[feat req] CVE-2025-47279 - Bump (upgrade version) of Undici dependency

[davidd396]

What would you like to be added?

upload-artifact/.licenses/npm/undici.dep.yml

Lines 2 to 5 in de65e23

	name: undici
	version: 5.28.4
	type: npm
	summary: An HTTP/1.1 client, written from scratch for Node.js

Hi team, could you please bump the undici dependency version to 5.29.0??

Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails.

Why is this needed?

Reference:

• https://www.cve.org/CVERecord?id=CVE-2025-47279

Thank you :)

[rahulshrivastava-eaton]

if this causing this error for us ?
Error: request to https://productionresult****.blob.core.windows.net/actions-results/*********** failed, reason: self-signed certificate in certificate chain