From 771ad6a5ba50ff66f3316fa8d66c09187a4fe9f8 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Sun, 26 Jan 2025 15:16:19 +0000
Subject: [PATCH] fix: packages/attest/package.json &
 packages/attest/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-UNDICI-8641354
---
 packages/attest/package-lock.json | 19 ++++++++++---------
 packages/attest/package.json      |  2 +-
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/packages/attest/package-lock.json b/packages/attest/package-lock.json
index 98f20097cd..a66f4679c6 100644
--- a/packages/attest/package-lock.json
+++ b/packages/attest/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@actions/attest",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "@actions/attest",
-      "version": "1.2.0",
+      "version": "1.2.1",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.10.1",
@@ -24,7 +24,7 @@
         "@types/jsonwebtoken": "^9.0.6",
         "jose": "^5.2.3",
         "nock": "^13.5.1",
-        "undici": "^5.28.4"
+        "undici": "^5.28.5"
       }
     },
     "node_modules/@actions/core": {
@@ -1809,9 +1809,10 @@
       }
     },
     "node_modules/undici": {
-      "version": "5.28.4",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
-      "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
+      "version": "5.28.5",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
+      "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
+      "license": "MIT",
       "dependencies": {
         "@fastify/busboy": "^2.0.0"
       },
@@ -3428,9 +3429,9 @@
       "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
     },
     "undici": {
-      "version": "5.28.4",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
-      "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
+      "version": "5.28.5",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
+      "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
       "requires": {
         "@fastify/busboy": "^2.0.0"
       }
diff --git a/packages/attest/package.json b/packages/attest/package.json
index aa4d0cab36..bc805effca 100644
--- a/packages/attest/package.json
+++ b/packages/attest/package.json
@@ -40,7 +40,7 @@
     "@types/jsonwebtoken": "^9.0.6",
     "jose": "^5.2.3",
     "nock": "^13.5.1",
-    "undici": "^5.28.4"
+    "undici": "^5.28.5"
   },
   "dependencies": {
     "@actions/core": "^1.10.1",