From 0726a4bf77a47f135f1dc031fd6b411711ef36c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamila=20=C5=9Aroda?= Date: Wed, 8 Jul 2026 08:58:28 +0200 Subject: [PATCH] deps: bump undici to 7.28.0 to fix Dependabot alerts Pin jsdom's transitive undici to 7.28.0 via resolutions in the Angular token-refresh and login-pkce samples. Resolves 12 Dependabot alerts (high/medium/low) where undici@7.25.0 was vulnerable. Co-Authored-By: Claude Opus 4.8 (1M context) --- samples/angular/login-pkce/package.json | 3 ++- samples/angular/login-pkce/yarn.lock | 14 +++++++------- samples/angular/token-refresh/package.json | 3 ++- samples/angular/token-refresh/yarn.lock | 14 +++++++------- 4 files changed, 18 insertions(+), 16 deletions(-) diff --git a/samples/angular/login-pkce/package.json b/samples/angular/login-pkce/package.json index 1b8e2a6..537cd78 100644 --- a/samples/angular/login-pkce/package.json +++ b/samples/angular/login-pkce/package.json @@ -37,6 +37,7 @@ "@angular/build/vite": "7.3.5", "vitest/vite": "8.0.16", "esbuild": "0.28.1", - "@babel/core": "7.29.6" + "@babel/core": "7.29.6", + "jsdom/undici": "7.28.0" } } diff --git a/samples/angular/login-pkce/yarn.lock b/samples/angular/login-pkce/yarn.lock index 3fd7947..10c25ab 100644 --- a/samples/angular/login-pkce/yarn.lock +++ b/samples/angular/login-pkce/yarn.lock @@ -5768,6 +5768,13 @@ __metadata: languageName: node linkType: hard +"undici@npm:7.28.0": + version: 7.28.0 + resolution: "undici@npm:7.28.0" + checksum: 10c0/fe781983a26098795e99bb1f64906cbb7d0bcaa029a26baade007b53ea67f2631d189b8f9671a31f4c8d0cb3773b7559608628ba54452fef51fec90e7c78bb0d + languageName: node + linkType: hard + "undici@npm:^6.25.0": version: 6.27.0 resolution: "undici@npm:6.27.0" @@ -5775,13 +5782,6 @@ __metadata: languageName: node linkType: hard -"undici@npm:^7.25.0": - version: 7.25.0 - resolution: "undici@npm:7.25.0" - checksum: 10c0/02a0b45dc14eb91bc488948750232450fe52f27a6b08086d6ac6736bb47908d600fe3a96d346f12eab24729c782e5c2f693bc8e8eca6696d4e4c09b1ed4cb4ec - languageName: node - linkType: hard - "unpipe@npm:~1.0.0": version: 1.0.0 resolution: "unpipe@npm:1.0.0" diff --git a/samples/angular/token-refresh/package.json b/samples/angular/token-refresh/package.json index 34016b6..c2c9b36 100644 --- a/samples/angular/token-refresh/package.json +++ b/samples/angular/token-refresh/package.json @@ -37,6 +37,7 @@ "@angular/build/vite": "7.3.5", "vitest/vite": "8.0.16", "esbuild": "0.28.1", - "@babel/core": "7.29.6" + "@babel/core": "7.29.6", + "jsdom/undici": "7.28.0" } } diff --git a/samples/angular/token-refresh/yarn.lock b/samples/angular/token-refresh/yarn.lock index 9f26fa9..2dcdc5d 100644 --- a/samples/angular/token-refresh/yarn.lock +++ b/samples/angular/token-refresh/yarn.lock @@ -5768,6 +5768,13 @@ __metadata: languageName: node linkType: hard +"undici@npm:7.28.0": + version: 7.28.0 + resolution: "undici@npm:7.28.0" + checksum: 10c0/fe781983a26098795e99bb1f64906cbb7d0bcaa029a26baade007b53ea67f2631d189b8f9671a31f4c8d0cb3773b7559608628ba54452fef51fec90e7c78bb0d + languageName: node + linkType: hard + "undici@npm:^6.25.0": version: 6.27.0 resolution: "undici@npm:6.27.0" @@ -5775,13 +5782,6 @@ __metadata: languageName: node linkType: hard -"undici@npm:^7.25.0": - version: 7.25.0 - resolution: "undici@npm:7.25.0" - checksum: 10c0/02a0b45dc14eb91bc488948750232450fe52f27a6b08086d6ac6736bb47908d600fe3a96d346f12eab24729c782e5c2f693bc8e8eca6696d4e4c09b1ed4cb4ec - languageName: node - linkType: hard - "unpipe@npm:~1.0.0": version: 1.0.0 resolution: "unpipe@npm:1.0.0"