Skip to content

net - chore: upgrade undici to 8.7.0#1684

Merged
jaredwray merged 1 commit into
mainfrom
claude/cacheable-dependency-management-d6gb1r
Jul 8, 2026
Merged

net - chore: upgrade undici to 8.7.0#1684
jaredwray merged 1 commit into
mainfrom
claude/cacheable-dependency-management-d6gb1r

Conversation

@jaredwray

Copy link
Copy Markdown
Owner

Please check if the PR fulfills these requirements

  • Followed the Contributing guidelines and Code of Conduct
  • Tests for the changes have been added (for bug fixes/features) with 100% code coverage.

No new tests are required — this is a dependency version bump with no behavioral change. @cacheable/net's existing suite (212 tests) continues to pass at 100% coverage.

What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

Chore — catch-up dependency bump. No runtime or public-API changes.

Change

undici 8.6.0 → 8.7.0 in packages/net

  • Minor release within undici 8, following the undici 8 major migration in net - chore: upgrade undici to 8 (breaking) #1682.
  • undici is consumed type-only in @cacheable/net (import type { RequestInit, Response } from "undici" plus a FetchRequestInit type re-export). The actual fetch runs through the runtime's own globalThis.fetch — a deliberate choice documented in src/fetch.ts so body classes (FormData, Blob, …) satisfy Node's bundled-undici instanceof checks. So this bump only refreshes the imported type definitions.
  • 8.7.0 is well past the 48h minimumReleaseAge window (published 2026-07-04).

Verification

  • pnpm build — all packages build.
  • tsc --noEmit on packages/net — clean; undici 8.7.0's RequestInit/Response types are compatible (tsdown doesn't full type-check, so this is checked explicitly).
  • pnpm --filter @cacheable/net test — 212/212 pass, coverage maintained.
  • node scripts/test-build.mjs — runtime import, publint, and attw all pass for every package.

Generated by Claude Code

Catch-up minor bump within undici 8 (8.6.0 -> 8.7.0), following the
undici 8 major migration in #1682. `undici` is used type-only in
@cacheable/net (the RequestInit / Response types); the actual fetch
runs through Node's global fetch, so this only refreshes the type
definitions.

Verified: build, `tsc --noEmit` on net, 212/212 net tests, and the
build-artifact validation (runtime + publint + attw) all pass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01P1TBuMiXotBjpNHYcbwvqf
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedundici@​8.7.09710010098100

View full report

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the undici dependency from version ^8.6.0 to ^8.7.0 in packages/net/package.json and updates the lockfile pnpm-lock.yaml accordingly. I have no feedback to provide.

@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (93aedf3) to head (3eac433).

Additional details and impacted files
@@            Coverage Diff            @@
##              main     #1684   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           29        29           
  Lines         3504      3504           
  Branches       809       809           
=========================================
  Hits          3504      3504           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jaredwray jaredwray merged commit d93554f into main Jul 8, 2026
12 checks passed
@jaredwray jaredwray deleted the claude/cacheable-dependency-management-d6gb1r branch July 8, 2026 22:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants