Angular-cli: "The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated."

Dupe of https://github.com/angular/angular-cli/issues/8534

@clydin I had updated @angular/cli under an hour prior to posting this, but notice a few people saying the issue was resolved.

I updated @angular/cli to 1.5.2, removed node_modules, installed all again, still installed old handlebars version.

Is there an workaround for now?

CLI 1.5.2 doesn't fix it. However here has been a fix - not sure what release it will surface in, 1.5.3 perhaps

@brunolm this has been my workaround.

@YajJackson It will only change .lock this time, and will become back in next time when npm install.
Not suggest to do that.

@angular/cli 1.5.3 fixes it. https://github.com/angular/angular-cli/commits/v1.5.3

• Delete node_modules
• npm i -D @angular/[email protected]
• npm i

https://github.com/brunolm/angular-how-to/pull/8

Duplicate of #8521, fixed by #8535.

I have tried Brunolm's solution, but when I run Angular (ng serve), it fails to compile, the only logs I see:

ERROR in ./src/client/main.ts
Module build failed: [object Object]
@ multi webpack-dev-server/client?http://0.0.0.0:0 ./src/client/main.ts
ERROR in ./src/client/polyfills.ts
Module build failed: [object Object]
@ multi ./src/client/polyfills.ts

webpack: Failed to compile.

The old version of angular CLI was 1.1.0

Tried with angular CLI 1.5.3 (locally and globally)
And another try with angular CLI 1.6.0 (locally and globally)

I have also tried to follow migration guide, compared versions in package.json as described here, but with no luck, the same error.

I took a list of dependencies from migration guide, if you need some more info, just let me know.
Current versions

dependencies:

@angular: 4.3.6
core-js: 2.5.3
rxjs: 5.5.5
zone.js: 0.8.4

devDependencies:

@angular/cli: 1.6.0
@angular/compiler-cli: 4.3.6
@types/jasmine: 2.5.45
@types/node: 6.0.93
codelyzer: 3.2.2
jasmine-core: 2.8.0
jasmine-spec-reporter: 4.2.1
karma: 1.7.1
karma-chrome-launcher: 2.2.0
karma-cli: 1.0.1
karma-jasmine: 1.1.1
karma-jasmine-html-reporter: 0.2.2
karma-coverage-istanbul-reporter: 1.3.0
protractor: 5.2.1
ts-node: 3.3.0
tslint: 5.8.0
typescript: 2.6.1

I got these errors deploying React applications to github. Most of the issues were in the package-lock.json file. I use npm to build and run my React apps. There is a handy tool called 'npm-check'. Installing and running 'npm-check' will list outdated dependency libraries along with the npm commands to get the latest version. Its pretty cool. I updated my outdated scripts and that resolved the issue.

This post is a bit old but for those that come upon it and look for threads here you are.
Stack overflow won't let me share this until I get a 50 rep and that hasn't happened in
3 years since the new assholes took over and made it all about popularity.

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{_This action has been performed automatically by a bot._}