After installing the latest CLI (v12) I decided to generate a clean new project to see what's different and what's being generated. Unfortunately I found out that the generated project has 35 severity vulnerabilities in the npm packages right off the bat. The vulnerabilities are not critical but they can't be resolved automatically using npm audit fix. The audit report shows all the vulnerabilities in the following way:

Moderate        Regular Expression Denial of Service

Package         postcss

Patched in      >=8.2.10

Dependency of   @angular-devkit/build-angular [dev]

Path            @angular-devkit/build-angular > postcss-preset-env >
                    autoprefixer > postcss

I hope that I reported the issue in the correct repository.