Angular project generates moderate and high vulnerabilities #2744
Description
Describe the bug
Angular 11.2.14 project generates moderate and high vulnerabilities after upgrading to netlify-cli 3.38.7
To Reproduce
Steps to reproduce the behavior:
- Updated from netlify-cli 3.31.16 to 3.38.7
Configuration
- If possible, please copy/paste below your
netlify.toml.
[build]
publish = "dist/myproject"
command = "npm run build"
functions = "functions"
[[redirects]]
from = "/*"
to = "/index.html"
status = 200
- Please enter the following command in a terminal and copy/paste its output:
npx envinfo --system --binaries --npmPackages netlify-cli --npmGlobalPackages netlify-cli System:
OS: Windows 10 10.0.19043
CPU: (8) x64 Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Memory: 3.53 GB / 15.86 GB
Binaries:
Node: 14.17.0 - C:\Program Files\nodejs\node.EXE
Yarn: 1.22.10 - ~\Documents\Develop\Websites\MTBco25\node_modules\.bin\yarn.CMD
npm: 6.14.7 - C:\Program Files\nodejs\npm.CMD
npmPackages:
netlify-cli: ^3.38.7 => 3.38.7
Expected behavior
There should be no vulnerabilities
Additional context
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of netlify-cli [dev]
Path netlify-cli > @netlify/build > @netlify/functions-utils >
cpy > globby > fast-glob > glob-parent
More info https://npmjs.com/advisories/1751
High Regular Expression Denial of Service
Package normalize-url
Patched in >=4.5.1 <5.0.0 || >=5.3.1 <6.0.0 || >=6.0.1
Dependency of netlify-cli [dev]
Path netlify-cli > gh-release-fetch > download > got >
cacheable-request > normalize-url
More info https://npmjs.com/advisories/1755