Closed
Description
Command
build
Is this a regression?
- Yes, this behavior used to work in the previous version
The previous version in which this bug was not present was
No response
Description
Got a notification that the latest version of @angular-devkit/build-angular (v17.3.3) includes Vite 5.1.5 which has a vulnerability.
Github Advisory: GHSA-8jhw-289h-jh2g
Minimal Reproduction
Use the latest @angular-devkit/build-angular (v17.3.3), it will install vite 5.1.5
Exception or Error
No response
Your Environment
Angular CLI: 17.3.3
Node: 20.12.1
Package Manager: npm 10.5.1
OS: win32 x64
Angular: 17.3.2
... animations, cdk, common, compiler, compiler-cli, core, forms
... material, material-experimental, platform-browser
... platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1703.3
@angular-devkit/build-angular 17.3.3
@angular-devkit/core 17.3.3
@angular-devkit/schematics 17.3.3
@angular/cli 17.3.3
@schematics/angular 17.3.3
rxjs 7.8.1
typescript 5.4.3
zone.js 0.14.4
Anything else relevant?
Package Manager: NPM