Ran npm audit fix to quickly resolve 572 reported high-severity vulnerabilities
Ran audit-suggested npm install --save-dev @angular/compiler-cli@8.1.2 to resolve a Regular Expression Denial of Service (which then required updating TypeScript to 3.4.x for the compiler to run)
Ran audit-suggested npm install --save-dev karma@4.2.0 to resolve another Regular Expression Denial of Service
npm audit now finds zero vulnerabilities
After each change
verified no impact on npm test results (remains at 10 failures)
verified that navigable pages render the same as in master
The update of @angular/compiler-cli and TypeScript results in three more peer-dependency warnings on npm install for a total of five
@ngtools/webpack@7.3.9 wants a pre-8.x version of @angular/compiler-cli
@ngtools/webpack@7.3.9 wants a pre-3.3 version of typescript
@ngtools/webpack@7.3.9 is referenced by @angular-devkit/build-angular; updating this causes a schema validation failure on tests and runs, so not addressed
@angular/compiler-cli@8.1.2 wants a matching version of @angular/compiler
Updating @angular/compiler results in all tests failing and more peer-dependency warnings, so not addressed
Caseysch
commented
5 years ago
Fixes #28
npm audit fixto quickly resolve 572 reported high-severity vulnerabilitiesnpm install --save-dev @angular/compiler-cli@8.1.2to resolve a Regular Expression Denial of Service (which then required updating TypeScript to 3.4.x for the compiler to run)npm install --save-dev karma@4.2.0to resolve another Regular Expression Denial of Servicenpm auditnow finds zero vulnerabilitiesnpm testresults (remains at 10 failures)npm installfor a total of five