NPM audit has identified a high command injection vulnerability in tree-kill
. This dependency is used by the @angular-devkit/build-angular
package, and is patched in version >=1.2.2
.
More information about this vulnerability can be found here.
Since this vulnerability is a dependency of @angular-devkit/build-angular
, the issue must be resolved by the Angular team. This can be done by updating tree-kill
to a newer version in their package.json
.