Skip to content

Version 13.0.0's undici dependency has a CVE out #3337

Description

@zsharpBDO

The released version of node-gyp v13.0.0 uses undici ^6.25.0, which is affected by CVE-2026-11525. PR #3330 brings it to ^8.4.1 (resolves to 8.5.0), which includes a fix for the CVE. Please make a new release with the updated undici version to ensure this package isn't causing dependency issues.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions