The released version of node-gyp v13.0.0 uses undici ^6.25.0, which is affected by CVE-2026-11525. PR #3330 brings it to ^8.4.1 (resolves to 8.5.0), which includes a fix for the CVE. Please make a new release with the updated undici version to ensure this package isn't causing dependency issues.
The released version of
node-gypv13.0.0 usesundici^6.25.0, which is affected by CVE-2026-11525. PR #3330 brings it to ^8.4.1 (resolves to 8.5.0), which includes a fix for the CVE. Please make a new release with the updatedundiciversion to ensure this package isn't causing dependency issues.