From 40a3ad70d0cfb31391616a1f3d5262e98fba85ba Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 28 Jan 2026 13:00:57 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNDICI-14943963 --- package-lock.json | 69 ++++++++++++++++++++++++++++++++++++++--------- package.json | 2 +- 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5eb20e1..a75af2c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "ISC", "dependencies": { "@actions/core": "^1.10.0", - "@actions/github": "^6.0.0", + "@actions/github": "^7.0.0", "@vercel/ncc": "^0.36.1", "conventional-commits-parser": "^3.2.4" }, @@ -29,15 +29,37 @@ } }, "node_modules/@actions/github": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/@actions/github/-/github-6.0.0.tgz", - "integrity": "sha512-alScpSVnYmjNEXboZjarjukQEzgCRmjMv6Xj47fsdnqGS73bjJNDpiiXmp8jr0UZLdUB6d9jW63IcmddUP+l0g==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/@actions/github/-/github-7.0.0.tgz", + "integrity": "sha512-PyGODO938aoBTZd/IfN/+e+Pd5hUcVpyf+thm4CPESLeqhdSkq5QwMTGX9v84XHE1ifmHWBQ60KB8kIgm96opw==", "license": "MIT", "dependencies": { - "@actions/http-client": "^2.2.0", + "@actions/http-client": "^3.0.1", "@octokit/core": "^5.0.1", - "@octokit/plugin-paginate-rest": "^9.0.0", - "@octokit/plugin-rest-endpoint-methods": "^10.0.0" + "@octokit/plugin-paginate-rest": "^9.2.2", + "@octokit/plugin-rest-endpoint-methods": "^10.4.0", + "@octokit/request": "^8.4.1", + "@octokit/request-error": "^5.1.1", + "undici": "^5.28.5" + } + }, + "node_modules/@actions/github/node_modules/@actions/http-client": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.2.tgz", + "integrity": "sha512-JP38FYYpyqvUsz+Igqlc/JG6YO9PaKuvqjM3iGvaLqFnJ7TFmcLyy2IDrY0bI0qCQug8E9K+elv5ZNfw62ZJzA==", + "license": "MIT", + "dependencies": { + "tunnel": "^0.0.6", + "undici": "^6.23.0" + } + }, + "node_modules/@actions/github/node_modules/@actions/http-client/node_modules/undici": { + "version": "6.23.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz", + "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==", + "license": "MIT", + "engines": { + "node": ">=18.17" } }, "node_modules/@actions/http-client": { @@ -6302,14 +6324,35 @@ } }, "@actions/github": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/@actions/github/-/github-6.0.0.tgz", - "integrity": "sha512-alScpSVnYmjNEXboZjarjukQEzgCRmjMv6Xj47fsdnqGS73bjJNDpiiXmp8jr0UZLdUB6d9jW63IcmddUP+l0g==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/@actions/github/-/github-7.0.0.tgz", + "integrity": "sha512-PyGODO938aoBTZd/IfN/+e+Pd5hUcVpyf+thm4CPESLeqhdSkq5QwMTGX9v84XHE1ifmHWBQ60KB8kIgm96opw==", "requires": { - "@actions/http-client": "^2.2.0", + "@actions/http-client": "^3.0.1", "@octokit/core": "^5.0.1", - "@octokit/plugin-paginate-rest": "^9.0.0", - "@octokit/plugin-rest-endpoint-methods": "^10.0.0" + "@octokit/plugin-paginate-rest": "^9.2.2", + "@octokit/plugin-rest-endpoint-methods": "^10.4.0", + "@octokit/request": "^8.4.1", + "@octokit/request-error": "^5.1.1", + "undici": "^5.28.5" + }, + "dependencies": { + "@actions/http-client": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.2.tgz", + "integrity": "sha512-JP38FYYpyqvUsz+Igqlc/JG6YO9PaKuvqjM3iGvaLqFnJ7TFmcLyy2IDrY0bI0qCQug8E9K+elv5ZNfw62ZJzA==", + "requires": { + "tunnel": "^0.0.6", + "undici": "^6.23.0" + }, + "dependencies": { + "undici": { + "version": "6.23.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz", + "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==" + } + } + } } }, "@actions/http-client": { diff --git a/package.json b/package.json index b2a5b25..0c3d84c 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,7 @@ "homepage": "https://github.com/ytanikin/PRConventionalCommits.git", "dependencies": { "@actions/core": "^1.10.0", - "@actions/github": "^6.0.0", + "@actions/github": "^7.0.0", "conventional-commits-parser": "^3.2.4", "@vercel/ncc": "^0.36.1" },