Skip to content

Bump undici and js-yaml#3999

Merged
mbg merged 1 commit into
mainfrom
mbg/bump-undici
Jul 8, 2026
Merged

Bump undici and js-yaml#3999
mbg merged 1 commit into
mainfrom
mbg/bump-undici

Conversation

@mbg

@mbg mbg commented Jul 8, 2026

Copy link
Copy Markdown
Member

Updates package-lock.json with more recent versions of these two dependencies where they are used as transitive dependencies.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

  • Advanced setup - Impacts users who have custom CodeQL workflows.
  • Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.
  • Other first-party - The changes impact other first-party analyses.
  • Third-party analyses - The changes affect the upload-sarif action.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.
  • GHES - Impacts CodeQL workflows on GitHub Enterprise Server.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg requested a review from a team as a code owner July 8, 2026 14:46
Copilot AI review requested due to automatic review settings July 8, 2026 14:46

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@github-actions github-actions Bot added the size/XS Should be very easy to review label Jul 8, 2026
@mbg mbg force-pushed the mbg/bump-undici branch from 006df3c to 76d37c5 Compare July 8, 2026 14:47
@mbg mbg added this pull request to the merge queue Jul 8, 2026
Merged via the queue into main with commit 4581e39 Jul 8, 2026
225 checks passed
@mbg mbg deleted the mbg/bump-undici branch July 8, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/XS Should be very easy to review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants