Skip to content

fix(@angular/build): bump undici to 7.28.0#33458

Merged
alan-agius4 merged 1 commit into
angular:21.2.xfrom
alan-agius4:security-bump-undici-21.2.x
Jun 25, 2026
Merged

fix(@angular/build): bump undici to 7.28.0#33458
alan-agius4 merged 1 commit into
angular:21.2.xfrom
alan-agius4:security-bump-undici-21.2.x

Conversation

@alan-agius4

@alan-agius4 alan-agius4 commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

Bumps undici to version 7.28.0 to resolve the GHSA-vxpw-j846-p89q security vulnerability.
Also mentions GHSA-fx2h-pf6j-xcff.

Fixes #33449

@alan-agius4
fix(@angular/build): bump undici to 7.28.0
b554f85 
Bumps undici to version 7.28.0 to resolve the GHSA-vxpw-j846-p89q security vulnerability.
Also mentions GHSA-fx2h-pf6j-xcff.

Fixes angular#33449
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 25, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the dependency "undici" from version "7.24.4" to "7.28.0" in the root package.json and the package files for @angular/build and @angular-devkit/build-angular. There are no review comments, and I have no feedback to provide.

@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: lts This PR is targeting a version currently in long-term support labels Jun 25, 2026
@alan-agius4 alan-agius4 requested a review from clydin June 25, 2026 06:44
@alan-agius4 alan-agius4 linked an issue Jun 25, 2026 that may be closed by this pull request
Backport undici security bump to the 21.2.x LTS branch #33449
Closed
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Jun 25, 2026
@alan-agius4 alan-agius4 merged commit a2b6116 into angular:21.2.x Jun 25, 2026
37 of 38 checks passed
@alan-agius4

alan-agius4 commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator Author

This PR was merged into the repository. The changes were merged into the following branches:

@alan-agius4 alan-agius4 deleted the security-bump-undici-21.2.x branch June 25, 2026 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clydin clydin clydin approved these changes
+1 more reviewer
@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: @angular/build target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Backport undici security bump to the 21.2.x LTS branch

2 participants

@alan-agius4 @clydin