chore(deps): update dependency undici to v6.6.1 [security] (#410)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org)
([source](https://github.com/nodejs/undici)) | [`6.4.0` ->
`6.6.1`](https://renovatebot.com/diffs/npm/undici/6.4.0/6.6.1) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/undici/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/6.4.0/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/6.4.0/6.6.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-24750](https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw)

### Impact

Calling `fetch(url)` and not consuming the incoming body ((or consuming
it very slowing) will lead to a memory leak.

### Patches

Patched in v6.6.1

### Workarounds

Make sure to always consume the incoming body.

####
[CVE-2024-24758](https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3)

### Impact

Undici already cleared Authorization headers on cross-origin redirects,
but did not clear `Proxy-Authorization` headers.

### Patches

This is patched in v5.28.3 and v6.6.1

### Workarounds

There are no known workarounds.

### References

- https://fetch.spec.whatwg.org/#authentication-entries
-
GHSA-wqq4-5wpv-mx2g

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v6.6.1`](https://github.com/nodejs/undici/releases/tag/v6.6.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v6.6.0...v6.6.1)

#### ⚠️ Security Release ⚠️

Details on the vulnerabilities fixed will be shared in the next couple
of days.

#### What's Changed

- fix: flaky debug test by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2687](https://github.com/nodejs/undici/pull/2687)
- build(deps): bump github/codeql-action from 3.22.12 to 3.23.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2688](https://github.com/nodejs/undici/pull/2688)
- build(deps): bump actions/dependency-review-action from 3.1.0 to 4.0.0
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2689](https://github.com/nodejs/undici/pull/2689)
- fix: ci pipeline warnings by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2685](https://github.com/nodejs/undici/pull/2685)
- perf: optimize Iterator by [@&#8203;tsctx](https://github.com/tsctx)
in
[https://github.com/nodejs/undici/pull/2692](https://github.com/nodejs/undici/pull/2692)

**Full Changelog**:
nodejs/undici@v6.6.0...v6.6.1

### [`v6.6.0`](https://github.com/nodejs/undici/releases/tag/v6.6.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v6.5.0...v6.6.0)

#### What's Changed

- add webSocket example by
[@&#8203;mertcanaltin](https://github.com/mertcanaltin) in
[https://github.com/nodejs/undici/pull/2626](https://github.com/nodejs/undici/pull/2626)
- chore: remove atomic-sleep as dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2648](https://github.com/nodejs/undici/pull/2648)
- chore: remove semver as dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2646](https://github.com/nodejs/undici/pull/2646)
- chore: remove table as dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2649](https://github.com/nodejs/undici/pull/2649)
- chore: remove delay as dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2647](https://github.com/nodejs/undici/pull/2647)
- chore: reduce noise in test-logs test/issue-2349.js by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2655](https://github.com/nodejs/undici/pull/2655)
- chore: fix faketimer warning in test/request-timeout.js by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2656](https://github.com/nodejs/undici/pull/2656)
- chore: reduce noise in test logs test/client-node-max-header-size.js
by [@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2654](https://github.com/nodejs/undici/pull/2654)
- refactor: use fromInnerResponse by
[@&#8203;tsctx](https://github.com/tsctx) in
[https://github.com/nodejs/undici/pull/2635](https://github.com/nodejs/undici/pull/2635)
- fix: support deflate raw responses by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2650](https://github.com/nodejs/undici/pull/2650)
- Support building for externally shared js builtins by
[@&#8203;mochaaP](https://github.com/mochaaP) in
[https://github.com/nodejs/undici/pull/2643](https://github.com/nodejs/undici/pull/2643)
- fix: typo clampAndCoarsenConnectionTimingInfo by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2653](https://github.com/nodejs/undici/pull/2653)
- chore: use 'node:'-prefix for requiring node core modules by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2662](https://github.com/nodejs/undici/pull/2662)
- build(deps-dev): bump husky from 8.0.3 to 9.0.7 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2667](https://github.com/nodejs/undici/pull/2667)
- build(deps-dev): bump cronometro from 1.2.0 to 2.0.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2668](https://github.com/nodejs/undici/pull/2668)
- remove timers/promises import by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2665](https://github.com/nodejs/undici/pull/2665)
- chore: fix various codesmells by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2669](https://github.com/nodejs/undici/pull/2669)
- chore: remove this alias in agent.js by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2671](https://github.com/nodejs/undici/pull/2671)
- chore: use optional chaining by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2666](https://github.com/nodejs/undici/pull/2666)
- chore: small perf improvements by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2661](https://github.com/nodejs/undici/pull/2661)
- implement spec changes from a while ago by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2676](https://github.com/nodejs/undici/pull/2676)
- websocket: fix close when no closing code is received by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2680](https://github.com/nodejs/undici/pull/2680)
- fix: make ci less flaky by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2684](https://github.com/nodejs/undici/pull/2684)

#### New Contributors

- [@&#8203;mochaaP](https://github.com/mochaaP) made their first
contribution in
[https://github.com/nodejs/undici/pull/2643](https://github.com/nodejs/undici/pull/2643)

**Full Changelog**:
nodejs/undici@v6.5.0...v6.6.0

### [`v6.5.0`](https://github.com/nodejs/undici/releases/tag/v6.5.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v6.4.0...v6.5.0)

#### What's Changed

- build(deps-dev): bump jsdom from 23.2.0 to 24.0.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2632](https://github.com/nodejs/undici/pull/2632)
- feat: Implement EventSource by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/nodejs/undici/pull/2608](https://github.com/nodejs/undici/pull/2608)
- fix: readable body by [@&#8203;ronag](https://github.com/ronag) in
[https://github.com/nodejs/undici/pull/2642](https://github.com/nodejs/undici/pull/2642)

**Full Changelog**:
nodejs/undici@v6.4.0...v6.5.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/octokit/rest.js).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>