chore(deps): bump undici from 7.10.0 to 7.18.2 in /packages/core by dependabot[bot] · Pull Request #13

chore(deps): bump undici from 7.10.0 to 7.18.2 in /packages/core by dependabot[bot] · Pull Request #13 · inovaebiz/gemini-cli

Bumps undici from 7.10.0 to 7.18.2.

Release notes

Sourced from undici's releases.

v7.18.2

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by @mcollina in nodejs/undici#4729

Full Changelog: nodejs/undici@v7.18.1...v7.18.2

v7.18.1

What's Changed

Test and Fix running without SSL by @mcollina in nodejs/undici#4727

docs: add security warning for strictContentLength option by @mcollina in nodejs/undici#4726

build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by @dependabot[bot] in nodejs/undici#4718

build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in nodejs/undici#4719

Full Changelog: nodejs/undici@v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: nodejs/undici@v7.17.0...v7.18.0

v7.17.0

What's Changed

chore: extract infra and encoding methods by @Uzlopak in nodejs/undici#4523

ci: remove h2 by @Uzlopak in nodejs/undici#4534

ci: make nodejs-shared wf reusable, install binaryen for wasm-opt, test on node-nightly by @Uzlopak in nodejs/undici#4535

ci: fix nightly shared library case by @Uzlopak in nodejs/undici#4543

test: consume bodies of fetch responses to fix failing macos 20 ci by @Uzlopak in nodejs/undici#4528

docs: add Cache Interceptor example to README by @tawseefnabi in nodejs/undici#4393

test: remove node20 version check by @Uzlopak in nodejs/undici#4544

types: use MessagePort instance type in MessageEvent by @Renegade334 in nodejs/undici#4546

ci: set write permissions on job level by @Uzlopak in nodejs/undici#4537

lint: activate n/no-process-exit by @Uzlopak in nodejs/undici#4548

ci: run benchmarks on pull_requests and by pushing on specific branches only by @Uzlopak in nodejs/undici#4536

chore: activate n/prefer-node-protocol to enforce 'node:' prefix for requiring node built-ins by @Uzlopak in nodejs/undici#4547

feat(H2): correct CONNECT behaviour by @metcoder95 in nodejs/undici#4541

test: fix plans by @Uzlopak in nodejs/undici#4550

feat: add runtime feature "detection" by @Uzlopak in nodejs/undici#4545

perf: use less promises in extractBody by @Uzlopak in nodejs/undici#4458

fix(proxy-agent): add missing return after callback-call by @Uzlopak in nodejs/undici#4553

fix: remove redundant line in retry-handler by @Uzlopak in nodejs/undici#4554

ci: add no-wasm-simd option by @Uzlopak in nodejs/undici#4533

fix: use lazyloaders for runtime feature detection by @Uzlopak in nodejs/undici#4557

fix: minor changes in dispatcher-base.js and types for Dispatcher by @Uzlopak in nodejs/undici#4556

... (truncated)

Commits

7e5cb2d Bumped v7.18.2 (#4730)
b04e3cb fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...
2bcb77b Bumped v7.18.1 (#4728)
58a12b7 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#4719)
5fa2930 build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (#4718)
fbbe283 docs: add security warning for strictContentLength option (#4726)
ce12d9e fix: do not crash if Node.js is compiled without SSL (#4727)
ebe3e33 Bumped v7.18.0 (#4725)
4e9b88b fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
d560767 Bumped v7.17.0 (#4724)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.