Closed
Description
Command
build
Is this a regression?
- Yes, this behavior used to work in the previous version
The previous version in which this bug was not present was
No response
Description
Running npm_audit on an Angular v18 project outputs the following
# npm audit report
webpack <5.94.0
Severity: moderate
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS - https://github.com/advisories/GHSA-4vvj-4cpr-p986
No fix available
node_modules/webpack
@angular-devkit/build-angular *
Depends on vulnerable versions of webpack
node_modules/@angular-devkit/build-angular
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Minimal Reproduction
Create a new angular project using the latest v18 @angular-cli
Run npm audit in the project folder
Exception or Error
No response
Your Environment
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 18.2.1
Node: 20.16.0
Package Manager: npm 10.8.1
OS: linux x64
Angular:
...
Package Version
------------------------------------------------------
@angular-devkit/architect 0.1802.1 (cli-only)
@angular-devkit/core 18.2.1 (cli-only)
@angular-devkit/schematics 18.2.1 (cli-only)
@schematics/angular 18.2.1 (cli-only)
### Anything else relevant?
_No response_