We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Q. will you upgrade build-angular to webpack 5 ? currently it is at a version which has (dev) security vulnerabilities
npm audit:
{ "actions": [ { "action": "review", "module": "glob-parent", "resolves": [ { "id": 1751, "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>glob-parent", "dev": true, "optional": false, "bundled": false }, { "id": 1751, "path": "@nrwl/nest>@nrwl/node>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent", "dev": true, "optional": true, "bundled": false }, { "id": 1751, "path": "@nrwl/node>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent", "dev": true, "optional": true, "bundled": false } ] }, { "action": "review", "module": "css-what", "resolves": [ { "id": 1754, "path": "@angular-devkit/build-angular>css-minimizer-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>svgo>css-select>css-what", "dev": true, "optional": false, "bundled": false } ] } ], "advisories": { "1751": { "findings": [ { "version": "3.1.0", "paths": [ "@angular-devkit/build-angular>webpack-dev-server>chokidar>glob-parent" ] }, { "version": "3.1.0", "paths": [ "@nrwl/nest>@nrwl/node>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent", "@nrwl/node>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent" ] } ], "id": 1751, "created": "2021-06-07T21:57:10.135Z", "updated": "2021-06-07T21:58:07.745Z", "deleted": null, "title": "Regular expression denial of service", "found_by": { "link": "", "name": "Anonymous", "email": "" }, "reported_by": { "link": "", "name": "Anonymous", "email": "" }, "module_name": "glob-parent", "cves": [ "CVE-2020-28469" ], "vulnerable_versions": "<5.1.2", "patched_versions": ">=5.1.2", "overview": "`glob-parent` before 5.1.2 has a regular expression denial of service vulnerability. The enclosure regex used to check for strings ending in enclosure containing path separator.", "recommendation": "Upgrade to version 5.1.2 or later", "references": "- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2020-28469)\n- [GitHub Advisory](https://github.com/advisories/GHSA-ww39-953v-wcq6)\n", "access": "public", "severity": "moderate", "cwe": "CWE-400", "metadata": { "module_type": "", "exploitability": 5, "affected_components": "" }, "url": "https://npmjs.com/advisories/1751" }, "1754": { "findings": [ { "version": "4.0.0", "paths": [ "@angular-devkit/build-angular>css-minimizer-webpack-plugin>cssnano>cssnano-preset-default>postcss-svgo>svgo>css-select>css-what" ] } ], "id": 1754, "created": "2021-06-07T22:13:06.506Z", "updated": "2021-06-07T22:21:16.027Z", "deleted": null, "title": "Denial of Service", "found_by": { "link": "", "name": "Anonymous", "email": "" }, "reported_by": { "link": "", "name": "Anonymous", "email": "" }, "module_name": "css-what", "cves": [ "CVE-2021-33587" ], "vulnerable_versions": "<5.0.1", "patched_versions": ">=5.0.1", "overview": "`css-what` before 5.0.1 does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.", "recommendation": "Upgrade to version 5.0.1 or later", "references": "- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-33587)\n- [GitHub Advisory](https://github.com/advisories/GHSA-q8pj-2vqx-8ggc)\n", "access": "public", "severity": "high", "cwe": "CWE-400", "metadata": { "module_type": "", "exploitability": 7, "affected_components": "" }, "url": "https://npmjs.com/advisories/1754" } }, "muted": [], "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 1, "critical": 0 }, "dependencies": 600, "devDependencies": 1749, "optionalDependencies": 153, "totalDependencies": 2459 }, "runId": "89df43d4-3fb8-4eb4-b2e8-c079486ebb88" }
Angular CLI: 12.0.4 Node: 14.8.0 Package Manager: npm 6.14.7 OS: darwin x64
Angular: 12.0.4 ... animations, cdk, cdk-experimental, cli, common, compiler ... compiler-cli, core, forms, language-service, material ... platform-browser, platform-browser-dynamic, router
@angular-devkit/architect 0.1200.4 @angular-devkit/build-angular 12.0.5 @angular-devkit/core 12.0.4 @angular-devkit/schematics 12.0.4 @angular/flex-layout 12.0.0-beta.34 @angular/localize 11.2.14 @schematics/angular 12.0.4 rxjs 6.5.5 typescript 4.2.4
The text was updated successfully, but these errors were encountered:
Kindly see #21097.
Sorry, something went wrong.
This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.
Read more about our automatic conversation locking policy.
This action has been performed automatically by a bot.
No branches or pull requests
Q. will you upgrade build-angular to webpack 5 ?
currently it is at a version which has (dev) security vulnerabilities
npm audit:
Angular CLI: 12.0.4
Node: 14.8.0
Package Manager: npm 6.14.7
OS: darwin x64
Angular: 12.0.4
... animations, cdk, cdk-experimental, cli, common, compiler
... compiler-cli, core, forms, language-service, material
... platform-browser, platform-browser-dynamic, router
Package Version
@angular-devkit/architect 0.1200.4
@angular-devkit/build-angular 12.0.5
@angular-devkit/core 12.0.4
@angular-devkit/schematics 12.0.4
@angular/flex-layout 12.0.0-beta.34
@angular/localize 11.2.14
@schematics/angular 12.0.4
rxjs 6.5.5
typescript 4.2.4
The text was updated successfully, but these errors were encountered: