fix(@angular-devkit/build-angular): bump undici to 7.28.0

alan-agius4 · alan-agius4 · commit 4ea787cd0dfc · 2026-06-25T14:26:53.000+02:00
Bumps undici to version 7.28.0 to resolve the GHSA-vxpw-j846-p89q security vulnerability. Also mentions GHSA-fx2h-pf6j-xcff. Fixes #33449
diff --git a/package.json b/package.json
@@ -141,7 +141,7 @@
     "ts-node": "^10.9.1",
     "tslib": "2.8.1",
     "typescript": "5.9.2",
-    "undici": "7.13.0",
+    "undici": "7.28.0",
     "unenv": "^1.10.0",
     "verdaccio": "6.1.6",
     "verdaccio-auth-memory": "^10.0.0",
diff --git a/packages/angular_devkit/build_angular/package.json b/packages/angular_devkit/build_angular/package.json
@@ -69,7 +69,7 @@
     "@web/test-runner": "0.20.2",
     "browser-sync": "3.0.4",
     "ng-packagr": "20.3.0",
-    "undici": "7.13.0"
+    "undici": "7.28.0"
   },
   "peerDependencies": {
     "@angular/core": "0.0.0-ANGULAR-FW-PEER-DEP",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
