Skip to content

Angular 19 projects depend on vulnerable vite version #30206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task
json-derulo opened this issue Apr 30, 2025 · 1 comment · Fixed by #30207
Closed
1 task

Angular 19 projects depend on vulnerable vite version #30206

json-derulo opened this issue Apr 30, 2025 · 1 comment · Fixed by #30207
Labels
area: @angular/build freq1: low Only reported by a handful of users who observe it rarely severity6: security type: bug/fix

Comments

@json-derulo
Copy link

Command

other

Is this a regression?

  • Yes, this behavior used to work in the previous version

The previous version in which this bug was not present was

No response

Description

Angular 19 projects depend on Vite v6.2.6 which is vulnerable: GHSA-859w-5945-r5v3

Vite should be updated to v6.2.7.

Minimal Reproduction

Generate a new project and check the used versions of vite

Exception or Error

Your Environment

_                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/
    

Angular CLI: 19.2.9
Node: 22.15.0
Package Manager: npm 11.3.0
OS: darwin arm64

Angular: 19.2.8
... animations, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router

Package                         Version
---------------------------------------------------------
@angular-devkit/architect       0.1902.9
@angular-devkit/build-angular   19.2.9
@angular-devkit/core            19.2.9
@angular-devkit/schematics      19.2.9
@angular/cdk                    19.2.11
@angular/cli                    19.2.9
@angular/material               19.2.11
@schematics/angular             19.2.9
rxjs                            7.8.2
typescript                      5.8.3
zone.js                         0.15.0

Anything else relevant?

No response
alan-agius4 added a commit to alan-agius4/angular-cli that referenced this issue Apr 30, 2025
@alan-agius4
fix(@angular/build): update vite to 6.2.7
ffe5f55 
Addresses: GHSA-859w-5945-r5v3

Closes angular#30206
@alan-agius4 alan-agius4 mentioned this issue Apr 30, 2025
Merged
@alan-agius4 alan-agius4 linked a pull request Apr 30, 2025 that will close this issue
fix(@angular/build): update vite to 6.2.7 #30207
Merged
@alan-agius4 alan-agius4 added severity6: security area: @angular/build type: bug/fix freq1: low Only reported by a handful of users who observe it rarely labels Apr 30, 2025
alan-agius4 added a commit that referenced this issue Apr 30, 2025
@alan-agius4
fix(@angular/build): update vite to 6.2.7
067f1cb 
Addresses: GHSA-859w-5945-r5v3

Closes #30206
@alan-agius4
Copy link
Collaborator

Closed via #30207

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: @angular/build freq1: low Only reported by a handful of users who observe it rarely severity6: security type: bug/fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(@angular/build): update vite to 6.2.7 alan-agius4/angular-cli
2 participants
@alan-agius4 @json-derulo