Angular-cli: Moderate vulnerability in `@angular-devkit/build-angular` deps

Created on 7 Mar 2020  路  6Comments  路  Source: angular/angular-cli

Dear,

NPM audit report a moderate vulnerability in dev-dependency @angular-devkit/build-angular
I am not sure if angular/cli is affected :)

> npm audit --registry https://registry.npmjs.org/


                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Regular Expression Denial of Service

  Package         acorn

  Patched in      >=7.1.1

  Dependency of   @angular-devkit/build-angular [dev]

  Path            @angular-devkit/build-angular > webpack > acorn

  More info       https://npmjs.com/advisories/1488

found 1 moderate severity vulnerability in 23729 scanned packages
  1 vulnerability requires manual review. See the full report for details.

NPM Advisory: https://npmjs.com/advisories/1488
Remediation: Upgrade acorn to version 7.1.1 or later.

Thank you in advance,
Mo

blocked devkibuild-angular high security bufix
Source
picture mboughaba
👍3 🚀1

All 6 comments

might be a dupe of #15019 or #15021

mboughaba picture mboughaba on 7 Mar 2020

same problem, also i'm getting this:
[email protected] requires a peer of ajv@^6.9.1 but none is installed
I think that webpack package is broken or something...

lumyslinski picture lumyslinski on 7 Mar 2020
👍1

Hi @mboughaba, thanks for reporting this. This is however blocked until it's fixed upstream by Webpack.

Issue: https://github.com/webpack/webpack/issues/10516

alan-agius4 picture alan-agius4 on 9 Mar 2020
👍1

NPM Audit is now able to auto-fix the dependency: [email protected] 鉃★笍 [email protected] 馃帀

mboughaba picture mboughaba on 9 Mar 2020
👍1

Closing as per above and https://github.com/webpack/webpack/issues/10516#issuecomment-596513180

alan-agius4 picture alan-agius4 on 10 Mar 2020

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_This action has been performed automatically by a bot._

angular-automatic-lock-bot[bot] picture angular-automatic-lock-bot[bot] on 10 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sysmat picture sysmat  路  3Comments
MateenKadwaikar picture MateenKadwaikar  路  3Comments
delasteve picture delasteve  路  3Comments
purushottamjha picture purushottamjha  路  3Comments
gotschmarcel picture gotschmarcel  路  3Comments