@actions/core: Upgrade @actions/http-client to 2.2.3

`undici` prior `5.28.5` has vulnerability ([CWE-330](https://cwe.mitre.org/data/definitions/330.html), [CVE-2025-22150](https://nvd.nist.gov/vuln/detail/CVE-2025-22150), [SNYK-JS-UNDICI-8641354](https://security.snyk.io/vuln/SNYK-JS-UNDICI-8641354)).

`@actions/http-client` version `2.2.3` upgraded `undici` to `v5.28.5` (ref #1957), which cleaned the vulnerability.

`@actions/core` [still uses](https://github.com/actions/toolkit/blob/main/packages/core/package-lock.json#L64) `@actions/http-client` version `2.1.0`, thus is (transitively) vulnerable.

Please upgrade `@actions/http-client` to `2.2.3` in `@actions/core`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

@actions/core: Upgrade @actions/http-client to 2.2.3 #2029

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

@actions/core: Upgrade @actions/http-client to 2.2.3 #2029

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions