Closed
Description
Command
new
Is this a regression?
- Yes, this behavior used to work in the previous version
The previous version in which this bug was not present was
No response
Description
Running npm audit on Angular v15 project causes an error output, because @angular-devkit/build-angular depends on vulnerable version of webpack 5.75.0.
Minimal Reproduction
- Create new Angular project using the latest
@angular-cliversion15.2.3. - Run
npm auditin the project folder
Exception or Error
webpack 5.0.0 - 5.75.0
Severity: high
Cross-realm object access in Webpack 5 - https://github.com/advisories/GHSA-hc6q-2mpp-qw7j
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@0.1101.2, which is a breaking change
node_modules/webpack
@angular-devkit/build-angular 0.1200.0-next.0 - 16.0.0-next.3
Depends on vulnerable versions of webpack
node_modules/@angular-devkit/build-angular
2 high severity vulnerabilities
Your Environment
Angular CLI: 15.2.3
Node: 16.15.1
Package Manager: npm 8.11.0
OS: win32 x64
Angular: 15.2.2
... animations, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1502.3
@angular-devkit/build-angular 15.2.3
@angular-devkit/core 15.2.3
@angular-devkit/schematics 15.2.3
@angular/cli 15.2.3
@schematics/angular 15.2.3
rxjs 7.8.0
typescript 4.9.5
Anything else relevant?
No response