Skip to content

[United Nations] Resolves CVE-2026-25128 #25028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
raycastbot merged 2 commits into from
Feb 1, 2026
Merged

[United Nations] Resolves CVE-2026-25128 #25028

raycastbot merged 2 commits into from
Feb 1, 2026

Conversation

@LitoMore
Copy link
Contributor

@LitoMore LitoMore commented Jan 31, 2026

Description

Checklist

@raycastbot raycastbot added extension fix / improvement Label for PRs with extension's fix improvements extension: united-nations Issues related to the united-nations extension platform: macOS platform: Windows OP is author The OP of the PR is the author of the extension labels Jan 31, 2026
@raycastbot
Copy link
Collaborator

raycastbot commented Jan 31, 2026

Thank you for the update! 🎉

We're currently experiencing a high volume of incoming requests. As a result, the initial review may take up to 10-15 business days.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 31, 2026

Greptile Overview

Greptile Summary

This PR updates all dependencies in the United Nations extension to their latest versions, primarily to address CVE-2026-25128. The key security update is undici from 7.14.0 to 7.19.2, along with updates to @raycast/api, cheerio, fast-xml-parser, got, prettier, and various type definitions.

Key changes:

  • Updated undici from 7.14.0 to 7.19.2 (likely the CVE fix)
  • Updated cheerio from 1.1.2 to 1.2.0
  • Updated @raycast/api from 1.103.6 to 1.104.3
  • Updated prettier from 3.6.2 to 3.8.1
  • CHANGELOG follows proper format with {PR_MERGE_DATE} placeholder

Note: The CVE identifier CVE-2026-25128 references year 2026, which should be verified as this year hasn't occurred yet. This may be a typo or placeholder that needs correction.

Confidence Score: 4/5

  • This PR is safe to merge pending verification of the CVE identifier
  • The dependency updates are straightforward and follow standard security patching practices. CHANGELOG format is correct. Only concern is the unusual CVE-2026-25128 identifier that references a future year, which should be verified before merging.
  • CHANGELOG.md requires verification of the CVE identifier

Important Files Changed

Filename Overview
extensions/united-nations/CHANGELOG.md Added new maintenance entry with correct format and placeholder date
extensions/united-nations/package.json Updated all dependencies to latest versions including security patches
extensions/united-nations/package-lock.json Lockfile updated with dependency version bumps, notably undici 7.14.0→7.19.2 for CVE fix

greptile-apps[bot]
greptile-apps bot reviewed Jan 31, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

@0xdhrv 0xdhrv self-assigned this Feb 1, 2026
0xdhrv
0xdhrv approved these changes Feb 1, 2026
View reviewed changes
Copy link
Contributor

@0xdhrv 0xdhrv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, approved 🔥

@raycastbot raycastbot merged commit 78bc39e into raycast:main Feb 1, 2026
2 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Feb 1, 2026

Published to the Raycast Store:
https://raycast.com/litomore/united-nations

@raycastbot
Copy link
Collaborator

raycastbot commented Feb 1, 2026

🎉 🎉 🎉

We've rewarded your Raycast account with some credits. You will soon be able to exchange them for some swag.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xdhrv 0xdhrv 0xdhrv approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@0xdhrv 0xdhrv

Labels

extension fix / improvement Label for PRs with extension's fix improvements extension: united-nations Issues related to the united-nations extension OP is author The OP of the PR is the author of the extension platform: macOS platform: Windows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LitoMore @raycastbot @0xdhrv