Skip to content

fix: upgrade [undici] to ^7.24.0(direct)/^6.24.0(indirect) version to address OSS Vulnerabilities#21248

Draft
uroslates wants to merge 10 commits intodevelopfrom
features/CXSPA-12360
Draft

fix: upgrade [undici] to ^7.24.0(direct)/^6.24.0(indirect) version to address OSS Vulnerabilities#21248
uroslates wants to merge 10 commits intodevelopfrom
features/CXSPA-12360

Conversation

@uroslates
Copy link
Copy Markdown
Contributor

@uroslates uroslates commented Mar 16, 2026

Closes: https://jira.tools.sap/browse/CXSPA-12360

Upgraded undici (resolving 6 CVEs: CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2581) to:

  1. package.json - from 7.22.0 to "^7.24.0"
  2. .github/** actions standalone projects (not part of npm wrokspaces) use Github Actions SDK which seem to depend on @actions/http-client@2.2.3 (which still depends on old undici v5.x):
    2.1. .github/api-extractor-action/package.json - from 5.29.0 to "^6.24.0"
    2.2 .github/cache-builded-libs/package.json - from 5.29.0 to "^6.24.0"

@uroslates uroslates requested a review from a team as a code owner March 16, 2026 13:51
@github-actions github-actions Bot marked this pull request as draft March 16, 2026 13:51
@uroslates uroslates marked this pull request as ready for review March 16, 2026 14:52
@cypress
Copy link
Copy Markdown

cypress Bot commented Mar 16, 2026

spartacus    Run #52292

Run Properties:  status check passed Passed #52292  •  git commit b2d40a6ee6 ℹ️: Merge 1e38251fce0117755e642ba5f956e3b5c3d150ad into bbbe62bd1aa5b942dd1f9896ff44...
Project spartacus
Branch Review features/CXSPA-12360
Run status status check passed Passed #52292
Run duration 03m 53s
Commit git commit b2d40a6ee6 ℹ️: Merge 1e38251fce0117755e642ba5f956e3b5c3d150ad into bbbe62bd1aa5b942dd1f9896ff44...
Committer Uros Lates
View all properties for this run ↗︎

Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 6
Tests that did not run due to a developer annotating a test with .skip  Pending 0
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 101
View all changes introduced in this branch ↗︎

@github-actions github-actions Bot marked this pull request as draft March 16, 2026 17:26
@uroslates uroslates force-pushed the features/CXSPA-12360 branch from ea18d76 to 6c9752c Compare March 16, 2026 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants