Skip to content

[docs] Note undici security patch in VS Code extension (aspire#17868)#1205

Draft
aspire-repo-bot[bot] wants to merge 1 commit into
release/13.4from
docs/undici-security-patch-17868-e2d643ff643cabb4
Draft

[docs] Note undici security patch in VS Code extension (aspire#17868)#1205
aspire-repo-bot[bot] wants to merge 1 commit into
release/13.4from
docs/undici-security-patch-17868-e2d643ff643cabb4

Conversation

@aspire-repo-bot
Copy link
Copy Markdown
Contributor

@aspire-repo-bot aspire-repo-bot Bot commented Jun 3, 2026

Documents changes from microsoft/aspire#17868

Authored by @IEvangelist.

Targeting release/13.4 — the latest release branch on microsoft/aspire.dev — because release/13.5 (from the source PR milestone 13.5) does not exist there.

Why this PR is needed

Aspire PR #17868 bumped the undici npm dependency in the VS Code extension from 7.21.0 to 7.27.0 to address three security advisories (GHSA-cxjh-pqwp-8mfp, GHSA-f269-vfmq-vjvj, GHSA-9f74-3xc5-r7g4). The pr_body_has_security_marker signal fired because the PR body explicitly references these GHSA advisories.

Changes

Added a "Security patch: undici dependency updated" subsection under the VS Code extension section of the Aspire 13.4 What's New page, listing the three advisories that were patched.

Files modified

  • src/frontend/src/content/docs/whats-new/aspire-13-4.mdx — updated (added security patch note under VS Code extension section)

Generated by PR Documentation Check for issue #17868 · sonnet46 2.6M ·

@aspire-repo-bot
docs: note undici security patch in VS Code extension (aspire#17868)
8a2dbd5 
Document the undici dependency bump from 7.21.0 to 7.27.0 in the VS Code
extension's What's New page, addressing three security advisories:
GHSA-cxjh-pqwp-8mfp, GHSA-f269-vfmq-vjvj, GHSA-9f74-3xc5-r7g4.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@aspire-repo-bot aspire-repo-bot Bot added the docs-from-code Copilot initiated issue from dotnet/aspire repo label Jun 3, 2026
@aspire-repo-bot aspire-repo-bot Bot mentioned this pull request Jun 3, 2026
Merged
@aspire-repo-bot aspire-repo-bot Bot requested a review from adamint June 3, 2026 21:30
@aspire-repo-bot
Copy link
Copy Markdown
Contributor Author

aspire-repo-bot Bot commented Jun 3, 2026

Frontend HTML artifact ready

The latest frontend build uploaded the frontend-dist artifact for PR #1205. Use the VS Code button below to open this PR with GitHub Artifacts Explorer and browse the built HTML locally.

VS Code: Open PR #1205 artifacts

This comment updates automatically when a new frontend build artifact is uploaded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamint adamint Awaiting requested review from adamint

@IEvangelist IEvangelist Awaiting requested review from IEvangelist IEvangelist will be requested when the pull request is marked ready for review IEvangelist is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

No one assigned

Labels

docs-from-code Copilot initiated issue from dotnet/aspire repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants