Skip to content

@angular-devkit/build-angular 17 uses vulnerable undici 6.11.1 #30066

New issue
New issue
Closed
Bug
Closed
@angular-devkit/build-angular 17 uses vulnerable undici 6.11.1#30066
Bug
Assignees
alan-agius4
Labels
area: @angular-devkit/build-angularfreq1: lowOnly reported by a handful of users who observe it rarelyseverity6: securitytype: bug/fix
@SymbioticKilla

Description

@SymbioticKilla
SymbioticKilla
opened on Apr 8, 2025

Command

version

Is this a regression?

  • Yes, this behavior used to work in the previous version

The previous version in which this bug was not present was

No response

Description

Hi,
is it possible to update it to 6.21.1?
https://nvd.nist.gov/vuln/detail/CVE-2025-22150

Thanks!

Minimal Reproduction

package.json

Exception or Error

Your Environment

17.3.15

Anything else relevant?

No response

Activity

alan-agius4
added a commit that references this issue on Apr 9, 2025

fix(@angular-devkit/build-angular): update undici to 6.21.1

606b99c
alan-agius4
mentioned this on Apr 9, 2025
alan-agius4
added 2 commits that reference this issue on Apr 9, 2025

fix(@angular-devkit/build-angular): remove undici from dependencies

df87df9

fix(@angular-devkit/build-angular): remove undici from dependencies

b99c2c0
alan-agius4
added
type: bug/fix
freq1: lowOnly reported by a handful of users who observe it rarely
severity6: security
area: @angular-devkit/build-angular
on Apr 9, 2025
alan-agius4
self-assigned this
on Apr 9, 2025
alan-agius4
added the
Bug
issue type on Apr 9, 2025
alan-agius4
added a commit that references this issue on Apr 9, 2025

fix(@angular-devkit/build-angular): remove undici from dependencies

5aa53b4
alan-agius4

alan-agius4 commented on Apr 9, 2025

@alan-agius4
alan-agius4
on Apr 9, 2025
Collaborator

Closed via #30071

alan-agius4
closed this as completedon Apr 9, 2025
angular-automatic-lock-bot

angular-automatic-lock-bot commented on May 10, 2025

@angular-automatic-lock-bot
angular-automatic-lock-botbot
on May 10, 2025

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

angular-automatic-lock-bot
locked and limited conversation to collaborators on May 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

area: @angular-devkit/build-angularfreq1: lowOnly reported by a handful of users who observe it rarelyseverity6: securitytype: bug/fix

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @alan-agius4@SymbioticKilla

      Issue actions
        @angular-devkit/build-angular 17 uses vulnerable undici 6.11.1 · Issue #30066 · angular/angular-cli