-
Notifications
You must be signed in to change notification settings - Fork 12k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated." #8544
Comments
Dupe of #8534 |
@clydin I had updated @angular/cli under an hour prior to posting this, but notice a few people saying the issue was resolved. |
I updated @angular/cli to 1.5.2, removed node_modules, installed all again, still installed old handlebars version. Is there an workaround for now? |
CLI 1.5.2 doesn't fix it. However here has been a fix - not sure what release it will surface in, 1.5.3 perhaps |
@YajJackson It will only change |
@angular/cli 1.5.3 fixes it. https://github.com/angular/angular-cli/commits/v1.5.3
|
Github error: We found a potential security vulnerability in one of your dependencies. The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated. What I did: Delete node_modules npm i -D @angular/cli@1.5.3 npm i angular/angular-cli#8544
I have tried Brunolm's solution, but when I run Angular (
The old version of angular CLI was 1.1.0 Tried with angular CLI 1.5.3 (locally and globally) I have also tried to follow migration guide, compared versions in I took a list of dependencies from migration guide, if you need some more info, just let me know.
|
I got these errors deploying React applications to github. Most of the issues were in the package-lock.json file. I use npm to build and run my React apps. There is a handy tool called 'npm-check'. Installing and running 'npm-check' will list outdated dependency libraries along with the npm commands to get the latest version. Its pretty cool. I updated my outdated scripts and that resolved the issue. This post is a bit old but for those that come upon it and look for threads here you are. |
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
Versions
Repro steps
Observed behavior
Desired behavior
The text was updated successfully, but these errors were encountered: