Skip to content

fix(@actions/github): add undici to dependencies #1685

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mehulkar
Copy link

@mehulkar mehulkar commented Mar 11, 2024

Fixes #1684

@mehulkar mehulkar requested a review from a team as a code owner March 11, 2024 03:08
@matthieu-crouzet
Copy link

matthieu-crouzet commented Aug 8, 2024

For the one using yarn berry you can fix this issue in your .yarnrc.yml by adding

packageExtensions:
  "@actions/github@^6.0.0":
    dependencies:
      "undici": "^5.25.4"

But sure if this PR is merged it's better

@benmccann
Copy link

There are several complaints about the size of undici in other issues and PRs in this repo. Perhaps using node-native-fetch rather than undici would be a bit smaller and allow for greater tree-shakability?

@mislav
Copy link

mislav commented Mar 4, 2025

Seems already fixed in b95b593

@fxalgrain
Copy link

Seems already fixed in b95b593

I agree.

By the way, version >= 4.5.0, < 5.28.5 are affected by https://cwe.mitre.org/data/definitions/330.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

undici not in dependencies
5 participants