Conversation
- @actions/http-client: ^5.28.5 → ^7.16.0 - @actions/github: ^5.28.5 → ^7.16.0 - @actions/attest: ^6.20.0 → ^7.16.0 Note: undici v7 requires Node.js 20+
There was a problem hiding this comment.
Pull request overview
This PR upgrades the undici dependency from version 5.x and 6.x to ^7.16.0 across three packages in the toolkit repository. The undici v7 upgrade is a breaking change that requires Node.js 20.18.1 or higher, aligning with the repository's documented Node.js 20+ support requirement.
Key Changes:
- Bumps undici from ^5.28.5 to ^7.16.0 in http-client and github packages
- Bumps undici from ^6.20.0 to ^7.16.0 in attest package
- Removes @fastify/busboy dependency which is no longer required by undici v7
Reviewed changes
Copilot reviewed 3 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/http-client/package.json | Updates undici dependency to ^7.16.0 |
| packages/http-client/package-lock.json | Updates undici lockfile entry to 7.16.0 and removes @fastify/busboy dependency |
| packages/github/package.json | Updates undici dependency to ^7.16.0 |
| packages/github/package-lock.json | Updates undici lockfile entry to 7.16.0, adds nested undici 5.29.0 for @actions/http-client compatibility |
| packages/attest/package.json | Updates undici dev dependency to ^7.16.0 |
| packages/attest/package-lock.json | Updates undici lockfile entry to 7.16.0 with Node.js >=20.18.1 engine requirement |
Files not reviewed (3)
- packages/attest/package-lock.json: Language not supported
- packages/github/package-lock.json: Language not supported
- packages/http-client/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "dependencies": { | ||
| "tunnel": "^0.0.6", | ||
| "undici": "^5.28.5" | ||
| "undici": "^7.16.0" |
There was a problem hiding this comment.
The package should specify an "engines" field to enforce the Node.js version requirement. According to the package-lock.json, undici 7.16.0 requires Node.js >=20.18.1. Without this engines field, users could install this package on unsupported Node.js versions, leading to runtime failures. Consider adding an engines field like: "engines": {"node": ">=20.18.1"}
| "@octokit/request": "^8.4.1", | ||
| "@octokit/request-error": "^5.1.1", | ||
| "undici": "^5.28.5" | ||
| "undici": "^7.16.0" |
There was a problem hiding this comment.
The package should specify an "engines" field to enforce the Node.js version requirement. According to the package-lock.json, undici 7.16.0 requires Node.js >=20.18.1. Without this engines field, users could install this package on unsupported Node.js versions, leading to runtime failures. Consider adding an engines field like: "engines": {"node": ">=20.18.1"}
| "@types/jsonwebtoken": "^9.0.6", | ||
| "nock": "^13.5.1", | ||
| "undici": "^6.20.0" | ||
| "undici": "^7.16.0" |
There was a problem hiding this comment.
The package should specify an "engines" field to enforce the Node.js version requirement. According to the package-lock.json, undici 7.16.0 requires Node.js >=20.18.1. Without this engines field, users could install this package on unsupported Node.js versions, leading to runtime failures. Consider adding an engines field like: "engines": {"node": ">=20.18.1"}
1 participant
Note: undici v7 requires Node.js 20+