CVE-2025-22871 @angular/build  uses a vulnerable version of "esbuild" - "0.25.1"

### Command

build

### Is this a regression?

- [ ] Yes, this behavior used to work in the previous version

### The previous version in which this bug was not present was

_No response_

### Description

current version of ```@angular/build```: ```19.2.10``` has dependency of ```esbuild```: ```0.25.1```, which affected by CVE-2025-22871 (```go/stlib```:  ```1.23.7```)

and its fine with ```esbuild```: ```0.25.2``` (```go/stlib```:  ```1.23.8```) [fix #4133: Update go 1.23.7 => 1.23.8 #4134](https://github.com/evanw/esbuild/pull/4134/commits/45253e5fcafaaa8b223fa944b89b50688b531605)

### Minimal Reproduction

No need for steps to reproduce

### Exception or Error

```text

```

### Your Environment

```text
Angular CLI: 19.2.10
Node: 22.15.0
Package Manager: npm 10.9.2
OS: macOS 15.1.1 (24B91)
```

### Anything else relevant?

[esbuild: 4133](https://github.com/evanw/esbuild/issues/4133)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2025-22871 @angular/build uses a vulnerable version of "esbuild" - "0.25.1" #30255

Command

Is this a regression?

The previous version in which this bug was not present was

Description

Minimal Reproduction

Exception or Error

Your Environment

Anything else relevant?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2025-22871 @angular/build uses a vulnerable version of "esbuild" - "0.25.1" #30255

Description

Command

Is this a regression?

The previous version in which this bug was not present was

Description

Minimal Reproduction

Exception or Error

Your Environment

Anything else relevant?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions