Command
new
Is this a regression?
The previous version in which this bug was not present was
No response
Description
Running npm audit on Angular v19 and v20 project causes an error output, because @angular-devkit/core depends on vulnerable version of ajv (fixed "ajv": "8.17.1" - required patched version: 8.18.0)
See more details:
GHSA-2g4f-4pwh-qvx6
Minimal Reproduction
Create new Angular v19 or v20 project.
Run npm audit in the project folder
Exception or Error
Your Environment
Angular CLI: 19.2.21
Node: 22.22.0
Package Manager: npm 10.9.4
OS: win32 x64
Angular: 19.2.19
... common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1902.21
@angular-devkit/build-angular 19.2.21
@angular-devkit/core 19.2.21
@angular-devkit/schematics 19.2.21
@angular/cli 19.2.21
@schematics/angular 19.2.21
rxjs 7.8.2
typescript 5.7.3
zone.js 0.15.1
Anything else relevant?
No response
Command
new
Is this a regression?
The previous version in which this bug was not present was
No response
Description
Running npm audit on Angular v19 and v20 project causes an error output, because
@angular-devkit/coredepends on vulnerable version ofajv(fixed"ajv": "8.17.1"- required patched version:8.18.0)See more details:
GHSA-2g4f-4pwh-qvx6
Minimal Reproduction
Create new Angular v19 or v20 project.
Run npm audit in the project folder
Exception or Error
Your Environment
Anything else relevant?
No response