build(deps): bump undici and openclaw

[dependabot]

Removes undici. It's no longer used after updating ancestor dependency openclaw. These dependencies need to be updated together.

Removes undici

Updates openclaw from 2026.6.1 to 2026.6.10

Release notes

Sourced from openclaw's releases.

openclaw 2026.6.10

Automatic fast mode starts short conversations quickly, then returns longer or fallback work to normal mode without losing visible state. Provider routing, channel progress, session identity, and trusted tool policies are more reliable, with smaller improvements spanning provider setup, diagnostics, and transcript tooling.

Highlights

Automatic fast mode

• Adds /fast auto so short conversational calls can start quickly, while longer or fallback work returns to normal mode with the effective state still visible. [PR #85104](openclaw/openclaw#85104), [Issue #85087](openclaw/openclaw#85087). Thanks @​alexph-dev and @​vincentkoc.
• Shows the effective automatic fast-mode state in status instead of reducing it to on/off, and avoids carrying a cleared Codex service-tier choice into later runs. 8845f2f. Thanks @​vincentkoc.
• Keeps automatic fast-mode timing consistent when a turn switches to a fallback model. 075091d. Thanks @​vincentkoc.
• Keeps the original fast-mode timing and progress behavior when a live model switch retries a turn. d1e190f. Thanks @​vincentkoc.
• Keeps automatic fast-mode progress and reset behavior distinct from explicit fast mode after a run switches modes. 20aec98. Thanks @​vincentkoc.
• Shows the effective fast-mode value in connected-agent sessions instead of the configured value, so status reflects what the session is actually using. 9509aa0. Thanks @​vincentkoc.
• Keeps the effective automatic fast-mode setting visible through fallback transitions in connected-agent sessions. 7f5423c. Thanks @​vincentkoc.
• Keeps automatic fast-mode timing and progress consistent when reply and scheduled-agent runs retry or switch models. 6c29f88. Thanks @​vincentkoc.
• Keeps fast-mode cleanup and status consistent when a run switches between fallback models. c4694f8. Thanks @​vincentkoc.
• Shows the automatic fast-mode reset only when fallback work is finished, so status messages match the end of the transition. f4d93c8. Thanks @​vincentkoc.
• Shows reset and delivery progress at the right time when auto-reply or other follow-up runs retry or leave automatic fast mode. 684e440. Thanks @​vincentkoc.

Channels and Messaging

Channel delivery and progress updates

• Prevents the next turn after a scheduled message from losing what was delivered or whether delivery failed, so replies can use that context without exposing cron details in the channel. [PR #93580](openclaw/openclaw#93580). Thanks @​jalehman and @​scotthuang.
• Prevents streamed channel progress from dropping a repeated status that represents a separate step, so each meaningful step remains visible in the draft. 2d42e52. Thanks @​vincentkoc.
• Prevents keyed streamed progress from staying on an older status, so viewers see the latest state instead of stale text. 8bb6472. Thanks @​vincentkoc.

Providers and Models

Provider model catalogs and reasoning controls

• Treats Zhipu/GLM overload responses as overloads, so a configured fallback is selected for the right reason instead of following the wrong failover path. [PR #93241](openclaw/openclaw#93241), [Issue #93211](openclaw/openclaw#93211). Thanks @​0xghost42 and @​zhengli0922.
• Prevents Telegram, Slack, and Discord /think menus for live Ollama models from hiding supported levels, so users can choose valid reasoning settings without guessing. [PR #94067](openclaw/openclaw#94067), [Issue #93835](openclaw/openclaw#93835). Thanks @​civiltox and @​openperf.
• Expands zai/glm-5.2 thinking choices beyond binary on/off and sends high or max requests as the intended Z.AI reasoning effort. [PR #94136](openclaw/openclaw#94136). Thanks @​borclaw.
• Prevents bundled Z.ai GLM-5 models from falling through to OpenAI and producing misleading API-key errors, so they use Z.AI by default. [PR #94461](openclaw/openclaw#94461), [Issue #94269](openclaw/openclaw#94269). Thanks @​chrysb and @​pandah97.
• Adds GLM-5.2 and Kimi K2.7 Code to the OpenCode Go catalog with current limits, so users can select the models from OpenClaw. 66f84a9. Thanks @​samson1357924.
• Corrects kimi-k2.7-code capability listings so OpenCode Go users are not offered unsupported video prompts when the model accepts text and images. 715dc71.

Provider plugin onboarding

• Prevents first-run setup from skipping the selected provider's credential prompt after plugin installation, so onboarding continues with that provider instead of falling back to OpenAI. [PR #95792](openclaw/openclaw#95792), [Issue #95765](openclaw/openclaw#95765). Thanks @​snowzlmbot.

Memory, Sessions, and State

Session transcript SDK helpers

• Adds a durable session-transcript SDK contract so plugins can read, append, publish, and lock the intended transcript without treating legacy file paths as identity. [PR #95030](openclaw/openclaw#95030). Thanks @​jalehman.

Cross-channel session identity

... (truncated)

Commits

• aa69b12 docs(changelog): refresh 2026.6.10 notes
• 3521a01 chore(release): prepare 2026.6.10 stable
• 5ed8323 test(e2e): refresh docker setup fixture
• e42b914 fix(ci): keep release branch CI shard bundles compatible
• 51459a4 docs(changelog): include provider onboarding fix
• 8b5527b fix(onboard): refresh provider plugin registry after setup installs (#95792)
• 87b40c7 test(release): align beta2 validation expectations
• b8108e4 test(telegram): add progress preview helper
• dec86fe chore(release): refresh beta2 validation baselines
• a2e5553 test(agents): cover fallback probe attempt position
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[josephismikhail]

openclaw 2026.6.10 + undici security bump. Merged main's TS2742 build-fix into the branch; CI green (Build & test + CI Passed), build+tests verified locally.