@angular-devkit/build-angular v17.3.3 uses webpack-dev-server v4.15.1 which is scanned as vulnerability

[dashakureru]

Command

version

Is this a regression?

• Yes, this behavior used to work in the previous version

The previous version in which this bug was not present was

No response

Description

webpack-dev-server is scanned as a vulnerability. see reference below.

I've already updated @angular-devkit/build-angular to v17.3.3 but it still uses 4.15.1

I've also tried npm audit fix, it didn't work.

Minimal Reproduction

use @angular-devkit/build-angular to v17.3.3 and it will install v4.15.1

Exception or Error

No response

Your Environment

Angular CLI: 17.3.3
Node: 18.16.0
Package Manager: npm 9.5.1
OS: win32 x64

Angular: 17.3.3
... animations, cli, common, compiler, compiler-cli, core, forms
... language-service, localize, platform-browser
... platform-browser-dynamic, platform-server, router

Package                         Version
---------------------------------------------------------
@angular-devkit/architect       0.1703.3
@angular-devkit/build-angular   17.3.3
@angular-devkit/core            17.3.3
@angular-devkit/schematics      17.3.3
@angular/cdk                    16.2.14
@angular/material               16.2.14
@schematics/angular             16.2.13
rxjs                            7.8.1
typescript                      5.2.2
zone.js                         0.14.4

Anything else relevant?

No response

[JeanMeche]

Hi, this is a duplicate of #27334.
Deleting you lock file is the fatest way to solve your out-to-date peer-dependencies.

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}