New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NPM Audit failure - webpack-dev-server - NG 7.2 #13387

Closed
Adam-Kernig-RM opened this Issue Jan 9, 2019 · 5 comments

Comments

Projects
None yet
3 participants
@Adam-Kernig-RM
Copy link

Adam-Kernig-RM commented Jan 9, 2019

This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.

Bug Report or Feature Request (mark with an x)

- [X ] bug report 

Versions

node: v8.11.3
npm: 6.5.0

Angular: 7.2.0
Package Version

@angular-devkit/architect 0.12.0
@angular-devkit/build-angular 0.12.0
@angular-devkit/build-ng-packagr 0.12.0
@angular-devkit/build-optimizer 0.12.0
@angular-devkit/build-webpack 0.12.0
@angular-devkit/core 7.2.0
@angular-devkit/schematics 7.2.0
@angular/cdk 7.2.1
@angular/cdk-experimental 7.2.1
@ngtools/json-schema 1.1.0
@ngtools/webpack 7.2.0
@schematics/angular 7.2.0
@schematics/update 0.12.0
ng-packagr 4.4.5
rxjs 6.3.3
typescript 3.2.2
webpack 4.23.1

macOS (High Sierra)

Repro steps

ng new audit-test
Would you like routing? Y or N
After NG installs itself you will receive:
added 1167 packages from 1176 contributors and audited 39136 packages in 49.677s
found 1 high severity vulnerability

run npm audit

The log given by the failure

│ High │ Missing Origin Validation │
│ Package │ webpack-dev-server │
│ Dependency of │ @angular-devkit/build-angular [dev] │
│ Path │ @angular-devkit/build-angular > webpack-dev-server │
│ More info │ https://nodesecurity.io/advisories/725

Desired functionality

Audit failure should not be there

Mention any other details that might be useful

This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.

@filipesilva

This comment has been minimized.

Copy link
Member

filipesilva commented Jan 9, 2019

Hi all, we're looking at why this wasn't included in the 7.2 release and will probably do a new release with it later today.

For context, #13342 was the main issue for this problem.

@Adam-Kernig-RM

This comment has been minimized.

Copy link

Adam-Kernig-RM commented Jan 9, 2019

@filipesilva thanks for looking into it, much appreciated!

@alexeagle

This comment has been minimized.

Copy link
Collaborator

alexeagle commented Jan 9, 2019

Fixed in 7.2.1

@alexeagle alexeagle closed this Jan 9, 2019

@filipesilva

This comment has been minimized.

Copy link
Member

filipesilva commented Jan 9, 2019

@angular/cli@7.2.1 and @angular-devkit/build-angular@0.12.1 are now released. Using these versions should remove the audit failure.

@mgechev mgechev unpinned this issue Jan 9, 2019

@Adam-Kernig-RM

This comment has been minimized.

Copy link

Adam-Kernig-RM commented Jan 10, 2019

@filipesilva Confirmed, I've performed an NG Update on a project, moving to 7.2.1 fix the issue.
Thanks for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment