Skip to content

[agent] chore(deps): bump undici from 7.25.0 to 7.28.0#795

Draft
github-actions[bot] wants to merge 1 commit into
mainfrom
fix/undici-7.28.0-9e7b5673c6999b82
Draft

[agent] chore(deps): bump undici from 7.25.0 to 7.28.0#795
github-actions[bot] wants to merge 1 commit into
mainfrom
fix/undici-7.28.0-9e7b5673c6999b82

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the transitive dependency undici (pulled in by cheerio ^1.2.0 in packages/mongodb-cloud-info) from 7.25.0 to 7.28.0.

cheerio already declares undici ^7.19.0, so 7.28.0 satisfies that constraint — only package-lock.json needed updating.

Addressed Dependabot alerts

Alert GHSA CVE
#287 GHSA-g8m3-5g58-fq7m CVE-2026-11525
#286 GHSA-p88m-4jfj-68fv CVE-2026-9679
#285 GHSA-vxpw-j846-p89q CVE-2026-12151
#284 GHSA-hm92-r4w5-c3mj CVE-2026-6734
#283 GHSA-35p6-xmwp-9g52 CVE-2026-6733

Generated by Dependabot remediation agent · ● 355.7K ·

@github-actions
chore(deps): bump undici from 7.25.0 to 7.28.0
a253c73 
Updates transitive dependency undici (via cheerio) from 7.25.0 to 7.28.0
to address multiple CVEs:
- GHSA-g8m3-5g58-fq7m / CVE-2026-11525
- GHSA-p88m-4jfj-68fv / CVE-2026-9679
- GHSA-vxpw-j846-p89q / CVE-2026-12151
- GHSA-hm92-r4w5-c3mj / CVE-2026-6734
- GHSA-35p6-xmwp-9g52 / CVE-2026-6733

Fixes Dependabot alerts #283, #284, #285, #286, #287.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants