Closed atuzovic closed 1 year ago
Can you run npm ls @angular-devkit/build-angular
. Something seems to pull an old version.
@JeanMeche Sure, I did, and this is the output I got:
-- @angular-devkit/build-angular@16.2.0
Hi @arturovt, none of the above mentioned dependencies are direct dependencies of the Angular CLI or it's packages. Therefore this is not actionable from our end.
You can use npm ls <package-name>
to identify who is installing the dependency, it is also worth mentioning that it's important that periodically the package-lock file is maintained or freshly generated to keep it in sync. For instance in this case it might solve some or all of the above mentioned issues.
The audit report mentions @angular-devkit/build-angular
, because if you choose to run npm audit fix --force
an incompatible version will be installed which is likely due to incompatible peer dependencies.
@alan-agius4 You actually did provide resolution for this. We have previously removed node_modules and that did not help. However, after deleting package-lock.json and reinstalling packages, there are no more vulnerabilities present. Thank you!
This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.
Read more about our automatic conversation locking policy.
This action has been performed automatically by a bot.
Command
other
Is this a regression?
The previous version in which this bug was not present was
12
Description
When "npm audit" is done for project that has @angular-devkit/build-angular 16.2.0 as devDependency, following report is generated:
It's important to note that this is happening on only few of the projects, not all. What is confusing is that all projects have (or at least seems to have) same contents for angular.json and package.json.
Minimal Reproduction
npm audit
package.json contents:
{ "name": "app", "version": "0.0.0", "scripts": { "ng": "ng", "start": "echo . && ng serve --verbose", "build": "ng build", "test": "ng test" }, "private": true, "dependencies": { "@ag-grid-community/angular": "30.1.0", "@ag-grid-community/client-side-row-model": "30.1.0", "@ag-grid-community/core": "30.1.0", "@ag-grid-community/styles": "^30.1.0", "@angular/animations": "~16.2.2", "@angular/cdk": "^16.2.1", "@angular/common": "~16.2.2", "@angular/compiler": "~16.2.2", "@angular/core": "~16.2.2", "@angular/forms": "~16.2.2", "@angular/google-maps": "^16.2.1", "@angular/localize": "^16.2.2", "@angular/material": "^16.2.1", "@angular/platform-browser": "~16.2.2", "@angular/platform-browser-dynamic": "~16.2.2", "@angular/router": "~16.2.2", "@fortawesome/angular-fontawesome": "^0.13.0", "@fortawesome/fontawesome-svg-core": "^6.4.2", "@fortawesome/free-brands-svg-icons": "^6.4.2", "@fortawesome/pro-duotone-svg-icons": "^6.4.2", "@fortawesome/pro-light-svg-icons": "^6.4.2", "@fortawesome/pro-regular-svg-icons": "^6.4.2", "@fortawesome/pro-solid-svg-icons": "^6.4.2", "@fortawesome/pro-thin-svg-icons": "^6.4.2", "@ng-select/ng-select": "^11.1.1", "@ngbracket/ngx-layout": "^16.0.0", "@ngx-translate/core": "^15.0.0", "@tinymce/tinymce-angular": "^7.0.0", "ace-builds": "^1.24.1", "chart.js": "^4.4.0", "chartjs-adapter-dayjs-4": "^1.2.3", "cropperjs": "1.6.0", "d3-scale-chromatic": "^3.0.0", "dayjs": "^1.11.9", "lodash-es": "^4.17.21", "material-design-icons": "^3.0.1", "ng2-date-picker": "^16.0.0", "ng2-file-upload": "^5.0.0", "ngx-ace-wrapper": "^14.0.0", "ngx-color-picker": "^14.0.0", "ngx-json-viewer": "^3.2.1", "prismjs": "^1.29.0", "rxjs": "~7.8.1", "tinymce": "^6.6.2", "tslib": "^2.6.2", "zone.js": "~0.13.1" }, "devDependencies": { "@angular-devkit/build-angular": "^16.2.0", "@angular/cli": "^16.2.0", "@angular/compiler-cli": "^16.2.2", "@angular/language-service": "^16.2.2", "@types/d3": "^7.4.0", "@types/jasmine": "~4.3.5", "@types/lodash-es": "^4.17.8", "jasmine-core": "~5.1.1", "karma": "~6.4.2", "karma-chrome-launcher": "~3.2.0", "karma-coverage": "~2.2.1", "karma-jasmine": "~5.1.0", "karma-jasmine-html-reporter": "^2.1.0", "typescript": "~5.1.6" } }
Exception or Error
No response
Your Environment
Anything else relevant?
No response