Regular Expression Denial of Servic #13692
Description
🐞 Bug report
Command (mark with an x)
- [ X ] new
- [ ] build
- [ ] serve
- [ ] test
- [ ] e2e
- [ ] generate
- [ ] add
- [ ] update
- [ ] lint
- [ ] xi18n
- [ ] run
- [ ] config
- [ ] help
- [ ] version
- [ ] doc
Description
When creating a new project using ng new project-name I get:
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ braces │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.3.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @angular/compiler-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @angular/compiler-cli > chokidar > anymatch > micromatch > │
│ │ braces │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/786 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ braces │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.3.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ karma [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ karma > expand-braces > braces │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/786 │
└───────────────┴──────────────────────────────────────────────────────────────┘
I have already ran the update on the braces but it doesn't seem to update a couple files. If I do a npm list braces I get this:
├─┬ @angular-devkit/build-angular@0.13.1
│ └─┬ webpack@4.29.0
│ └─┬ micromatch@3.1.10
│ └── braces@2.3.2 deduped
├─┬ @angular/compiler-cli@7.2.5
│ └─┬ chokidar@1.7.0
│ └─┬ anymatch@1.3.2
│ └─┬ micromatch@2.3.11
│ └── braces@1.8.5
└─┬ karma@4.0.0
├─┬ chokidar@2.0.4
│ └── braces@2.3.2
└─┬ expand-braces@0.1.2
└── braces@0.1.5
🔬 Minimal Reproduction
Just create a new project enabling routing and use SASS.
🌍 Your Environment
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 7.1.4
Node: 8.14.0
OS: darwin x64
Angular: 7.1.4
... animations, cli, common, compiler, core, forms
... language-service, platform-browser, platform-browser-dynamic
... router
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.11.4
@angular-devkit/build-angular 0.13.1
@angular-devkit/build-optimizer 0.13.1
@angular-devkit/build-webpack 0.13.1
@angular-devkit/core 7.1.4
@angular-devkit/schematics 7.1.4
@angular/compiler-cli 7.2.5
@ngtools/webpack 7.3.1
@schematics/angular 7.1.4
@schematics/update 0.11.4
rxjs 6.3.3
typescript 3.1.6
webpack 4.29.0
Anything else relevant?