mock-responses by @​Uzlopak in #​3662
• test: less flaky timers acceptance test, rework fast timer tests to pass them faster by @​Uzlopak in #​3656
• build(deps): bump github/codeql-action from 3.26.6 to 3.26.10 by @​dependabot[bot] in #​3664
• build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 by @​dependabot[bot] in #​3665
• build(deps): bump fastify/github-action-merge-dependabot from 3.10.1 to 3.10.2 by @​dependabot[bot] in #​3667
• build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by @​dependabot[bot] in #​3668
• ws: move implementation agnostic onFail logic to shared function by @​KhafraDev in #​3663
• build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 by @​dependabot[bot] in #​3666
• Update WPT by @​github-actions[bot] in #​3669
• fix: add option ignoreTrailingSlash to MockAgent and .intercept() by @​Uzlopak in #​3655
• fix: ignore leading and trailing crlfs in formdata body by @​KhafraDev in #​3677
• test: add test to ensure full type when parsing multipart/form-data' by @​Uzlopak in #​3683
• test: use globalThis.Headers and skip if is missing by @​Uzlopak in #​3684
• jsdoc: adds some jsdoc to fetch headers implementation, minor changes by @​Uzlopak in #​3687
• feat: check maxHeadersSize on client instantiation and not on Parser instantion by @​Uzlopak in #​3654
• test: remove test for issue 1670 by @​Uzlopak in #​3690
• replace instanceof in brand checks with isPrototypeOf by @​KhafraDev in #​3692
• test: make fetch test independent from internet connection by @​Uzlopak in #​3691
• build(deps-dev): bump esbuild from 0.19.12 to 0.24.0 by @​dependabot[bot] in #​3698
• fix: restructure determineRequestsReferrer to match better spec by @​Uzlopak in #​3699
• set ws readyState if closed before connection could be established by @​KhafraDev in #​3701
• types: fix return type of WebidlUtil.Type by @​Uzlopak in #​3685
• fetch: refactor referrer policy util functions by @​Uzlopak in #​3706
• fix: PoolBase kClose and kDestroy should await and not return the Promise by @​Uzlopak in #​3716
• fix: data-url set extractValue of collectAnHTTPQuotedString by default to false by @​Uzlopak in #​3717
• faster brand check by @​tsctx in #​3720
• web: mark as uncloneable when possible by @​jazelly in #​3709
• chore(H2): onboard H2 into Undici queueing system by @​metcoder95 in #​3707
• http: extract listeners from client-h1 by @​Uzlopak in #​3725
• http2: extract listenHandlers and one bugfix by @​Uzlopak in #​3722
• feat: http caching by @​flakey5 in #​3562
• build(deps-dev): bump borp from 0.17.0 to 0.18.0 by @​dependabot[bot] in #​3734
• docs: fix broken link in readme by @​pastelsky in #​3591
• chore: add jsdoc to lib/web/websocket/constants.js by @​Uzlopak in #​3564
• chore: remove redundant async in readable.js by @​Uzlopak in #​3643
• fix(types): add missing cache prop to RequestInit by @​rindeal in #​3569
• [http-cache] follow up by @​Uzlopak in #​3733
• fix(#​3736): leaked error event on response body by @​metcoder95 in #​3740
• fix: unsafe methods not causing cache purge by @​flakey5 in #​3739
• build(deps): bump node from 83b4d7b to f1b4315 in /build by @​dependabot[bot] in #​3756
• fix filename* parsing by @​KhafraDev in #​3768
• fix http2 test by @​KhafraDev in #​3769
• add unsafe-url referrerPolicy test by @​KhafraDev in #​3772
• chore(docs): add request() example for conditionally reading the body by @​styfle in #​3743
• fix: dns interceptor ip ttl by @​luddd3 in #​3770
• add node v23 workflow by @​tsctx in #​3780
• fix: dns interceptor affinity by @​luddd3 in #​3778
• fix aborting Streams by @​epistemancering in #​3754
• add tests from cookie package by @​KhafraDev in #​3789
• disable failing test by @​ronag in #​3782
• fix: http2 queueing by @​metcoder95 in #​3761
• test(interceptors): fix dns testing on windows by @​metcoder95 in #​3793
• feat: use resolved ports in dns interceptor by @​luddd3 in #​3786
• fix: cache by @​ronag in #​3804
• fix: assume blocking unless HEAD by @​ronag in #​3771
• chore: use common WASM builder by @​mhdawson in #​3791
• refactor: silence neostandard import rules error by @​jerome-benoit in #​3776
• build(deps): bump actions/dependency-review-action from 4.3.4 to 4.4.0 by @​dependabot[bot] in #​3797
• build(deps): bump github/codeql-action from 3.26.10 to 3.27.0 by @​dependabot[bot] in #​3796
• build(deps): bump fastify/github-action-merge-dependabot from 3.10.2 to 3.11.0 by @​dependabot[bot] in #​3795
• docs: add example using proxy with fetch by @​dancastillo in #​3800
• fix: handle Headers in RedirectHandler by @​iiAku in #​3777
• Skip debuglog tests by @​mcollina in #​3810
• build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @​dependabot[bot] in #​3794
• h2: do not emit data after goaway by @​mcollina in #​3811
• fix redirect interceptor with FormData body by @​KhafraDev in #​3815
• docs: fix broken links in undici webpage by @​dancastillo in #​3807
• fix: handle undici Headers and Maps in redirect-handler by @​iiAku in #​3819
• fix: handle undefined deref() of WeakRef(socket) by @​hochoy in #​3751
• build(deps-dev): bump @​sinonjs/fake-timers from 11.3.1 to 12.0.0 by @​dependabot[bot] in #​3823
• fix: range end is zero-indexed by @​DTrombett in #​3826
• lib: more cache fixes by @​flakey5 in #​3816
• fix: cache fixes by @​ronag in #​3830
• Headers webidl errors by @​KhafraDev in #​3833
• Fix goaway by @​mcollina in #​3835
• refactor: maxEntriesCount by @​ronag in #​3832
• Update WPT by @​github-actions[bot] in #​3693
• docs: fix broken links by using absolute path by @​dancastillo in #​3820
• fix: memory store by @​ronag in #​3834
• Update Dispatch.md to Dispatcher.md by @​bcomnes in #​3839
• lib: add nowAbsolute to fast timers by @​flakey5 in #​3749
• feat: cache etag support by @​flakey5 in #​3758
• feat: support request cache control directives by @​flakey5 in #​3658
• Bench updates prior to release by @​mcollina in #​3845
• fix(#​3817): send servername for SNI on TLS by @​metcoder95 in #​3821
• Revert nowAbsolute, add regression test by @​mcollina in #​3850
• fix: missing error handler by @​ronag in #​3859
• fix: 301 and 302 change method to GET by @​DTrombett in #​3862
• feat: sqlite cache store by @​flakey5 in #​3657
• fix: sending formdata bodies with http2 by @​KhafraDev in #​3863
• Update return type of RetryCallback by @​mqayyuum in #​3851
• fix: cleanup sqlite store by @​ronag in #​3868
• refactor: sqlite versioning by @​ronag in #​3870
• fix: pass down context in onConnect by @​DTrombett in #​3858
• fix: cache fixes by @​ronag in #​3871
• fix: we can redirect disturbed request body if it's not going to be used by @​ronag in #​3873
• perf: only prune if adding new entry by @​ronag in #​3872
• fix: Fixed the issue that there is no running request when http2 goaway by @​ShenHongFei in #​3875
• feat: new hooks by @​ronag in #​3878
• Multiple fixes for SQLiteStore, enable it in CI by @​mcollina in #​3881
• Update WPT by @​github-actions[bot] in #​3838
• cache: fix stale-while-revalidate and stale-if-error by @​flakey5 in #​3865
• refactor: port redirect handler to new hooks by @​ronag in #​3879
• Drop node v18 by @​mcollina in #​3880
• build(deps-dev): bump borp from 0.18.0 to 0.19.0 by @​dependabot[bot] in #​3882
• perf: store data as blobs in sql cache by @​ronag in #​3885
• test: add cache testing suite by @​flakey5 in #​3842
• fix: move statusMessage as optional arg in end by @​ronag in #​3886
• fix: port retry to new hooks by @​ronag in #​3883
• fix: cache rm unused branch by @​ronag in #​3889
• fix: response error interceptor broken by @​luddd3 in #​3805
• Make the responseError interceptor backward compatible, add a body property by @​mcollina in #​3891
• feat: add support for Timeout and Trailers by @​metcoder95 in #​3854
• Correctly parse JSON contentType in responseError interceptor by @​mcollina in #​3892
• Mark http/2 support as stable by @​mcollina in #​3893
• test: fix dns interceptor flakiness by @​luddd3 in #​3902
• fix(#​3901): migrate dns interceptor to new hooks by @​metcoder95 in #​3903
• feat(interceptors): migrate decorator handler to new hooks by @​metcoder95 in #​3905
• feat: Adjust allowed error codes for detecting node:sqlite by @​xconverge in #​3900
• build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @​dependabot[bot] in #​3913
• build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.7 by @​dependabot[bot] in #​3910
• Move Tomas to past collaborators by @​delvedor in #​3909
• docs: add advanced usage examples for ProxyAgent by @​mertcanaltin in #​3906
• fix: publish undici:client:sendHeaders message on H2 by @​fengmk2 in #​3921
• Add support schedule by @​mcollina in #​3923
• cache: do not set undefined etag by @​mcollina in #​3925
• test: cleanup cache tests by @​flakey5 in #​3926
• fix mimetype parser wrong operator by @​tsctx in #​3924
• correctly set if-none-match by @​mcollina in #​3933
• Add example for request + "Garbage Collection" by @​WTCT-TOP in #​3916
• fix: response error interceptor by @​Gigioliva in #​3930
• build(deps-dev): bump neostandard from 0.11.9 to 0.12.0 by @​dependabot[bot] in #​3938
• fix(#​3937): respect correct host header by @​metcoder95 in #​3940
• fix: handle case no content type by @​Gigioliva in #​3931
• support array of headers in WrapHandler by @​KhafraDev in #​3941
• build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 by @​dependabot[bot] in #​3911
• test: Update WPT by @​github-actions[bot] in #​3888
• build(deps-dev): bump @​fastify/busboy from 3.0.0 to 3.1.0 by [@​dependabot](https://re

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.