toolkit icon indicating copy to clipboard operation
toolkit copied to clipboard
verified publisher icon actions

fix(deps): upgrade undici dependency to v6.23.0

Open roggervalf opened this issue 1 month ago • 1 comments

There is a vulnerability detected in undici v5, recommendation is to migrate at least to v6.23.0 https://osv.dev/vulnerability/GHSA-g9mf-h72j-4rw9

roggervalf avatar Jan 15 '26 06:01 roggervalf

I do not have permissions to add reviewers, pls @bdehamer @Link- @TingluoHuang if you can help me with your review when you get some time

roggervalf avatar Jan 16 '26 04:01 roggervalf

this vulnerability is blocking me, is there a way to get this PR merged?

Sreini avatar Jan 23 '26 07:01 Sreini

@roggervalf

Apparently policy according to https://github.com/actions/toolkit/blob/main/README.md#note is

... right now we are not taking contributions.

so it sounds like there is not much chance for this PR and the issue would need to resolved by GitHub staff.

MikeMcC399 avatar Jan 27 '26 13:01 MikeMcC399

065cf9f0b18707736d885e1e5d39f33a8a5e6a6f has updated @actions/http-client to use undici@^6.23.0 and it was released in @actions/[email protected] just now.

MikeMcC399 avatar Jan 27 '26 15:01 MikeMcC399

great! Closing this pr as not longer needed. Thank you

roggervalf avatar Jan 28 '26 00:01 roggervalf