Angular-cli: NPM Audit Failure - Compiler - v7.2.5
Hey guys,
Im not sure if this is under acceptable circumstances, we have reported an npm audit failure here:
https://github.com/angular/angular/issues/28796
Not sure if you guys are aware of it, tldr:
โ Low โ Regular Expression Denial of Service
โ Package โ braces
โ Patched in โ >=2.3.1
โ Dependency of โ @angular/compiler-cli [dev]
โ Path โ @angular/compiler-cli > chokidar > anymatch > micromatch > braces
โ More info โ https://npmjs.com/advisories/786
Adam-Kernig
All 3 comments
Heya, it sure is important that we are aware of these, so thank you for bringing it up. The main issue we're using to track it is https://github.com/angular/angular/issues/28771 because that package is part of that repository. We have a fix incoming in https://github.com/angular/angular/pull/28797.
filipesilva
on 18 Feb 2019
Closing as the fix for this has been released in @angular/compiler-cli v7.2.6
alan-agius4
on 25 Feb 2019
This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.
Read more about our automatic conversation locking policy.
_This action has been performed automatically by a bot._
![angular-automatic-lock-bot[bot] picture](https://avatars0.githubusercontent.com/in/40213?v=4&s=40)
angular-automatic-lock-bot[bot]
on 9 Sep 2019
Related issues
daBishMan
ยท
3Comments
naveedahmed1
ยท
3Comments
JanStureNielsen
ยท
3Comments
jmurphzyo
ยท
3Comments
rwillmer
ยท
3Comments
Most helpful comment
Heya, it sure is important that we are aware of these, so thank you for bringing it up. The main issue we're using to track it is https://github.com/angular/angular/issues/28771 because that package is part of that repository. We have a fix incoming in https://github.com/angular/angular/pull/28797.