Skip to content

fix(deps): bump undici#829

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-7f7c85af6b
Closed

fix(deps): bump undici#829
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-7f7c85af6b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 14, 2026

Copy link
Copy Markdown
Contributor

Bumps and undici. These dependencies needed to be updated together.
Updates undici from 7.21.0 to 7.24.2

Release notes

Sourced from undici's releases.

v7.24.2

What's Changed

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

... (truncated)

Commits

Updates undici from 6.23.0 to 6.24.1

Release notes

Sourced from undici's releases.

v7.24.2

What's Changed

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps  and [undici](https://github.com/nodejs/undici). These dependencies needed to be updated together.

Updates `undici` from 7.21.0 to 7.24.2
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.21.0...v7.24.2)

Updates `undici` from 6.23.0 to 6.24.1
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.21.0...v7.24.2)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.2
  dependency-type: indirect
- dependency-name: undici
  dependency-version: 6.24.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 14, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 14, 2026
@dependabot dependabot Bot mentioned this pull request Mar 14, 2026
@netlify

netlify Bot commented Mar 14, 2026

Copy link
Copy Markdown

Deploy Preview for phillips-seldon ready!

Name Link
🔨 Latest commit 201fca3
🔍 Latest deploy log https://app.netlify.com/projects/phillips-seldon/deploys/69b5485556fa7d00082e8845
😎 Deploy Preview https://deploy-preview-829--phillips-seldon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions

Copy link
Copy Markdown

@scottdickerson

Copy link
Copy Markdown
Contributor

Dependency Upgrade Risk Assessment

Risk Level: low

What This Library Does & How We Use It

undici is Node.js's built-in HTTP/1.1 client. In seldon it is a transitive dependency (not a direct dep) used by test/build tooling.

What Changed

7.21.0 → 7.24.2 (patch/minor within major 7)

Risk Rationale

  • Breaking changes: no — bug fix releases only
  • Usage breadth: not in published bundle
  • Criticality: transitive dep — no direct usage in seldon source

Regression Tests Checklist

Before merging, confirm:

  • bun run build completes without errors and produces expected dist output
  • bun test passes

Assessment performed automatically. Review and adjust if you have additional context.

@scottdickerson

Copy link
Copy Markdown
Contributor

Dependency Upgrade Risk Assessment

Risk Level: low

What This Library Does & How We Use It

undici is Node.js's built-in HTTP client. In seldon it is a transitive dependency used by build/test tooling — not a direct dep in package.json.

What Changed

7.21.0 → 7.24.2 (patch/minor within major 7)

Risk Rationale

  • Breaking changes: no — bug fix releases only
  • Usage breadth: not in the published bundle
  • Criticality: transitive dep — no direct usage in seldon source code

Regression Tests Checklist

Before merging, confirm:

  • bun run build completes without errors and produces expected dist output
  • bun test passes

Assessment performed automatically. Review and adjust if you have additional context.

@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #887.

@dependabot dependabot Bot closed this Jun 25, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-7f7c85af6b branch June 25, 2026 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file dependency-upgrade-risk:low javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant