From ee4db0deb4606f807d2f8abf27b17958f80bf5a0 Mon Sep 17 00:00:00 2001
From: Ben McCann <322311+benmccann@users.noreply.github.com>
Date: Wed, 18 Oct 2023 08:28:27 -0700
Subject: [PATCH] chore: bump undici to address security issue (#10885)

---
 .changeset/fast-donuts-own.md | 5 +++++
 packages/kit/package.json     | 2 +-
 pnpm-lock.yaml                | 8 ++++----
 3 files changed, 10 insertions(+), 5 deletions(-)
 create mode 100644 .changeset/fast-donuts-own.md

diff --git a/.changeset/fast-donuts-own.md b/.changeset/fast-donuts-own.md
new file mode 100644
index 000000000000..f99b4c53d751
--- /dev/null
+++ b/.changeset/fast-donuts-own.md
@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+chore: bump undici to address security issue
diff --git a/packages/kit/package.json b/packages/kit/package.json
index 78717c31a611..9f85fc5cc0ff 100644
--- a/packages/kit/package.json
+++ b/packages/kit/package.json
@@ -23,7 +23,7 @@
 		"set-cookie-parser": "^2.6.0",
 		"sirv": "^2.0.2",
 		"tiny-glob": "^0.2.9",
-		"undici": "~5.26.0"
+		"undici": "~5.26.2"
 	},
 	"devDependencies": {
 		"@playwright/test": "1.30.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index d18b5d8786e2..f8ac773c2b8e 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -401,8 +401,8 @@ importers:
         specifier: ^0.2.9
         version: 0.2.9
       undici:
-        specifier: ~5.26.0
-        version: 5.26.0
+        specifier: ~5.26.2
+        version: 5.26.3
     devDependencies:
       '@playwright/test':
         specifier: 1.30.0
@@ -6236,8 +6236,8 @@ packages:
       which-boxed-primitive: 1.0.2
     dev: true
 
-  /undici@5.26.0:
-    resolution: {integrity: sha512-MLqGMyaJk2ubSl7FrmWuV7ZOsYWmdF7gcBHDRxm4AR8NoodQhgy3vO/D1god79HoetxR0uAeVNB65yj2lNRQnQ==}
+  /undici@5.26.3:
+    resolution: {integrity: sha512-H7n2zmKEWgOllKkIUkLvFmsJQj062lSm3uA4EYApG8gLuiOM0/go9bIoC3HVaSnfg4xunowDE2i9p8drkXuvDw==}
     engines: {node: '>=14.0'}
     dependencies:
       '@fastify/busboy': 2.0.0