Skip to content

chore(deps): bump undici and jsonld in /packages/core#663

Merged
egekorkan merged 1 commit into
masterfrom
dependabot/npm_and_yarn/packages/core/multi-1c47976f97
Jan 19, 2026
Merged

chore(deps): bump undici and jsonld in /packages/core#663
egekorkan merged 1 commit into
masterfrom
dependabot/npm_and_yarn/packages/core/multi-1c47976f97

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 15, 2026

Copy link
Copy Markdown
Contributor

Bumps undici to 6.23.0 and updates ancestor dependency jsonld. These dependencies need to be updated together.

Updates undici from 5.29.0 to 6.23.0

Release notes

Sourced from undici's releases.

v6.23.0

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

Full Changelog: nodejs/undici@v6.22.0...v6.23.0

v6.22.0

What's Changed

Full Changelog: nodejs/undici@v6.21.3...v6.22.0

v6.21.3

What's Changed

Full Changelog: nodejs/undici@v6.21.2...v6.21.3

v6.21.2

What's Changed

New Contributors

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

... (truncated)

Commits
  • fbc31e2 Bumped v6.23.0
  • 3477c94 chore: release flow using provenance
  • d3aafea fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
  • f9c9185 Bumped v6.22.0
  • f670f2a feat: make UndiciErrors reliable to instanceof (#4472) (#4480)
  • 422e397 feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#41...
  • 4a06ffe feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (#4180)...
  • 4cb3974 fix: fix EnvHttpProxyAgent for the Node.js bundle (#4064) (#4432)
  • 44c23e5 fix: fix wrong stream canceled up after cloning (v6) (#4414)
  • da0e823 Bumped v6.21.4
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates jsonld from 8.3.2 to 9.0.0

Changelog

Sourced from jsonld's changelog.

9.0.0 - 2025-11-20

Added

  • Add minimal support for React Native.
    • Add react-native section to package.json.
    • Add instructions to README.md.

Changed

  • BREAKING: Drop support for Node.js < 18.
  • BREAKING: Upgrade dependencies.
    • @digitalbazaar/http-client@4.
    • canonicalize@2.
    • rdf-canonize@5: See the [rdf-canonize][] 4.x and 5.x changelog for important changes and upgrade notes. Of note:
      • The URDNA2015 default algorithm has been changed to RDFC-1.0 from [rdf-canon][].
      • Complexity control defaults maxWorkFactor or maxDeepIterations may need to be adjusted to process graphs with certain blank node constructs.
      • A signal option is available to use an AbortSignal to limit resource usage.
      • The internal digest algorithm can be changed.
      • Support for [rdf-canonize-native][] was removed.
  • BREAKING: Only the JavaScript implementation of [rdf-canon][] from [rdf-canonize][] is supported. The API here can be updated to allow implementation switching if support for native or other [rdf-canon][] implementations is needed.
  • Update development dependencies.
  • Update karma testing.
    • Remove older fixes in favor of more default behavior.
  • Update bundle build.
    • Use newer corejs version.
    • Build with modern browserslist defaults and no IE support.
    • Support for older browsers requires a custom build.
  • Refactor test framework.
    • Test runtime loads test files from a web server.
    • Allows testing of manifests on remote web servers.
    • Trading off some performance to align node and browser testing.
    • Moves some test setup code into config data and manifest.

Fixed

Removed

  • BREAKING: Remove application/nquads alias for application/n-quads.

8.3.3 - 2024-12-21

Added

  • Added URL to context resolution error message.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [undici](https://github.com/nodejs/undici) to 6.23.0 and updates ancestor dependency [jsonld](https://github.com/digitalbazaar/jsonld.js). These dependencies need to be updated together.


Updates `undici` from 5.29.0 to 6.23.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.29.0...v6.23.0)

Updates `jsonld` from 8.3.2 to 9.0.0
- [Changelog](https://github.com/digitalbazaar/jsonld.js/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/jsonld.js@v8.3.2...v9.0.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.23.0
  dependency-type: indirect
- dependency-name: jsonld
  dependency-version: 9.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 15, 2026
@netlify

netlify Bot commented Jan 15, 2026

Copy link
Copy Markdown

Deploy Preview for thingweb-playground ready!

Name Link
🔨 Latest commit 523cc38
🔍 Latest deploy log https://app.netlify.com/projects/thingweb-playground/deploys/69683935c2f93e0008080a44
😎 Deploy Preview https://deploy-preview-663--thingweb-playground.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse
1 paths audited
Performance: 23 (🔴 down 4 from production)
Accessibility: 79 (no change from production)
Best Practices: 100 (no change from production)
SEO: 80 (no change from production)
PWA: 70 (no change from production)
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@egekorkan egekorkan merged commit 6721e9a into master Jan 19, 2026
14 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/packages/core/multi-1c47976f97 branch January 19, 2026 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant