Angular-cli: NPM Audit failure - webpack-dev-server - NG 7.2

Created on 9 Jan 2019  ยท  6Comments  ยท  Source: angular/angular-cli

This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.

Bug Report or Feature Request (mark with an x)

- [X ] bug report

Versions

node: v8.11.3
npm: 6.5.0

Angular: 7.2.0

Package Version

@angular-devkit/architect 0.12.0
@angular-devkit/build-angular 0.12.0
@angular-devkit/build-ng-packagr 0.12.0
@angular-devkit/build-optimizer 0.12.0
@angular-devkit/build-webpack 0.12.0
@angular-devkit/core 7.2.0
@angular-devkit/schematics 7.2.0
@angular/cdk 7.2.1
@angular/cdk-experimental 7.2.1
@ngtools/json-schema 1.1.0
@ngtools/webpack 7.2.0
@schematics/angular 7.2.0
@schematics/update 0.12.0
ng-packagr 4.4.5
rxjs 6.3.3
typescript 3.2.2
webpack 4.23.1

macOS (High Sierra)

Repro steps

ng new audit-test
Would you like routing? Y or N
After NG installs itself you will receive:
_added 1167 packages from 1176 contributors and audited 39136 packages in 49.677s
found 1 high severity vulnerability_
run npm audit

The log given by the failure

โ”‚ High โ”‚ Missing Origin Validation โ”‚
โ”‚ Package โ”‚ webpack-dev-server โ”‚
โ”‚ Dependency of โ”‚ @angular-devkit/build-angular [dev] โ”‚
โ”‚ Path โ”‚ @angular-devkit/build-angular > webpack-dev-server โ”‚
โ”‚ More info โ”‚ https://nodesecurity.io/advisories/725 โ”‚

Desired functionality

Audit failure should not be there

Mention any other details that might be useful

This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.

devkibuild-angular critical security bufix
Source
picture Adam-Kernig
👍3

Most helpful comment

@angular/[email protected] and @angular-devkit/[email protected] are now released. Using these versions should remove the audit failure.

picture filipesilva on 9 Jan 2019
🎉4

All 6 comments

Hi all, we're looking at why this wasn't included in the 7.2 release and will probably do a new release with it later today.

For context, https://github.com/angular/angular-cli/issues/13342 was the main issue for this problem.

filipesilva picture filipesilva on 9 Jan 2019

@filipesilva thanks for looking into it, much appreciated!

Adam-Kernig picture Adam-Kernig on 9 Jan 2019

Fixed in 7.2.1

alexeagle picture alexeagle on 9 Jan 2019

@angular/[email protected] and @angular-devkit/[email protected] are now released. Using these versions should remove the audit failure.

filipesilva picture filipesilva on 9 Jan 2019
🎉4

@filipesilva Confirmed, I've performed an NG Update on a project, moving to 7.2.1 fix the issue.
Thanks for this.

Adam-Kernig picture Adam-Kernig on 10 Jan 2019

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_This action has been performed automatically by a bot._

angular-automatic-lock-bot[bot] picture angular-automatic-lock-bot[bot] on 9 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

daBishMan picture daBishMan  ยท  3Comments
delasteve picture delasteve  ยท  3Comments
JanStureNielsen picture JanStureNielsen  ยท  3Comments
jbeckton picture jbeckton  ยท  3Comments
ericel picture ericel  ยท  3Comments