search

hsouna / angular-app

0 stars 0 forks source link

npm audit found vulnerabilities #3

Closed github-actions[bot] closed 2 years ago

github-actions[bot] commented 2 years ago 
# npm audit report

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/ajv
node_modules/istanbul-instrumenter-loader/node_modules/ajv
  @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
  Depends on vulnerable versions of @angular-devkit/build-webpack
  Depends on vulnerable versions of @angular-devkit/core
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of copy-webpack-plugin
  Depends on vulnerable versions of istanbul-instrumenter-loader
  Depends on vulnerable versions of node-sass
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of terser-webpack-plugin
  Depends on vulnerable versions of webpack-dev-server
  node_modules/@angular-devkit/build-angular
  @angular-devkit/core  0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of chokidar
  node_modules/@angular-devkit/core
    @angular-devkit/architect  <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
    Depends on vulnerable versions of @angular-devkit/core
    node_modules/@angular-devkit/architect
      @angular/cli  1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
      Depends on vulnerable versions of @angular-devkit/architect
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of @angular-devkit/schematics
      Depends on vulnerable versions of @schematics/update
      Depends on vulnerable versions of ini
      Depends on vulnerable versions of inquirer
      Depends on vulnerable versions of pacote
      node_modules/@angular/cli
    @angular-devkit/build-webpack  <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
    Depends on vulnerable versions of @angular-devkit/core
    node_modules/@angular-devkit/build-webpack
    @angular-devkit/schematics  0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
    Depends on vulnerable versions of @angular-devkit/core
    node_modules/@angular-devkit/schematics
    @ngtools/webpack  6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
    Depends on vulnerable versions of @angular-devkit/core
    node_modules/@ngtools/webpack
    @schematics/angular  0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
    Depends on vulnerable versions of @angular-devkit/core
    node_modules/@schematics/angular
    @schematics/update  <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
    Depends on vulnerable versions of @angular-devkit/core
    Depends on vulnerable versions of ini
    Depends on vulnerable versions of pacote
    node_modules/@schematics/update
  schema-utils  <=0.4.3
  Depends on vulnerable versions of ajv
  node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
    istanbul-instrumenter-loader  >=3.0.0-beta.0
    Depends on vulnerable versions of schema-utils
    node_modules/istanbul-instrumenter-loader

ansi-html  *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/ansi-html
  webpack-dev-server  2.0.0-beta - 4.7.2
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of selfsigned
  Depends on vulnerable versions of sockjs
  Depends on vulnerable versions of yargs
  node_modules/webpack-dev-server
    @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
    Depends on vulnerable versions of @angular-devkit/build-webpack
    Depends on vulnerable versions of @angular-devkit/core
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of copy-webpack-plugin
    Depends on vulnerable versions of istanbul-instrumenter-loader
    Depends on vulnerable versions of node-sass
    Depends on vulnerable versions of postcss
    Depends on vulnerable versions of terser-webpack-plugin
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@angular-devkit/build-angular

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install @angular/cli@13.2.5, which is a breaking change
node_modules/@angular/compiler-cli/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/inquirer/node_modules/strip-ansi/node_modules/ansi-regex
node_modules/protractor/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/@angular/compiler-cli/node_modules/strip-ansi
  node_modules/inquirer/node_modules/string-width/node_modules/strip-ansi
  node_modules/inquirer/node_modules/strip-ansi
  node_modules/protractor/node_modules/cliui/node_modules/strip-ansi
  node_modules/protractor/node_modules/string-width/node_modules/strip-ansi
  node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi
  node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi
    cliui  4.0.0 - 5.0.0
    Depends on vulnerable versions of strip-ansi
    node_modules/protractor/node_modules/cliui
    node_modules/webpack-dev-server/node_modules/cliui
      yargs  8.0.0-candidate.0 - 15.0.0
      Depends on vulnerable versions of cliui
      Depends on vulnerable versions of os-locale
      Depends on vulnerable versions of yargs-parser
      node_modules/@angular/compiler-cli/node_modules/yargs
      node_modules/protractor/node_modules/yargs
      node_modules/webpack-dev-server/node_modules/yargs
        @angular/compiler-cli  5.0.0-beta.0 - 9.0.0-rc.14
        Depends on vulnerable versions of chokidar
        Depends on vulnerable versions of yargs
        node_modules/@angular/compiler-cli
        protractor  5.4.4
        Depends on vulnerable versions of yargs
        node_modules/protractor
        webpack-dev-server  2.0.0-beta - 4.7.2
        Depends on vulnerable versions of ansi-html
        Depends on vulnerable versions of chokidar
        Depends on vulnerable versions of selfsigned
        Depends on vulnerable versions of sockjs
        Depends on vulnerable versions of yargs
        node_modules/webpack-dev-server
          @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
          Depends on vulnerable versions of @angular-devkit/build-webpack
          Depends on vulnerable versions of @angular-devkit/core
          Depends on vulnerable versions of ajv
          Depends on vulnerable versions of copy-webpack-plugin
          Depends on vulnerable versions of istanbul-instrumenter-loader
          Depends on vulnerable versions of node-sass
          Depends on vulnerable versions of postcss
          Depends on vulnerable versions of terser-webpack-plugin
          Depends on vulnerable versions of webpack-dev-server
          node_modules/@angular-devkit/build-angular
    inquirer  3.2.0 - 7.0.4
    Depends on vulnerable versions of string-width
    Depends on vulnerable versions of strip-ansi
    node_modules/inquirer
      @angular/cli  1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
      Depends on vulnerable versions of @angular-devkit/architect
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of @angular-devkit/schematics
      Depends on vulnerable versions of @schematics/update
      Depends on vulnerable versions of ini
      Depends on vulnerable versions of inquirer
      Depends on vulnerable versions of pacote
      node_modules/@angular/cli
    string-width  2.1.0 - 4.1.0
    Depends on vulnerable versions of strip-ansi
    node_modules/@angular/compiler-cli/node_modules/string-width
    node_modules/inquirer/node_modules/string-width
    node_modules/protractor/node_modules/string-width
    node_modules/webpack-dev-server/node_modules/string-width

braces  <2.3.1
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/@angular/compiler-cli/node_modules/braces
node_modules/expand-braces/node_modules/braces
node_modules/karma/node_modules/braces
  expand-braces  *
  Depends on vulnerable versions of braces
  node_modules/expand-braces
    karma  <=6.3.13
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of expand-braces
    Depends on vulnerable versions of lodash
    Depends on vulnerable versions of optimist
    Depends on vulnerable versions of socket.io
    node_modules/karma
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/@angular/compiler-cli/node_modules/micromatch
  node_modules/karma/node_modules/micromatch
    anymatch  1.2.0 - 1.3.2
    Depends on vulnerable versions of micromatch
    node_modules/@angular/compiler-cli/node_modules/anymatch
    node_modules/karma/node_modules/anymatch
      chokidar  1.0.0-rc1 - 2.1.8
      Depends on vulnerable versions of anymatch
      Depends on vulnerable versions of glob-parent
      node_modules/@angular/compiler-cli/node_modules/chokidar
      node_modules/chokidar
      node_modules/karma/node_modules/chokidar
      node_modules/watchpack-chokidar2/node_modules/chokidar
        @angular-devkit/core  0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
        Depends on vulnerable versions of ajv
        Depends on vulnerable versions of chokidar
        node_modules/@angular-devkit/core
          @angular-devkit/architect  <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
          Depends on vulnerable versions of @angular-devkit/core
          node_modules/@angular-devkit/architect
            @angular/cli  1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
            Depends on vulnerable versions of @angular-devkit/architect
            Depends on vulnerable versions of @angular-devkit/core
            Depends on vulnerable versions of @angular-devkit/schematics
            Depends on vulnerable versions of @schematics/update
            Depends on vulnerable versions of ini
            Depends on vulnerable versions of inquirer
            Depends on vulnerable versions of pacote
            node_modules/@angular/cli
          @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
          Depends on vulnerable versions of @angular-devkit/build-webpack
          Depends on vulnerable versions of @angular-devkit/core
          Depends on vulnerable versions of ajv
          Depends on vulnerable versions of copy-webpack-plugin
          Depends on vulnerable versions of istanbul-instrumenter-loader
          Depends on vulnerable versions of node-sass
          Depends on vulnerable versions of postcss
          Depends on vulnerable versions of terser-webpack-plugin
          Depends on vulnerable versions of webpack-dev-server
          node_modules/@angular-devkit/build-angular
          @angular-devkit/build-webpack  <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
          Depends on vulnerable versions of @angular-devkit/core
          node_modules/@angular-devkit/build-webpack
          @angular-devkit/schematics  0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
          Depends on vulnerable versions of @angular-devkit/core
          node_modules/@angular-devkit/schematics
          @ngtools/webpack  6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
          Depends on vulnerable versions of @angular-devkit/core
          node_modules/@ngtools/webpack
          @schematics/angular  0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
          Depends on vulnerable versions of @angular-devkit/core
          node_modules/@schematics/angular
          @schematics/update  <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
          Depends on vulnerable versions of @angular-devkit/core
          Depends on vulnerable versions of ini
          Depends on vulnerable versions of pacote
          node_modules/@schematics/update
        @angular/compiler-cli  5.0.0-beta.0 - 9.0.0-rc.14
        Depends on vulnerable versions of chokidar
        Depends on vulnerable versions of yargs
        node_modules/@angular/compiler-cli
        watchpack-chokidar2  *
        Depends on vulnerable versions of chokidar
        node_modules/watchpack-chokidar2
          watchpack  1.7.2 - 1.7.5
          Depends on vulnerable versions of watchpack-chokidar2
          node_modules/watchpack
        webpack-dev-server  2.0.0-beta - 4.7.2
        Depends on vulnerable versions of ansi-html
        Depends on vulnerable versions of chokidar
        Depends on vulnerable versions of selfsigned
        Depends on vulnerable versions of sockjs
        Depends on vulnerable versions of yargs
        node_modules/webpack-dev-server

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist

debug  <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/engine.io-client/node_modules/debug
node_modules/engine.io/node_modules/debug
node_modules/socket.io-adapter/node_modules/debug
node_modules/socket.io-client/node_modules/debug
node_modules/socket.io-parser/node_modules/debug
node_modules/socket.io/node_modules/debug
  engine.io  <=4.0.0-alpha.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of ws
  node_modules/engine.io
    socket.io  <=2.4.1
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io
      karma  <=6.3.13
      Depends on vulnerable versions of chokidar
      Depends on vulnerable versions of expand-braces
      Depends on vulnerable versions of lodash
      Depends on vulnerable versions of optimist
      Depends on vulnerable versions of socket.io
      node_modules/karma
  engine.io-client  <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of parsejson
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  1.0.0-pre - 2.1.1
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io-client
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io-client
  socket.io-adapter  <=1.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of socket.io-parser
  node_modules/socket.io-adapter
  socket.io-parser  <=3.3.1
  Depends on vulnerable versions of debug
  node_modules/socket.io-parser

dns-packet  <1.3.2
Severity: high
Potential memory exposure in dns-packet - https://github.com/advisories/GHSA-3wcq-x3mq-6r9p
fix available via `npm audit fix`
node_modules/dns-packet

elliptic  <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
fix available via `npm audit fix`
node_modules/elliptic

engine.io  <=4.0.0-alpha.1
Severity: high
Resource exhaustion in engine.io  - https://github.com/advisories/GHSA-j4f2-536g-r55m
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/engine.io
  socket.io  <=2.4.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of engine.io
  Depends on vulnerable versions of socket.io-parser
  node_modules/socket.io
    karma  <=6.3.13
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of expand-braces
    Depends on vulnerable versions of lodash
    Depends on vulnerable versions of optimist
    Depends on vulnerable versions of socket.io
    node_modules/karma

follow-redirects  <=1.14.7
Severity: high
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
fix available via `npm audit fix`
node_modules/follow-redirects

glob-parent  <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @angular/compiler-cli@13.2.4, which is a breaking change
node_modules/@angular/compiler-cli/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
node_modules/karma/node_modules/glob-parent
node_modules/watchpack/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of anymatch
  Depends on vulnerable versions of glob-parent
  node_modules/@angular/compiler-cli/node_modules/chokidar
  node_modules/chokidar
  node_modules/karma/node_modules/chokidar
  node_modules/watchpack-chokidar2/node_modules/chokidar
    @angular-devkit/core  0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of chokidar
    node_modules/@angular-devkit/core
      @angular-devkit/architect  <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
      Depends on vulnerable versions of @angular-devkit/core
      node_modules/@angular-devkit/architect
        @angular/cli  1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
        Depends on vulnerable versions of @angular-devkit/architect
        Depends on vulnerable versions of @angular-devkit/core
        Depends on vulnerable versions of @angular-devkit/schematics
        Depends on vulnerable versions of @schematics/update
        Depends on vulnerable versions of ini
        Depends on vulnerable versions of inquirer
        Depends on vulnerable versions of pacote
        node_modules/@angular/cli
      @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
      Depends on vulnerable versions of @angular-devkit/build-webpack
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of copy-webpack-plugin
      Depends on vulnerable versions of istanbul-instrumenter-loader
      Depends on vulnerable versions of node-sass
      Depends on vulnerable versions of postcss
      Depends on vulnerable versions of terser-webpack-plugin
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular
      @angular-devkit/build-webpack  <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
      Depends on vulnerable versions of @angular-devkit/core
      node_modules/@angular-devkit/build-webpack
      @angular-devkit/schematics  0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
      Depends on vulnerable versions of @angular-devkit/core
      node_modules/@angular-devkit/schematics
      @ngtools/webpack  6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
      Depends on vulnerable versions of @angular-devkit/core
      node_modules/@ngtools/webpack
      @schematics/angular  0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
      Depends on vulnerable versions of @angular-devkit/core
      node_modules/@schematics/angular
      @schematics/update  <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of ini
      Depends on vulnerable versions of pacote
      node_modules/@schematics/update
    @angular/compiler-cli  5.0.0-beta.0 - 9.0.0-rc.14
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of yargs
    node_modules/@angular/compiler-cli
    karma  <=6.3.13
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of expand-braces
    Depends on vulnerable versions of lodash
    Depends on vulnerable versions of optimist
    Depends on vulnerable versions of socket.io
    node_modules/karma
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of ansi-html
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    Depends on vulnerable versions of sockjs
    Depends on vulnerable versions of yargs
    node_modules/webpack-dev-server
  copy-webpack-plugin  4.3.0 - 5.1.2
  Depends on vulnerable versions of glob-parent
  Depends on vulnerable versions of serialize-javascript
  node_modules/copy-webpack-plugin
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob
      micromatch  0.2.0 - 2.3.11
      Depends on vulnerable versions of braces
      Depends on vulnerable versions of parse-glob
      node_modules/@angular/compiler-cli/node_modules/micromatch
      node_modules/karma/node_modules/micromatch
        anymatch  1.2.0 - 1.3.2
        Depends on vulnerable versions of micromatch
        node_modules/@angular/compiler-cli/node_modules/anymatch
        node_modules/karma/node_modules/anymatch

handlebars  <4.7.7
Severity: critical
Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
fix available via `npm audit fix`
node_modules/handlebars

hosted-git-info  <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/hosted-git-info

ini  <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix --force`
Will install @angular/cli@13.2.5, which is a breaking change
node_modules/ini
  @angular/cli  1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
  Depends on vulnerable versions of @angular-devkit/architect
  Depends on vulnerable versions of @angular-devkit/core
  Depends on vulnerable versions of @angular-devkit/schematics
  Depends on vulnerable versions of @schematics/update
  Depends on vulnerable versions of ini
  Depends on vulnerable versions of inquirer
  Depends on vulnerable versions of pacote
  node_modules/@angular/cli
  @schematics/update  <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
  Depends on vulnerable versions of @angular-devkit/core
  Depends on vulnerable versions of ini
  Depends on vulnerable versions of pacote
  node_modules/@schematics/update

json-schema  <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/jsprim

jszip  <3.7.0
Severity: moderate
Prototype Pollution - https://github.com/advisories/GHSA-jg8v-48h5-wgxg
fix available via `npm audit fix`
node_modules/jszip

karma  <=6.3.13
Severity: critical
Cross-site Scripting in karma - https://github.com/advisories/GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/karma

lodash  <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Prototype pollution in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/karma/node_modules/lodash
node_modules/lodash
  karma  <=6.3.13
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of expand-braces
  Depends on vulnerable versions of lodash
  Depends on vulnerable versions of optimist
  Depends on vulnerable versions of socket.io
  node_modules/karma

log4js  <6.4.0
Severity: moderate
Incorrect Default Permissions in log4js - https://github.com/advisories/GHSA-82v2-mx6x-wq7q
fix available via `npm audit fix`
node_modules/log4js

marked  <4.0.10
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
fix available via `npm audit fix --force`
Will install marked@4.0.12, which is a breaking change
node_modules/marked

mem  <4.0.0
Severity: moderate
Denial of Service in mem - https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
fix available via `npm audit fix --force`
Will install @angular/compiler-cli@13.2.4, which is a breaking change
node_modules/@angular/compiler-cli/node_modules/mem
  os-locale  2.0.0 - 3.0.0
  Depends on vulnerable versions of mem
  node_modules/@angular/compiler-cli/node_modules/os-locale
    yargs  8.0.0-candidate.0 - 15.0.0
    Depends on vulnerable versions of cliui
    Depends on vulnerable versions of os-locale
    Depends on vulnerable versions of yargs-parser
    node_modules/@angular/compiler-cli/node_modules/yargs
    node_modules/protractor/node_modules/yargs
    node_modules/webpack-dev-server/node_modules/yargs
      @angular/compiler-cli  5.0.0-beta.0 - 9.0.0-rc.14
      Depends on vulnerable versions of chokidar
      Depends on vulnerable versions of yargs
      node_modules/@angular/compiler-cli
      protractor  5.4.4
      Depends on vulnerable versions of yargs
      node_modules/protractor
      webpack-dev-server  2.0.0-beta - 4.7.2
      Depends on vulnerable versions of ansi-html
      Depends on vulnerable versions of chokidar
      Depends on vulnerable versions of selfsigned
      Depends on vulnerable versions of sockjs
      Depends on vulnerable versions of yargs
      node_modules/webpack-dev-server
        @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
        Depends on vulnerable versions of @angular-devkit/build-webpack
        Depends on vulnerable versions of @angular-devkit/core
        Depends on vulnerable versions of ajv
        Depends on vulnerable versions of copy-webpack-plugin
        Depends on vulnerable versions of istanbul-instrumenter-loader
        Depends on vulnerable versions of node-sass
        Depends on vulnerable versions of postcss
        Depends on vulnerable versions of terser-webpack-plugin
        Depends on vulnerable versions of webpack-dev-server
        node_modules/@angular-devkit/build-angular

minimist  <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/optimist/node_modules/minimist
  optimist  >=0.6.0
  Depends on vulnerable versions of minimist
  node_modules/optimist
    karma  <=6.3.13
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of expand-braces
    Depends on vulnerable versions of lodash
    Depends on vulnerable versions of optimist
    Depends on vulnerable versions of socket.io
    node_modules/karma

node-forge  <1.0.0
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of ansi-html
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    Depends on vulnerable versions of sockjs
    Depends on vulnerable versions of yargs
    node_modules/webpack-dev-server
      @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
      Depends on vulnerable versions of @angular-devkit/build-webpack
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of copy-webpack-plugin
      Depends on vulnerable versions of istanbul-instrumenter-loader
      Depends on vulnerable versions of node-sass
      Depends on vulnerable versions of postcss
      Depends on vulnerable versions of terser-webpack-plugin
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular

node-sass  2.0.0 - 6.0.1
Severity: high
Improper Certificate Validation in node-sass - https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/node-sass
  @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
  Depends on vulnerable versions of @angular-devkit/build-webpack
  Depends on vulnerable versions of @angular-devkit/core
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of copy-webpack-plugin
  Depends on vulnerable versions of istanbul-instrumenter-loader
  Depends on vulnerable versions of node-sass
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of terser-webpack-plugin
  Depends on vulnerable versions of webpack-dev-server
  node_modules/@angular-devkit/build-angular

npm-registry-fetch  <4.0.5
Severity: moderate
Sensitive information exposure through logs in npm-registry-fetch - https://github.com/advisories/GHSA-jmqm-f2gx-4fjv
fix available via `npm audit fix --force`
Will install @angular/cli@13.2.5, which is a breaking change
node_modules/npm-registry-fetch
  pacote  9.0.0 - 9.5.2
  Depends on vulnerable versions of npm-registry-fetch
  node_modules/pacote
    @angular/cli  1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
    Depends on vulnerable versions of @angular-devkit/architect
    Depends on vulnerable versions of @angular-devkit/core
    Depends on vulnerable versions of @angular-devkit/schematics
    Depends on vulnerable versions of @schematics/update
    Depends on vulnerable versions of ini
    Depends on vulnerable versions of inquirer
    Depends on vulnerable versions of pacote
    node_modules/@angular/cli
    @schematics/update  <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
    Depends on vulnerable versions of @angular-devkit/core
    Depends on vulnerable versions of ini
    Depends on vulnerable versions of pacote
    node_modules/@schematics/update

parsejson  *
Severity: high
Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp
fix available via `npm audit fix`
node_modules/parsejson
  engine.io-client  <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of parsejson
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  1.0.0-pre - 2.1.1
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io-client
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io-client

path-parse  <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse

postcss  <=7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/postcss
  @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
  Depends on vulnerable versions of @angular-devkit/build-webpack
  Depends on vulnerable versions of @angular-devkit/core
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of copy-webpack-plugin
  Depends on vulnerable versions of istanbul-instrumenter-loader
  Depends on vulnerable versions of node-sass
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of terser-webpack-plugin
  Depends on vulnerable versions of webpack-dev-server
  node_modules/@angular-devkit/build-angular

serialize-javascript  <3.1.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/serialize-javascript
  copy-webpack-plugin  4.3.0 - 5.1.2
  Depends on vulnerable versions of glob-parent
  Depends on vulnerable versions of serialize-javascript
  node_modules/copy-webpack-plugin
    @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
    Depends on vulnerable versions of @angular-devkit/build-webpack
    Depends on vulnerable versions of @angular-devkit/core
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of copy-webpack-plugin
    Depends on vulnerable versions of istanbul-instrumenter-loader
    Depends on vulnerable versions of node-sass
    Depends on vulnerable versions of postcss
    Depends on vulnerable versions of terser-webpack-plugin
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@angular-devkit/build-angular
  terser-webpack-plugin  <=1.4.3 || 2.0.0 - 2.3.5
  Depends on vulnerable versions of serialize-javascript
  node_modules/terser-webpack-plugin

shelljs  <0.8.5
Severity: moderate
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-64g7-mvw6-v9qj
fix available via `npm audit fix`
node_modules/shelljs

socket.io  <=2.4.1
Severity: high
Insecure defaults due to CORS misconfiguration in socket.io - https://github.com/advisories/GHSA-fxwf-4rqh-v8g3
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/socket.io
  karma  <=6.3.13
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of expand-braces
  Depends on vulnerable versions of lodash
  Depends on vulnerable versions of optimist
  Depends on vulnerable versions of socket.io
  node_modules/karma

socket.io-parser  <=3.3.1
Severity: high
Resource exhaustion in socket.io-parser - https://github.com/advisories/GHSA-xfhh-g9f5-x4m4
Depends on vulnerable versions of debug
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/socket.io-parser
  socket.io  <=2.4.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of engine.io
  Depends on vulnerable versions of socket.io-parser
  node_modules/socket.io
    karma  <=6.3.13
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of expand-braces
    Depends on vulnerable versions of lodash
    Depends on vulnerable versions of optimist
    Depends on vulnerable versions of socket.io
    node_modules/karma
  socket.io-adapter  <=1.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of socket.io-parser
  node_modules/socket.io-adapter
  socket.io-client  1.0.0-pre - 2.1.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of engine.io-client
  Depends on vulnerable versions of socket.io-parser
  node_modules/socket.io-client

sockjs  <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/sockjs
  webpack-dev-server  2.0.0-beta - 4.7.2
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of selfsigned
  Depends on vulnerable versions of sockjs
  Depends on vulnerable versions of yargs
  node_modules/webpack-dev-server
    @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
    Depends on vulnerable versions of @angular-devkit/build-webpack
    Depends on vulnerable versions of @angular-devkit/core
    Depends on vulnerable versions of ajv
    Depends on vulnerable versions of copy-webpack-plugin
    Depends on vulnerable versions of istanbul-instrumenter-loader
    Depends on vulnerable versions of node-sass
    Depends on vulnerable versions of postcss
    Depends on vulnerable versions of terser-webpack-plugin
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@angular-devkit/build-angular

ssri  5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/ssri

tar  <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/pacote/node_modules/tar
node_modules/tar
  node-gyp  <=3.8.0
  Depends on vulnerable versions of tar
  node_modules/node-gyp
    node-sass  2.0.0 - 6.0.1
    Depends on vulnerable versions of meow
    Depends on vulnerable versions of node-gyp
    node_modules/node-sass
      @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
      Depends on vulnerable versions of @angular-devkit/build-webpack
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of copy-webpack-plugin
      Depends on vulnerable versions of istanbul-instrumenter-loader
      Depends on vulnerable versions of node-sass
      Depends on vulnerable versions of postcss
      Depends on vulnerable versions of terser-webpack-plugin
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular

trim-newlines  <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@13.2.5, which is a breaking change
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow
    node-sass  2.0.0 - 6.0.1
    Depends on vulnerable versions of meow
    Depends on vulnerable versions of node-gyp
    node_modules/node-sass
      @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
      Depends on vulnerable versions of @angular-devkit/build-webpack
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of copy-webpack-plugin
      Depends on vulnerable versions of istanbul-instrumenter-loader
      Depends on vulnerable versions of node-sass
      Depends on vulnerable versions of postcss
      Depends on vulnerable versions of terser-webpack-plugin
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular

url-parse  <=1.5.7
Severity: high
Open redirect in url-parse - https://github.com/advisories/GHSA-hh27-ffr2-f2jc
Path traversal in url-parse - https://github.com/advisories/GHSA-9m6j-fcg5-2442
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-8v38-pw62-9cw2
fix available via `npm audit fix`
node_modules/url-parse

ws  <=1.1.4
Severity: high
Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm
fix available via `npm audit fix --force`
Will install karma@6.3.16, which is a breaking change
node_modules/ws
  engine.io  <=4.0.0-alpha.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of ws
  node_modules/engine.io
    socket.io  <=2.4.1
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io
      karma  <=6.3.13
      Depends on vulnerable versions of chokidar
      Depends on vulnerable versions of expand-braces
      Depends on vulnerable versions of lodash
      Depends on vulnerable versions of optimist
      Depends on vulnerable versions of socket.io
      node_modules/karma
  engine.io-client  <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of parsejson
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  1.0.0-pre - 2.1.1
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io-client
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io-client

xmlhttprequest-ssl  <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
fix available via `npm audit fix`
node_modules/xmlhttprequest-ssl
  engine.io-client  <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of parsejson
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  1.0.0-pre - 2.1.1
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io-client
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io-client

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install @angular/compiler-cli@13.2.4, which is a breaking change
node_modules/@angular/compiler-cli/node_modules/yargs-parser
node_modules/protractor/node_modules/yargs-parser
node_modules/webpack-dev-server/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 15.0.0
  Depends on vulnerable versions of cliui
  Depends on vulnerable versions of os-locale
  Depends on vulnerable versions of yargs-parser
  node_modules/@angular/compiler-cli/node_modules/yargs
  node_modules/protractor/node_modules/yargs
  node_modules/webpack-dev-server/node_modules/yargs
    @angular/compiler-cli  5.0.0-beta.0 - 9.0.0-rc.14
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of yargs
    node_modules/@angular/compiler-cli
    protractor  5.4.4
    Depends on vulnerable versions of yargs
    node_modules/protractor
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of ansi-html
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    Depends on vulnerable versions of sockjs
    Depends on vulnerable versions of yargs
    node_modules/webpack-dev-server
      @angular-devkit/build-angular  <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
      Depends on vulnerable versions of @angular-devkit/build-webpack
      Depends on vulnerable versions of @angular-devkit/core
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of copy-webpack-plugin
      Depends on vulnerable versions of istanbul-instrumenter-loader
      Depends on vulnerable versions of node-sass
      Depends on vulnerable versions of postcss
      Depends on vulnerable versions of terser-webpack-plugin
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular

79 vulnerabilities (6 low, 33 moderate, 35 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force