Description
Command
other
Is this a regression?
- Yes, this behavior used to work in the previous version
The previous version in which this bug was not present was
No response
Description
build-angular 18.2.9 (and earlier versions) reference http-proxy-middleware 3.0.0, which contains a vulnerability.
There is a version 3.0.3 that includes a fix.
For more info, please see: https://dnb.whitesourcesoftware.com/Wss/WSS.html#!securityVulnerability;id=CVE-2024-21536
Minimal Reproduction
Use the latest angular packages (build-angular 18.2.9 at the moment of writing) and scan for vulnerabilities with a tool (like Whitesource Mend).
Exception or Error
No response
Your Environment
Angular CLI: 18.2.9
Node: 20.16.0
Package Manager: npm 10.8.3
OS: win32 x64
Angular: 18.2.8
... animations, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Package Version
@angular-devkit/architect 0.1802.9
@angular-devkit/build-angular 18.2.9
@angular-devkit/core 18.2.9
@angular-devkit/schematics 18.2.9
@angular/cli 18.2.9
@schematics/angular 18.2.9
rxjs 7.8.1
typescript 5.5.4
zone.js 0.14.10
Anything else relevant?
It's not a major issue, since it's on a dev-dependency, but nevertheless it is flagged as a High impact vulnerability (raising red flags and blocks) in our organization and seems like an easy fix to update in build-angular.