-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NPM audit of Angular 13 project shows 17 high vulnerabilities #9818
Comments
NPM audit is not very sophisticated in what it thinks is an actual vulnerability i.e. code running on a users device/a live servers vs just running locally or building in CI pipelines. This blog post articulates some points on NPM audit quite well: https://overreacted.io/npm-audit-broken-by-design/ EDIT: Not saying to disregard the output completely. |
Can confirm the issue is on the async package - CVE-2021-43138
|
I'm running into this issue as well:
It's concerning that different |
Any update on this issue? It should be tackled with higher priority IMO. |
Looks like async got an update. After running |
|
This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context. |
Current Behavior
npm audit is delivering high severity vulns because of async package dependency which have to be updated.
Steps to Reproduce
Install nrwl angular to version: 13.10.1 and run npm audit.
Dependecy Tree:
Failure Logs
Environment
nx report
Node : 16.13.2
OS : win32 x64
npm : 8.6.0
nx : 13.10.1
@nrwl/angular : 13.10.1
@nrwl/cypress : 13.10.1
@nrwl/detox : Not Found
@nrwl/devkit : 13.10.1
@nrwl/eslint-plugin-nx : 13.10.1
@nrwl/express : Not Found
@nrwl/jest : 13.10.1
@nrwl/js : Not Found
@nrwl/linter : 13.10.1
@nrwl/nest : Not Found
@nrwl/next : Not Found
@nrwl/node : Not Found
@nrwl/nx-cloud : Not Found
@nrwl/nx-plugin : Not Found
@nrwl/react : Not Found
@nrwl/react-native : Not Found
@nrwl/schematics : Not Found
@nrwl/storybook : 13.10.1
@nrwl/web : Not Found
@nrwl/workspace : 13.10.1
typescript : 4.6.3
rxjs : 7.5.5
Community plugins:
@fortawesome/angular-fontawesome: 0.10.2
@ngrx/component-store: 13.0.1
@ngrx/effects: 13.0.1
@ngrx/entity: 13.0.1
@ngrx/router-store: 13.0.1
@ngrx/store: 13.0.1
@ngrx/store-devtools: 13.0.1
@compodoc/compodoc: 1.1.19
@testing-library/angular: 11.0.4
The text was updated successfully, but these errors were encountered: