Closed
Description
Command
build
Is this a regression?
- Yes, this behavior used to work in the previous version
The previous version in which this bug was not present was
No response
Description
Running npm audit on an Angular v17 outputs the following:
# npm audit report
vite 5.0.0 - 5.2.13
Severity: moderate
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS - https://github.com/advisories/GHSA-64vr-g452-qvp3
Vite's `server.fs.deny` is bypassed when using `?import&raw` - https://github.com/advisories/GHSA-9cwx-2883-4wfx
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/vite
@angular-devkit/build-angular 17.1.0-next.0 - 18.1.0-rc.1
Depends on vulnerable versions of vite
node_modules/@angular-devkit/build-angular
2 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Angular v18 outputs the following:
# npm audit report
vite 5.4.0 - 5.4.5
Severity: moderate
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS - https://github.com/advisories/GHSA-64vr-g452-qvp3
Vite's `server.fs.deny` is bypassed when using `?import&raw` - https://github.com/advisories/GHSA-9cwx-2883-4wfx
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/vite
@angular-devkit/build-angular >=18.2.0-next.0
Depends on vulnerable versions of @angular/build
Depends on vulnerable versions of vite
node_modules/@angular-devkit/build-angular
@angular/build >=18.2.0-next.0
Depends on vulnerable versions of vite
node_modules/@angular/build
3 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Minimal Reproduction
Create a new angular project using the latest v18 @angular-cli or v17 @angular-cli
Run npm audit in the project folder
Exception or Error
No response
Your Environment
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 17.3.9
Node: 20.11.1
Package Manager: npm 10.5.2
OS: win32 x64
Angular: 17.3.4
... animations, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1703.9
@angular-devkit/build-angular 17.3.9
@angular-devkit/core 17.3.9
@angular-devkit/schematics 17.3.9
@angular/cli 17.3.9
@schematics/angular 17.3.9
rxjs 7.8.1
typescript 5.3.3
zone.js 0.14.4
Anything else relevant?
No response
Metadata
Metadata
Assignees
Labels
No labels