Skip to content

@angular-devkit/build-angular 17 uses vulnerable undici 6.11.1 #30066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task
SymbioticKilla opened this issue Apr 8, 2025 · 2 comments
Closed
1 task

@angular-devkit/build-angular 17 uses vulnerable undici 6.11.1 #30066

SymbioticKilla opened this issue Apr 8, 2025 · 2 comments
Assignees
@alan-agius4
Labels
area: @angular-devkit/build-angular freq1: low Only reported by a handful of users who observe it rarely severity6: security type: bug/fix

Comments

@SymbioticKilla
Copy link

Command

version

Is this a regression?

  • Yes, this behavior used to work in the previous version

The previous version in which this bug was not present was

No response

Description

Hi,
is it possible to update it to 6.21.1?
https://nvd.nist.gov/vuln/detail/CVE-2025-22150

Thanks!

Minimal Reproduction

package.json

Exception or Error

Your Environment

17.3.15

Anything else relevant?

No response
alan-agius4 added a commit to alan-agius4/angular-cli that referenced this issue Apr 9, 2025
@alan-agius4
fix(@angular-devkit/build-angular): update undici to 6.21.1
606b99c 
This fixes CVE-2025-22150

Closes angular#30066
@alan-agius4 alan-agius4 mentioned this issue Apr 9, 2025
Merged
alan-agius4 added a commit to alan-agius4/angular-cli that referenced this issue Apr 9, 2025
@alan-agius4
fix(@angular-devkit/build-angular): remove undici from dependencies
df87df9 
This fixes CVE-2025-22150

Closes angular#30066
alan-agius4 added a commit to alan-agius4/angular-cli that referenced this issue Apr 9, 2025
@alan-agius4
fix(@angular-devkit/build-angular): remove undici from dependencies
b99c2c0 
This fixes CVE-2025-22150

Closes angular#30066
@alan-agius4 alan-agius4 self-assigned this Apr 9, 2025
alan-agius4 added a commit that referenced this issue Apr 9, 2025
@alan-agius4
fix(@angular-devkit/build-angular): remove undici from dependencies
5aa53b4 
This fixes CVE-2025-22150

Closes #30066
@alan-agius4
Copy link
Collaborator

Closed via #30071

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators May 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alan-agius4 alan-agius4

Labels
area: @angular-devkit/build-angular freq1: low Only reported by a handful of users who observe it rarely severity6: security type: bug/fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alan-agius4 @SymbioticKilla