However, as far as I can tell the latest version of @nx/angular (19.5.6) does not make use of this version yet in the above mentioned nested dependency tree.
Expected Behavior
No DoS vulnerability issues raised by nested dependency of @nx/angular
Suggestion
Make use of WS version @8.17.1 (or higher) in nested dependencies, since the vulnerability issue was resolved by that version
GitHub Repo
No response
Steps to Reproduce
Have @nx/angular as a dependency in your project
Make use of Snyk to be informed about the vulnerability
Current Behavior
WS, a nested dependency of @nx/angular, introduced a DoS vulnerability in version ws@8.17.0: https://github.com/advisories/GHSA-3h5v-q93c-6h6q
It appears that 2 weeks ago webpack-dev-server resolved the issue in their latest version 5.0.4: https://github.com/webpack/webpack-dev-server/pull/5241 package.json v5.0.4
However, as far as I can tell the latest version of @nx/angular (19.5.6) does not make use of this version yet in the above mentioned nested dependency tree.
Expected Behavior
No DoS vulnerability issues raised by nested dependency of @nx/angular
Suggestion
Make use of WS version @8.17.1 (or higher) in nested dependencies, since the vulnerability issue was resolved by that version
GitHub Repo
No response
Steps to Reproduce
Nx Report
Failure Logs
No response
Package Manager Version
No response
Operating System
Additional Information
No response