Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Risky cryptographic hashing function #16313

Closed
nishant4nishu opened this issue Nov 29, 2019 · 1 comment
Closed

Risky cryptographic hashing function #16313

nishant4nishu opened this issue Nov 29, 2019 · 1 comment

Comments

@nishant4nishu
Copy link

@nishant4nishu nishant4nishu commented Nov 29, 2019

Hi Angular team,

We have Coverity SCA tool integrated with our angular application.Below are the issues reported by tool for node modules files and categorized as "Risky cryptographic hashing function". Is the below issue still open from your end or fixes are already given in some of your angular releases? Please suggest. Used Angular version 4.x

1)Filename :--> /node_modules/webpack/lib/ModuleFilenameHelpers.js
function name :-> getHash

2)Filename :--> /node_modules/webpack/lib/NormalModule.js
function name :-> NormalModule.prototype.source
3) Filename :-->/node_modules/typescript/lib/typescript.js
function name :->nodeSystem.createHash
4)Filename :-->/node_modules/ts-node/dist/index.js
5)Filename :-->/node_modules/ts-node/dist/index.js
6)Filename :-->/node_modules/istanbul-api/node_modules/istanbul-lib-instrument/dist/constants.js <script>
7)Filename :-->/node_modules/ts-node/dist/index.js <script>
8)Filename :-->/node_modules/istanbul/lib/instrumenter.js
function name :->generateTrackerVar
9)Filename :-->/node_modules/postcss-url/index.js
function name :-> processCopy
10)Filename :-->/node_modules/ts-node/dist/index.js
function name :->load

@filipesilva

This comment has been minimized.

Copy link
Member

@filipesilva filipesilva commented Nov 29, 2019

Hi there,

Angular version 4 is an older version that we don't directly support anymore, but we still use some of the dependencies you mention. A better place to report any problems with those dependencies is their repository though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.