Closed
Description
The version of @angular-devkit/build-angular (19.2.8) currently relies on http-proxy-middleware versions 3.0.0 - 3.0.4, which have been flagged as having moderate vulnerabilities. The dependency needs to address CVE-2025-32996 and CVE-2025-32997`
# npm audit report
http-proxy-middleware 3.0.0 - 3.0.4
Severity: moderate
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed - https://github.com/advisories/GHSA-9gqv-wp59-fq42
http-proxy-middleware can call writeBody twice because "else if" is not used - https://github.com/advisories/GHSA-4www-5p9h-95mh
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@17.3.16, which is a breaking change
node_modules/http-proxy-middleware
@angular-devkit/build-angular 18.0.0-next.0 - 20.0.0-next.5
Depends on vulnerable versions of http-proxy-middleware
node_modules/@angular-devkit/build-angular
2 moderate severity vulnerabilities
Environment
Angular CLI: 19.2.8
Node: 18.19.0
Package Manager: npm 10.8.1
OS: win32 x64
Metadata
Metadata
Assignees
Labels
No labels