VULN UPGRADE: minor: @types/node · patch: @types/tunnel, undici [node_modules/@actions]

[campaigner-prod]

Summary: Security update — 4 packages upgraded (MINOR changes included)

Manifests changed:

• node_modules/@actions (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
undici	5.28.4	5.28.5	patch	4 MODERATE, 2 LOW
@types/node	15.12.5	15.14.9	minor	-
@types/node	15.12.5	15.14.9	minor	-
@types/tunnel	0.0.3	0.0.7	patch	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (6)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
undici	GHSA-c76h-2ccp-4975	MODERATE	Use of Insufficiently Random Values in undici	5.28.4	5.28.5
undici	CVE-2025-22150	MODERATE	Undici Uses Insufficiently Random Values	5.28.4	-
undici	GHSA-g9mf-h72j-4rw9	MODERATE	Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion	5.28.4	7.18.2
undici	CVE-2026-22036	MODERATE	Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion	5.28.4	-
undici	GHSA-cxrh-j4jr-qwg3	LOW	undici Denial of Service attack via bad certificate data	5.28.4	5.29.0
undici	CVE-2025-47279	LOW	undici Denial of Service attack via bad certificate data	5.28.4	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System