Security issue introduced through @angular-devkit/build-angular@17.3.4 -> vite@5.1.7

[rohitparamount]

Command

other

Is this a regression?

• Yes, this behavior used to work in the previous version

The previous version in which this bug was not present was

No response

Description

Hi Team, we are using angular v17 and we have integrated Snyk into our code repo, snyk reported this security issue with @angular-devkit/build-angular@17.3.4 -> vite@5.1.7.
We found that the issue is fixed in vite@5.4.6 but that's available in @angular-devkit/build-angular@18. We do have a lot of dependencies in our project which doesn't work with Angular v18, so as of now we can't move to v18.
Could you please help with the fix?
Thanks!!

Minimal Reproduction

Create an angular application with version 17 and integrate your code repository with snyk, you will get the issue in snyk security report.

Exception or Error

No response

Your Environment

Angular CLI: 17.3.4
Node: 20.9.0

Anything else relevant?

No response

[alan-agius4]

Closed via #28464

[jloaizar]

@alan-agius4 Should version @angular-devkit/build-angular@17.3.10 be generated? Thanks.

[alan-agius4]

@jloaizar, this should be released either today oo tomorrow.

[andywtw]

https://github.com/angular/angular-cli/releases/tag/17.3.10
Change log says update vite to 4.1.8 but should be 5.1.8 based on the actual changes.

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}