chore(deps): bump the npm_and_yarn group across 3 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
nanoid	3.3.7	3.3.8
next	15.0.1	15.1.2
undici	6.19.4	6.21.1
ws	8.16.0	8.17.1
vitest	1.6.0	1.6.1
hono	4.5.8	4.6.5

Bumps the npm_and_yarn group with 5 updates in the /apps/dokploy directory:

Package	From	To
next	15.0.1	15.1.2
undici	6.19.4	6.21.1
ws	8.16.0	8.17.1
vitest	1.6.0	1.6.1
rollup	4.19.1	4.34.6

Bumps the npm_and_yarn group with 1 update in the /packages/server directory: ws.

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Updates next from 15.0.1 to 15.1.2

Release notes

Sourced from next's releases.

v15.1.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Update React from 7283a213-20241206 to 65e06cb7-20241218: vercel/next.js#74117

Credits

Huge thanks to @​ztanner for helping!

v15.1.1

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix(turbo): sassOptions silenceDeprecations was not overwritten with user options: vercel/next.js#73937
• refactor collectAppPageSegments: vercel/next.js#73908

Credits

Huge thanks to @​devjiwonchoi and @​ztanner for helping!

v15.1.1-canary.27

Core Changes

• Update font data: #74572
• Upgrade React from 3b009b4c-20250102 to 3ce77d55-20250106: #74557
• [metadata] Change the array head to single node in flight data: #74299
• [DevOverlay] Add Toolbar: #74555
• restore deleted comment in next-app-loader: #74597
• Turbopack dev: Remove client to server websocket ping event: #74584

Example Changes

• chore(examples): update React in reproduction templates to stable 19: #74499

Misc Changes

• chore(github): update issue_stale token to release bot token: #74575
• chore(ci): Ensure all 6 shards are used equally in deploy tests: #74574
• fix: force module format for virtual client-proxy file: #74162
• [Turbopack] fix shadow-rs build caching: #74579

Credits

Huge thanks to @​samcx, @​nnnnoel, @​lubieowoce, @​huozhi, @​sokra, @​devjiwonchoi, and @​timneutkens for helping!

v15.1.1-canary.26

Core Changes

... (truncated)

Commits

• df392a1 v15.1.2
• 40c9424 Backport (v15): Update React from 7283a213-20241206 to 65e06cb7-20241218 (#74...
• 4384c68 v15.1.1
• d137863 run build_and_test workflow on backport branch
• d27bb14 backport: fix(turbo): sassOptions silenceDeprecations was not overwritten wit...
• 0c8187a Add NEXT_PRIVATE_SKIP_CANARY_CHECK env for bench job (#73763)
• e83ab18 backport: refactor collectAppPageSegments (#73996)
• ada25fc Designate as backport branch
• dafcd43 v15.1.0
• 2deb35d v15.0.4-canary.52
• Additional commits viewable in compare view

Updates undici from 6.19.4 to 6.21.1

Release notes

Sourced from undici's releases.

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

• fix(#3736): back-port 183f8e9 to v6.x by @​ggoodman in nodejs/undici#3855
• fix(#3817): send servername for SNI on TLS (#3821) [backport] by @​metcoder95 in nodejs/undici#3864
• fix: sending formdata bodies with http2 (#3863) [backport] by @​metcoder95 in nodejs/undici#3866
• [Backport v6.x] fix: Fixed the issue that there is no running request when http2 goaway by @​github-actions in nodejs/undici#3877
• types: [backport] Update return type of RetryCallback (#3851) by @​metcoder95 in nodejs/undici#3876

Full Changelog: nodejs/undici@v6.21.0...v6.21.1

v6.21.0

What's Changed

• [Backport v6.x] web: mark as uncloneable when possible (#3709) by @​jazelly in nodejs/undici#3744
• [Backport v6.x] fetch: fix content-encoding order by @​github-actions in nodejs/undici#3764
• [Backport v6.x] fix: handle undefined deref() of WeakRef(socket) by @​github-actions in nodejs/undici#3822
• [Backport v6.x] fix: range end is zero-indexed by @​github-actions in nodejs/undici#3827

Full Changelog: nodejs/undici@v6.20.1...v6.21.0

v6.20.1

What's Changed

• [Backport v6.x] jsdoc: add jsdoc to lib/web/fetch/constants.js by @​github-actions in nodejs/undici#3710
• [Backport v6.x] feat: implement BodyReadable.bytes by @​github-actions in nodejs/undici#3711
• fix: add more expectsPayload methods by @​ronag in nodejs/undici#3715
• [Backport v6.x] chore(H2): onboard H2 into Undici queueing system (#3707) by @​Uzlopak in nodejs/undici#3724
• [Backport v6.x] fix: PoolBase kClose and kDestroy should await and not return the Promise by @​github-actions in nodejs/undici#3723
• [Backport v6.x] fix: extract noop everywhere by @​Uzlopak in nodejs/undici#3727

Full Changelog: nodejs/undici@v6.20.0...v6.20.1

v6.20.0

What's Changed

• Remove patched dom types (v6.x branch) by @​eXhumer in nodejs/undici#3531
• docs(Backport v6.x): Fix signature of RetryHandler by @​github-actions in nodejs/undici#3594
• deps(dev): update @​types/node by @​metcoder95 in nodejs/undici#3618
• fix: throw on retry when payload is consume by downstream by @​github-actions in nodejs/undici#3596
• feat(Backport v6.x): move throwOnError to interceptor by @​github-actions in nodejs/undici#3595
• [Backport v6.x] fix: reduce memory usage in client-h1 by @​github-actions in nodejs/undici#3672
• [Backport v6.x] fix: refactor fast timers, fix UND_ERR_CONNECT_TIMEOUT on event loop blocking by @​github-actions in nodejs/undici#3673
• [Backport v6.x] fix: run asserts first if possible by @​github-actions in nodejs/undici#3674
• [Backport v6.x] fix: use fasttimers for all connection timeouts by @​github-actions in nodejs/undici#3675
• [Backport v6.x] ci: less flaky test/request-timeout.js test by @​github-actions in nodejs/undici#3678
• [Backport v6.x] test: less flaky timers acceptance test, rework fast timer tests to pass them faster by @​github-actions in nodejs/undici#3679

... (truncated)

Commits

• e260e7b Bumped v6.21.1
• c3acc60 Merge commit from fork
• 2414bc9 Update return type of RetryCallback (#3851) (#3876)
• be8cd0a [Backport v6.x] fix: Fixed the issue that there is no running request when ht...
• ee6176c fix: sending formdata bodies with http2 (#3863) [backport] (#3866)
• a0220f1 fix(#3817): send servername for SNI on TLS (#3821) [backport] (#3864)
• 353ab63 fix(#3736): back-port 183f8e9 to v6.x (#3855)
• 61ec353 Bumped v6.21.0
• 11e31a4 fix: range end is zero-indexed (#3826) (#3827)
• 98d1b1b fix: handle undefined deref() of WeakRef(socket) (#3751) (#3822)
• Additional commits viewable in compare view

Updates ws from 8.16.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates vitest from 1.6.0 to 1.6.1

Release notes

Sourced from vitest's releases.

v1.6.1

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v1 - by @​hi-ogawa in vitest-dev/vitest#7319

    View changes on GitHub

Commits

• 017e1ee chore: release v1.6.1
• 7ce9fbb fix: backport #7317 to v1 (#7319)
• See full diff in compare view

Updates hono from 4.5.8 to 4.6.5

Release notes

Sourced from hono's releases.

v4.6.5

Security fix for CSRF Protection Middleware

This release includes a security fix for CSRF Protection Middleware. If you are using CSRF Protection Middleware, please upgrade this hono package immediately.

Before this release, a request without a Content-Type header can bypass the protection. This fix does not allow it. See: GHSA-2234-fmw7-43wr

What's Changed

• perf(types): replace intersection with union to get better perf by @​m-shaka in honojs/hono#3443
• ci: use Deno v2 by @​yusukebe in honojs/hono#3506
• ci: use Deno v2 for a test running for deno by @​nakasyou in honojs/hono#3509
• fix(types): rm ExcludeEmptyObject to fix massively increased type instantiations by @​m-shaka in honojs/hono#3507
• fix(cors): avoid setting Access-Control-Allow-Origin if there is no matching origin by @​uki00a in honojs/hono#3510
• feat(powered-by): optional server name by @​PatrickJS in honojs/hono#3492
• fix(factory): revert PR #3498 by @​yusukebe in honojs/hono#3515
• fix(build): remove private fields by @​nakasyou in honojs/hono#3514

New Contributors

• @​uki00a made their first contribution in honojs/hono#3510
• @​PatrickJS made their first contribution in honojs/hono#3492

Full Changelog: honojs/hono@v4.6.4...v4.6.5

v4.6.4

What's Changed

• chore: upgrade dependencies by @​yusukebe in honojs/hono#3446
• chore: remove crypto-js from dev dependencies by @​yusukebe in honojs/hono#3447
• chore(test): suppress no-unused-vars "'x' is assigned a value but only used as type" by @​exoego in honojs/hono#3451
• chore(test): include bun coverage by @​exoego in honojs/hono#3457
• test(deno): remove duplicated app.get by @​exoego in honojs/hono#3469
• fix(types): add key to IntrinsicAttributes by @​codehz in honojs/hono#3474
• fix(factory): relax Bindings and Variables for createMiddleware by @​yusukebe in honojs/hono#3498
• fix(service-worker): bind fetch to globalThis by @​sapphi-red in honojs/hono#3500
• refactor(jsx): add override to toStringToBuffer in classes extending JSXNode by @​yusukebe in honojs/hono#3505

New Contributors

• @​sapphi-red made their first contribution in honojs/hono#3500

Full Changelog: honojs/hono@v4.6.3...v4.6.4

v4.6.3

This release has many new features, but each feature is small, so we've released it as a patch release.

What's Changed

• chore: rename runtime_tests to runtime-tests by @​yusukebe in honojs/hono#3419
• ci: Type check perf by @​m-shaka in honojs/hono#3406
• refactor(jsx/streaming): Clarified the type of renderToReadableStream. by @​usualoma in honojs/hono#3434
• perf(types): use homomorphic mapped type to reduce conditional branches by @​m-shaka in honojs/hono#3440
• ci: prettify type check result and rm a comment by @​m-shaka in honojs/hono#3442
• fix(types): useSyncExternalStore type by @​codehz in honojs/hono#3437

... (truncated)

Commits

• 89a0ac1 v4.6.5
• c4d19ec chore: update the lockfile
• 6cf01e5 fix(build): remove private fields (#3514)
• aa50e0a Merge commit from fork
• f9e6ea7 fix(factory): revert PR #3498 (#3515)
• fc9cc6d feat(powered-by): optional server name (#3492)
• cebf4e8 fix(cors): avoid setting Access-Control-Allow-Origin if there is no matchin...
• 3311664 fix(types): rm ExcludeEmptyObject to fix massively increased type instantiati...
• bd9effe ci: use Deno v2 for a test running for deno (#3509)
• 9986b47 ci: use Deno v2 (#3506)
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates rollup from 4.19.1 to 4.34.6

Release notes

Sourced from rollup's releases.

v4.34.6

4.34.6

2025-02-07

Bug Fixes

• Retain "void 0" in the output for smaller output and fewer surprises (#5838)

Pull Requests

• #5835: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5838: replace undefined with void 0 for operator void (@​TrickyPi)

v4.34.5

4.34.5

2025-02-07

Bug Fixes

• Ensure namespace reexports always include all properties of all exports (#5837)

Pull Requests

• #5836: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5837: Include all paths of reexports if namespace is used (@​lukastaegert)

v4.34.4

4.34.4

2025-02-05

Bug Fixes

• Do not tree-shake properties if a rest element is used in destructuring (#5833)

Pull Requests

• #5833: include all properties if a rest element is destructed (@​TrickyPi)

v4.34.3

4.34.3

2025-02-05

Bug Fixes

• Ensure properties of "this" are included in getters (#5831)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.34.6

2025-02-07

Bug Fixes

• Retain "void 0" in the output for smaller output and fewer surprises (#5838)

Pull Requests

• #5835: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5838: replace undefined with void 0 for operator void (@​TrickyPi)

4.34.5

2025-02-07

Bug Fixes

• Ensure namespace reexports always include all properties of all exports (#5837)

Pull Requests

• #5836: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5837: Include all paths of reexports if namespace is used (@​lukastaegert)

4.34.4

2025-02-05

Bug Fixes

• Do not tree-shake properties if a rest element is used in destructuring (#5833)

Pull Requests

• #5833: include all properties if a rest element is destructed (@​TrickyPi)

4.34.3

2025-02-05

Bug Fixes

• Ensure properties of "this" are included in getters (#5831)

Pull Requests

• #5831: include the properties that accessed by this (@​TrickyPi)

... (truncated)

Commits

• 4b87459 4.34.6
• fe89821 replace undefined with void 0 for operator void (#5838)
• 18cc314 fix(deps): update swc monorepo (major) (#5835)
• 3426b02 4.34.5
• f3aa1f0 Include all paths of reexports if namespace is used (#5837)
• 9fc10c1 fix(deps): lock file maintenance minor/patch updates (#5836)
• 19312a7 4.34.4
• cf54603 include all properties if a rest element is destructed (#5833)
• ac8b06a 4.34.3
• 7d553db include the properties that accessed by this (#5831)
• Additional commits viewable in compare view

Updates vite from 5.3.5 to 5.4.14

Release notes

Sourced from vite's releases.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.3

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.2

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

5.4.14 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

5.4.13 (2025-01-20)

• fix: try parse server.origin URL (#19241) (5946215), closes #19241

5.4.12 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
• fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
• fix: verify token for HMR WebSocket connection (b71a5c8)
• chore: add deps update changelog (ecd2375)

5.4.11 (2024-11-11)

• fix(deps): update dependencies of postcss-modules (ceb15db), closes #18617

5.4.10 (2024-10-23)

• fix: backport #18367,augment hash for CSS files to prevent chromium erroring by loading previous fil (7d1a3bc), closes #18367 #18412

5.4.9 (2024-10-14)

• fix: bump launch-editor-middleware to v2.9.1 (#18348) (508d9ab), closes #18348
• fix(css): fix lightningcss dep url resolution with custom root (#18125) (eae00b5), closes #18125
• fix(data-uri): only match ids starting with data: (#18241) (96084d6), closes #18241
• fix(deps): bump tsconfck (#18322) (dc5434c), closes #18322
• fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252) (851b258), closes #18252
• fix(ssr): (backport #18150) fix source map remapping with multiple sources (#18204) (262a879), closes #18204
• chore: update all url references of vitejs.dev to vite.dev (#18276) (c23558a), closes #18276
• chore: update license copyright (#18278) (1864eb1), closes #18278
• docs: update homepage (#18274) (ae44163), closes #18274

5.4.8 (2024-09-25)

... (truncated)

Commits

• e7eb3c5 release: v5.4.14
• 7d1699c fix: allow CORS from loopback addresses by default (#19249)
• 9df6e6b fix: preview.allowedHosts with specific values was not respected (#19246)
• a1824c5 release: v5.4.13
• 5946215 fix: try parse server.origin URL (#19241)
• f428aa9 release: v5.4.12
• 9da4abc fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• b71a5c8 fix: verify token for HMR WebSocket connection
• dfea38f fix!: default server.cors: false to disallow fetching from untrusted origins
• ecd2375 chore: add deps update changelog
• Additional commits viewable in compare view

Updates next from 15.0.1 to 15.1.2

Release notes

Sourced from next's releases.

v15.1.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Update React from 7283a213-20241206 to 65e06cb7-20241218: vercel/next.js#74117

Credits

Huge thanks to @​ztanner for helping!

v15.1.1

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix(turbo): sassOptions silenceDeprecations was not overwritten with user options: vercel/next.js#73937
• refactor collectAppPageSegments: vercel/next.js#73908

Credits

Huge thanks to @​devjiwonchoi and @​ztanner for helping!

v15.1.1-canary.27

Core Changes

• Update font data: #74572
• Upgrade React from 3b009b4c-20250102 to 3ce77d55-20250106: #74557
• [metadata] Change the array head to single node in flight data: #74299
• [DevOverlay] Add Toolbar: #74555
• restore deleted comment in next-app-loader: #74597
• Turbopack dev: Remove client to server websocket ping event: #74584

Example Changes

• chore(examples): update React in reproduction templates to stable 19: #74499

Misc Changes

• chore(github): update issue_stale token to release bot token: #74575
• chore(ci): Ensure all 6 shards are used equally in deploy tests: #74574
• fix: force module format for virtual client-proxy file: #74162
• [Turbopack] fix shadow-rs build caching: #74579

Credits

Huge thanks to @​samcx, @​nnnnoel, @​lubieowoce, @​huozhi, @​sokra, @​devjiwonchoi, and @​timneutkens for helping!

v15.1.1-canary.26

Core Changes

... (truncated)

Commits

• df392a1 v15.1.2
• 40c9424 Backport (v15): Update React from 7283a213-20241206 to 65e06cb7-20241218 (#74...
• 4384c68 v15.1.1
• d137863 run build_and_test workflow on backport branch
• d27bb14 backport: fix(turbo): sassOptions silenceDeprecations was not overwritten wit...
• 0c8187a Add NEXT_PRIVATE_SKIP_CANARY_CHECK env for bench job (#73763)
• e83ab18 backport: refactor collectAppPageSegments (#73996)
• ada25fc Designate as backport branch
• dafcd43 v15.1.0
• 2deb35d v15.0.4-canary.52
• Additional commits viewable in compare view

Updates undici from 6.19.4 to 6.21.1

Release notes

Sourced from undici's releases.

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

• fix(#3736): back-port 183f8e9 to v6.x by @​ggoodman in nodejs/undici#3855
• fix(#3817): send servername for SNI on TLS (#3821) [backport] by @​metcoder95 in nodejs/undici#3864
• fix: sending formdata bodies with http2 (#3863) [backport] by @​metcoder95 in nodejs/undici#3866
• [Backport v6.x] fix: Fixed the issue that there is no running request when http2 goaway by @​github-actions in nodejs/undici#3877
• types: [backport] Update return type of RetryCallback (#3851) by @​metcoder95 in nodejs/undici#3876

Full Changelog: nodejs/undici@v6.21.0...v6.21.1

v6.21.0

What's Changed

• [Backport v6.x] web: mark as uncloneable when possible (#3709) by @​jazelly in nodejs/undici#3744
• [Backport v6.x] fetch: fix content-encoding order by @​github-actions in nodejs/undici#3764
• [Backport v6.x] fix: handle undefined deref() of WeakRef(socket) by @​github-actions in nodejs/undici#3822
• [Backport v6.x] fix: range end is zero-indexed by @​github-actions in nodejs/undici#3827

Full Changelog: nodejs/undici@v6.20.1...v6.21.0

v6.20.1

What's Changed

• [Backport v6.x] jsdoc: add jsdoc to lib/web/fetch/constants.js by @​github-actions in nodejs/undici#3710
• [Backport v6.x] feat: implement BodyReadable.bytes by @​github-actions in Description has been truncated