search

angular / angular-cli

CLI tool for Angular
https://cli.angular.io
MIT License
26.73k stars 11.98k forks source link

Npm audit object-path vulnerability #19163

Closed siegklenes closed 3 years ago

siegklenes commented 3 years ago

🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑

Angular CLI: 10.1.7 Node: 10.22.0 OS: linux x64

Angular: 10.1.6 ... animations, common, compiler, compiler-cli, core, forms ... platform-browser, platform-browser-dynamic, router Ivy Workspace: Yes

Package Version

@angular-devkit/architect 0.1001.7 @angular-devkit/build-angular 0.1001.7 @angular-devkit/core 10.1.7 @angular-devkit/schematics 10.1.7 @angular/cli 10.1.7 @schematics/angular 10.1.7 @schematics/update 0.1001.7 rxjs 6.6.3 typescript 4.0.2

npm audit

                   === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ object-path │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=0.11.5 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ @angular-devkit/build-angular [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ @angular-devkit/build-angular > resolve-url-loader > │ │ │ adjust-sourcemap-loader > object-path │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1573 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 high severity vulnerability in 1350 scanned packages 1 vulnerability requires manual review. See the full report for details.

🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑

alan-agius4 commented 3 years ago

Duplicate of #19139, #19160, #19153 and #19155

angular-automatic-lock-bot[bot] commented 3 years ago

This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.