JTrotta
commented
3 years ago Also .netcore 2 1 is no loger supported . I updated everything to .net 5.0, included all the installed libraries with success.
Closed JTrotta closed 3 years ago
JTrotta
commented
3 years ago Also .netcore 2 1 is no loger supported . I updated everything to .net 5.0, included all the installed libraries with success.
lennykean
commented
3 years ago Also .netcore 2 1 is no loger supported . I updated everything to .net 5.0, included all the installed libraries with success.
Unfortunately, newer versions of .net have deprecated spa services. This would mean a major rework to the front end, which I don't have time to do. The solution also works with aws lambda, which is limited to 2.1 or 3.1
lennykean
commented
3 years ago In the latest release , the angular front end has been updated to use angular 11 and all the packages are up to date along with it.
It seems that Angular and some other libraries, need some updates. Using "npm audit", founds 22 vulerabilities (9 low, 8 moderate, 5 high) :
`# Run npm install --save-dev @angular-devkit/build-angular@0.1102.9 to resolve 12 vulnerabilities
Moderate Regular Expression Denial of Service
Package ssri
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > copy-webpack-plugin > cacache > ssri
More info https://npmjs.com/advisories/565
Moderate Regular Expression Denial of Service
Package ssri
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > uglifyjs-webpack-plugin > cacache > ssri
More info https://npmjs.com/advisories/565
Moderate Regular Expression Denial of Service
Package ssri
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack > uglifyjs-webpack-plugin > cacache > ssri
More info https://npmjs.com/advisories/565
Moderate Cross-Site Scripting
Package serialize-javascript
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > copy-webpack-plugin > serialize-javascript
More info https://npmjs.com/advisories/1426
Moderate Cross-Site Scripting
Package serialize-javascript
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > uglifyjs-webpack-plugin > serialize-javascript
More info https://npmjs.com/advisories/1426
Moderate Cross-Site Scripting
Package serialize-javascript
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack > uglifyjs-webpack-plugin > serialize-javascript
More info https://npmjs.com/advisories/1426
High Command Injection
Package tree-kill
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > @ngtools/webpack > tree-kill
More info https://npmjs.com/advisories/1432
High Command Injection
Package tree-kill
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > tree-kill
More info https://npmjs.com/advisories/1432
Low Prototype Pollution
Package yargs-parser
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack-dev-server > yargs > yargs-parser
More info https://npmjs.com/advisories/1500
High Remote Code Execution
Package serialize-javascript
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > copy-webpack-plugin > serialize-javascript
More info https://npmjs.com/advisories/1548
High Remote Code Execution
Package serialize-javascript
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > uglifyjs-webpack-plugin > serialize-javascript
More info https://npmjs.com/advisories/1548
High Remote Code Execution
Package serialize-javascript
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack > uglifyjs-webpack-plugin > serialize-javascript
More info https://npmjs.com/advisories/1548
Run npm install --save-dev @angular/cli@11.2.9 to resolve 4 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Regular Expression Denial of Service
Package ssri
Dependency of @angular/cli [dev]
Path @angular/cli > @schematics/update > npm-registry-client > ssri
More info https://npmjs.com/advisories/565
Low Prototype Pollution
Package yargs-parser
Dependency of @angular/cli [dev]
Path @angular/cli > yargs-parser
More info https://npmjs.com/advisories/1500
Low Sensitive Data Exposure
Package npm-registry-fetch
Dependency of @angular/cli [dev]
Path @angular/cli > pacote > npm-registry-fetch
More info https://npmjs.com/advisories/1544
Low Prototype Pollution
Package ini
Dependency of @angular/cli [dev]
Path @angular/cli > ini
More info https://npmjs.com/advisories/1589
Run npm install --save-dev @angular/compiler-cli@11.2.10 to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
Low Regular Expression Denial of Service
Package braces
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > anymatch > micromatch > braces
More info https://npmjs.com/advisories/786
Run npm install --save-dev karma@6.3.2 to resolve 3 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Low Regular Expression Denial of Service
Package braces
Dependency of karma [dev]
Path karma > expand-braces > braces
More info https://npmjs.com/advisories/786
Low Prototype Pollution
Package minimist
Dependency of karma [dev]
Path karma > optimist > minimist
More info https://npmjs.com/advisories/1179
Moderate Insecure Default Configuration
Package socket.io
Dependency of karma [dev]
Path karma > socket.io
More info https://npmjs.com/advisories/1609
Run npm install --save-dev protractor@7.0.0 to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
Low Prototype Pollution
Package yargs-parser
Dependency of protractor [dev]
Path protractor > yargs > yargs-parser
More info https://npmjs.com/advisories/1500
Run npm update ini --depth 3 to resolve 1 vulnerability
Low Prototype Pollution
Package ini
Dependency of protractor [dev]
Path protractor > webdriver-manager > ini
More info https://npmjs.com/advisories/1589
found 22 vulnerabilities (9 low, 8 moderate, 5 high) in 1252 scanned packages run
npm audit fixto fix 13 of them. 9 vulnerabilities require semver-major dependency updates.`