webpack-dev-server vulnerability #13342
Description
Bug Report or Feature Request (mark with an x)
- [X] bug report -> please search issues before submitting
- [ ] feature request
Command (mark with an x)
- [ ] new
- [ ] build
- [ ] serve
- [ ] test
- [ ] e2e
- [ ] generate
- [ ] add
- [ ] update
- [ ] lint
- [ ] xi18n
- [ ] run
- [ ] config
- [ ] help
- [ ] version
- [ ] doc
- [X] dependencies
Versions
node: 10.14.2
npm: 6.4.1
Angular CLI: 7.1.4
Node: 10.14.2
OS: win32 x64
Angular: 7.1.4
@angular-devkit/architect 0.10.7
@angular-devkit/build-angular 0.11.4
@angular-devkit/build-optimizer 0.11.4
@angular-devkit/build-webpack 0.10.7
@angular-devkit/core 7.0.7
@angular-devkit/schematics 7.1.4
@ngtools/webpack 7.1.4
@schematics/angular 7.1.4
@schematics/update 0.11.4
rxjs 6.3.3
typescript 3.1.6
webpack 4.19.1
--
Repro steps
npm install
The log given by the failure
=== npm audit security report === Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Missing Origin Validation
Package webpack-dev-server
Patched in >=3.1.11
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack-dev-server
More info https://nodesecurity.io/advisories/725
found 1 high severity vulnerability in 78596 scanned packages
1 vulnerability requires manual review. See the full report for details.
--