From 94ecf6ab2faf87704b0e9ee5b0ed5f438bce059a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 18 Jan 2026 03:56:55 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-UNDICI-14943963
---
 package-lock.json | 28 +++++++++++++++++++---------
 package.json      |  2 +-
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 84bd5a1..9accb1c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -22,7 +22,7 @@
         "bignumber.js": "^9.1.2",
         "env-schema": "^5.1.0",
         "evt": "^1.11.2",
-        "fastify": "^4.29.1",
+        "fastify": "4.29.1",
         "fastify-metrics": "^9.2.4",
         "json5": "^2.2.3",
         "node-pg-migrate": "^6.2.2",
@@ -31,7 +31,7 @@
         "postgres": "^3.3.1",
         "sharp": "^0.33.3",
         "stacks-encoding-native-js": "^1.0.0",
-        "undici": "^5.29.0"
+        "undici": "^6.23.0"
       },
       "devDependencies": {
         "@babel/core": "^7.23.6",
@@ -2528,6 +2528,7 @@
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
       "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
+      "license": "MIT",
       "engines": {
         "node": ">=14"
       }
@@ -2726,6 +2727,18 @@
         "undici": "^5.21.2"
       }
     },
+    "node_modules/@hirosystems/chainhook-client/node_modules/undici": {
+      "version": "5.29.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
+      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
+      "license": "MIT",
+      "dependencies": {
+        "@fastify/busboy": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=14.0"
+      }
+    },
     "node_modules/@humanwhocodes/config-array": {
       "version": "0.11.7",
       "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.7.tgz",
@@ -17921,15 +17934,12 @@
       }
     },
     "node_modules/undici": {
-      "version": "5.29.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
-      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
+      "version": "6.23.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
+      "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
       "license": "MIT",
-      "dependencies": {
-        "@fastify/busboy": "^2.0.0"
-      },
       "engines": {
-        "node": ">=14.0"
+        "node": ">=18.17"
       }
     },
     "node_modules/undici-types": {
diff --git a/package.json b/package.json
index 230f618..703d705 100644
--- a/package.json
+++ b/package.json
@@ -76,6 +76,6 @@
     "postgres": "^3.3.1",
     "sharp": "^0.33.3",
     "stacks-encoding-native-js": "^1.0.0",
-    "undici": "^5.29.0"
+    "undici": "^6.23.0"
   }
 }