chore(release): rebuild dist and bump to v1.1.3#90
Merged
Conversation
Rebuild dist/index.js to bundle the security-patched dependencies that
were updated via dependabot but not reflected in the committed bundle:
- undici 7.27.2 -> 7.28.0 (security release, fixes 7 CVEs incl.
CVE-2026-12151, CVE-2026-9697, CVE-2026-6734)
- form-data 4.0.5 -> 4.0.6 (CVE-2026-12143, CRLF injection)
Bump version 1.1.1 -> 1.1.3 (next after tag v1.1.2).
Contributor
DeployGate Upload Information
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概要
dependabot の依存更新(#89)はバンドル成果物
dist/index.jsを再ビルドしていなかったため、セキュリティ修正が実行時バンドルに反映されていませんでした。本PRでdistを再ビルドし、パッチバージョンを上げます。背景
このアクションは
action.ymlでdist/index.js(ncc buildのバンドル)を実行します。undici/form-dataはこのバンドルに埋め込まれるため、package.jsonの更新だけでは利用者に修正が届きません。dist/index.jsは 2025-11-19 以降再ビルドされておらず、複数の依存更新が実バンドルに未反映でした。変更内容
dist/index.jsを再ビルドし、以下のセキュリティ修正済み依存を反映マージ後の手順
v1.1.3を作成(利用者へはタグ経由で配布されるため必須)v1を v1.1.3 に張り替え