NPM audit has identified a high command injection vulnerability in tree-kill. This dependency is used by the @angular-devkit/build-angular package, and is patched in version >=1.2.2.
More information about this vulnerability can be found here.
Since this vulnerability is a dependency of @angular-devkit/build-angular, the issue must be resolved by the Angular team. This can be done by updating tree-kill to a newer version in their package.json.