Command
new
Is this a regression?
The previous version in which this bug was not present was
No response
Description
Running npm audit on an Angular project reports a vulnerability because the following libraries: @angular-devkit/build-angular do not use the required secure version of postcss (8.5.10).
Existing versions:
v19: 8.5.2
v20, v21: 8.5.6
GHSA-qx2v-qp2m-jg93
Minimal Reproduction
Create new Angular v19, v20, v21
Run npm audit in the project folder
Exception or Error
postcss <8.5.10
Severity: moderate
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output - https://github.com/advisories/GHSA-qx2v-qp2m-jg93
No fix available
node_modules/postcss
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
Your Environment
Angular CLI: 19.2.24
Node: 22.22.2
Package Manager: npm 10.9.7
OS: win32 x64
Angular: 19.2.21
... common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1902.24
@angular-devkit/build-angular 19.2.24
@angular-devkit/core 19.2.24
@angular-devkit/schematics 19.2.24
@angular/cli 19.2.24
@schematics/angular 19.2.24
rxjs 7.8.2
typescript 5.7.3
zone.js 0.15.1
Anything else relevant?
No response
Command
new
Is this a regression?
The previous version in which this bug was not present was
No response
Description
Running npm audit on an Angular project reports a vulnerability because the following libraries: @angular-devkit/build-angular do not use the required secure version of postcss (8.5.10).
Existing versions:
v19: 8.5.2
v20, v21: 8.5.6
GHSA-qx2v-qp2m-jg93
Minimal Reproduction
Create new Angular v19, v20, v21
Run npm audit in the project folder
Exception or Error
Your Environment
Anything else relevant?
No response