fix: upgrade undici to >=7.28.0#303
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughThree minor dependency version bumps in ChangesDependency Updates
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pnpm-workspace.yaml`:
- Around line 25-29: In the minimumReleaseAgeExclude list in
pnpm-workspace.yaml, correct the package versions to match the actual locked
versions in pnpm-lock.yaml. Change the js-yaml entry from version 4.1.2 to
4.2.0, and change the `@babel/core` entry from version 7.29.1 to 7.29.7. The
versions for `@opentelemetry/core`@2.8.0 and undici@7.28.0 are already correct and
do not need modification.
- Around line 24-29: Update the incorrect package versions in the
minimumReleaseAgeExclude list in pnpm-workspace.yaml. Change js-yaml@4.1.2 to
js-yaml@4.2.0 and `@babel/core`@7.29.1 to `@babel/core`@7.29.7, as the current
versions are typos that do not exist on npm and will cause install failures.
These versions should match the actual versions present in the lock file.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: cf76c43d-fdf6-4d55-953f-d398c6edd3c5
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (2)
package.jsonpnpm-workspace.yaml
|
LINKEDREGISTRATIONS-UI branch is deployed to platta: https://linkedregistrations-pr303-ui.dev.hel.ninja 🚀🚀🚀 |
e2e tests result is success for https://linkedregistrations-pr303-ui.dev.hel.ninja 😆🎉🎉🎉 |
Refs: LINK-2583
83012c1 to
42988dc
Compare
|
LINKEDREGISTRATIONS-UI branch is deployed to platta: https://linkedregistrations-pr303-ui.dev.hel.ninja 🚀🚀🚀 |
e2e tests result is success for https://linkedregistrations-pr303-ui.dev.hel.ninja 😆🎉🎉🎉 |
|



Description ✨
Upgrade undici to non-vulnerable version.
Resolves:
https://github.com/City-of-Helsinki/linkedregistrations-ui/security/dependabot/145
https://github.com/City-of-Helsinki/linkedregistrations-ui/security/dependabot/143
https://github.com/City-of-Helsinki/linkedregistrations-ui/security/dependabot/144
https://github.com/City-of-Helsinki/linkedregistrations-ui/security/dependabot/148
https://github.com/City-of-Helsinki/linkedregistrations-ui/security/dependabot/149
https://github.com/City-of-Helsinki/linkedregistrations-ui/security/dependabot/146
Issues 🐛
Closes 🙅♀️
LINK-2583
Related 🤝
Testing ⚗️
Automated tests ⚙️️
Manual testing 👷♂️
Screenshots 📸
Additional notes 🗒️
Summary by CodeRabbit