Command
new
Is this a regression?
The previous version in which this bug was not present was
No response
Description
Running npm audit on Angular v19, v20 project causes an error output, because @angular/build depends on vulnerable version of rollup (fixed "rollup": "4.34.8" for @angular/build@19.2.21 and fixed "rollup": " 4.52.3" for @angular/build@20.3.17 - required patched version: rollup@4.59.0
See more details:
GHSA-mw96-cpmx-2vgc
Minimal Reproduction
Create new Angular v19 or v20 project.
Run npm audit in the project folder
Exception or Error
Your Environment
Angular CLI: 19.2.21
Node: 22.22.0
Package Manager: npm 10.9.4
OS: win32 x64
Angular: 19.2.19
... common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1902.21
@angular-devkit/build-angular 19.2.21
@angular-devkit/core 19.2.21
@angular-devkit/schematics 19.2.21
@angular/cli 19.2.21
@schematics/angular 19.2.21
rxjs 7.8.2
typescript 5.7.3
zone.js 0.15.1
Anything else relevant?
No response
Command
new
Is this a regression?
The previous version in which this bug was not present was
No response
Description
Running npm audit on Angular v19, v20 project causes an error output, because
@angular/builddepends on vulnerable version ofrollup(fixed"rollup": "4.34.8"for@angular/build@19.2.21and fixed"rollup": " 4.52.3"for@angular/build@20.3.17- required patched version:rollup@4.59.0See more details:
GHSA-mw96-cpmx-2vgc
Minimal Reproduction
Create new Angular v19 or v20 project.
Run npm audit in the project folder
Exception or Error
Your Environment
Anything else relevant?
No response