From aa00b7baecb8652555ee5a8a17f58726571a73e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Feb 2026 23:22:45 +0000 Subject: [PATCH] Bump undici and @actions/http-client Bumps [undici](https://github.com/nodejs/undici) to 6.23.0 and updates ancestor dependencies [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies need to be updated together. Updates `undici` from 5.29.0 to 6.23.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v5.29.0...v6.23.0) Updates `@actions/http-client` from 3.0.0 to 3.0.2 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client) Updates `@actions/http-client` from 2.2.3 to 4.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client) --- updated-dependencies: - dependency-name: undici dependency-version: 6.23.0 dependency-type: indirect - dependency-name: "@actions/http-client" dependency-version: 3.0.2 dependency-type: indirect - dependency-name: "@actions/http-client" dependency-version: 4.0.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package-lock.json | 56 +++++++++++++++++++++++++++++++++++++++-------- package.json | 2 +- 2 files changed, 48 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index b4962a5..f8f471d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "@actions/core": "^1.11.1", "@actions/exec": "^1.1.1", "@actions/glob": "^0.5.0", - "@actions/http-client": "^2.2.1", + "@actions/http-client": "^4.0.0", "@actions/io": "^1.0.2", "@actions/tool-cache": "^2.0.2", "semver": "^7.7.3" @@ -77,13 +77,13 @@ } }, "node_modules/@actions/cache/node_modules/@actions/http-client": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.0.tgz", - "integrity": "sha512-1s3tXAfVMSz9a4ZEBkXXRQD4QhY3+GAsWSbaYpeknPOKEeyRiU3lH+bHiLMZdo2x/fIeQ/hscL1wCkDLVM2DZQ==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.2.tgz", + "integrity": "sha512-JP38FYYpyqvUsz+Igqlc/JG6YO9PaKuvqjM3iGvaLqFnJ7TFmcLyy2IDrY0bI0qCQug8E9K+elv5ZNfw62ZJzA==", "license": "MIT", "dependencies": { "tunnel": "^0.0.6", - "undici": "^5.28.5" + "undici": "^6.23.0" } }, "node_modules/@actions/cache/node_modules/@actions/io": { @@ -101,6 +101,15 @@ "semver": "bin/semver.js" } }, + "node_modules/@actions/cache/node_modules/undici": { + "version": "6.23.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz", + "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==", + "license": "MIT", + "engines": { + "node": ">=18.17" + } + }, "node_modules/@actions/core": { "version": "1.11.1", "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz", @@ -111,6 +120,16 @@ "@actions/http-client": "^2.0.1" } }, + "node_modules/@actions/core/node_modules/@actions/http-client": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz", + "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==", + "license": "MIT", + "dependencies": { + "tunnel": "^0.0.6", + "undici": "^5.25.4" + } + }, "node_modules/@actions/exec": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz", @@ -131,13 +150,22 @@ } }, "node_modules/@actions/http-client": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz", - "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz", + "integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==", "license": "MIT", "dependencies": { "tunnel": "^0.0.6", - "undici": "^5.25.4" + "undici": "^6.23.0" + } + }, + "node_modules/@actions/http-client/node_modules/undici": { + "version": "6.23.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz", + "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==", + "license": "MIT", + "engines": { + "node": ">=18.17" } }, "node_modules/@actions/io": { @@ -159,6 +187,16 @@ "semver": "^6.1.0" } }, + "node_modules/@actions/tool-cache/node_modules/@actions/http-client": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz", + "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==", + "license": "MIT", + "dependencies": { + "tunnel": "^0.0.6", + "undici": "^5.25.4" + } + }, "node_modules/@actions/tool-cache/node_modules/semver": { "version": "6.3.1", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", diff --git a/package.json b/package.json index fe64a1e..f029238 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "@actions/core": "^1.11.1", "@actions/exec": "^1.1.1", "@actions/glob": "^0.5.0", - "@actions/http-client": "^2.2.1", + "@actions/http-client": "^4.0.0", "@actions/io": "^1.0.2", "@actions/tool-cache": "^2.0.2", "semver": "^7.7.3"