Skip to content

chore(website deps): bump undici from 7.16.0 to 7.18.2 in /website#24498

Merged
thomasqueirozb merged 1 commit intomasterfrom
dependabot/npm_and_yarn/website/undici-7.18.2
Jan 15, 2026
Merged

chore(website deps): bump undici from 7.16.0 to 7.18.2 in /website#24498
thomasqueirozb merged 1 commit intomasterfrom
dependabot/npm_and_yarn/website/undici-7.18.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 14, 2026

Bumps undici from 7.16.0 to 7.18.2.

Release notes

Sourced from undici's releases.

v7.18.2

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

Full Changelog: nodejs/undici@v7.18.1...v7.18.2

v7.18.1

What's Changed

Full Changelog: nodejs/undici@v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: nodejs/undici@v7.17.0...v7.18.0

v7.17.0

What's Changed

... (truncated)

Commits
  • 7e5cb2d Bumped v7.18.2 (#4730)
  • b04e3cb fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...
  • 2bcb77b Bumped v7.18.1 (#4728)
  • 58a12b7 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#4719)
  • 5fa2930 build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (#4718)
  • fbbe283 docs: add security warning for strictContentLength option (#4726)
  • ce12d9e fix: do not crash if Node.js is compiled without SSL (#4727)
  • ebe3e33 Bumped v7.18.0 (#4725)
  • 4e9b88b fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
  • d560767 Bumped v7.17.0 (#4724)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(website deps): bump undici from 7.16.0 to 7.18.2 in /website
ef64263 
Bumps [undici](https://github.com/nodejs/undici) from 7.16.0 to 7.18.2.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.16.0...v7.18.2)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.18.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Jan 14, 2026
@dependabot dependabot bot requested review from a team as code owners January 14, 2026 21:21
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Jan 14, 2026
@thomasqueirozb thomasqueirozb added this pull request to the merge queue Jan 15, 2026
Merged via the queue into master with commit 6fa2b12 Jan 15, 2026
76 checks passed
@thomasqueirozb thomasqueirozb deleted the dependabot/npm_and_yarn/website/undici-7.18.2 branch January 15, 2026 15:07
@github-actions github-actions bot locked and limited conversation to collaborators Jan 15, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@thomasqueirozb thomasqueirozb thomasqueirozb approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomasqueirozb