Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Risky cryptographic hashing function #16313

nishant4nishu opened this issue Nov 29, 2019 · 1 comment

Risky cryptographic hashing function #16313

nishant4nishu opened this issue Nov 29, 2019 · 1 comment


Copy link

@nishant4nishu nishant4nishu commented Nov 29, 2019

Hi Angular team,

We have Coverity SCA tool integrated with our angular application.Below are the issues reported by tool for node modules files and categorized as "Risky cryptographic hashing function". Is the below issue still open from your end or fixes are already given in some of your angular releases? Please suggest. Used Angular version 4.x

1)Filename :--> /node_modules/webpack/lib/ModuleFilenameHelpers.js
function name :-> getHash

2)Filename :--> /node_modules/webpack/lib/NormalModule.js
function name :-> NormalModule.prototype.source
3) Filename :-->/node_modules/typescript/lib/typescript.js
function name :->nodeSystem.createHash
4)Filename :-->/node_modules/ts-node/dist/index.js
5)Filename :-->/node_modules/ts-node/dist/index.js
6)Filename :-->/node_modules/istanbul-api/node_modules/istanbul-lib-instrument/dist/constants.js <script>
7)Filename :-->/node_modules/ts-node/dist/index.js <script>
8)Filename :-->/node_modules/istanbul/lib/instrumenter.js
function name :->generateTrackerVar
9)Filename :-->/node_modules/postcss-url/index.js
function name :-> processCopy
10)Filename :-->/node_modules/ts-node/dist/index.js
function name :->load


This comment has been minimized.

Copy link

@filipesilva filipesilva commented Nov 29, 2019

Hi there,

Angular version 4 is an older version that we don't directly support anymore, but we still use some of the dependencies you mention. A better place to report any problems with those dependencies is their repository though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.