Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@angular-devkit/build-angular has webpack-dev-middleware dependency vunerability #33

Closed
joematthews opened this issue Mar 24, 2024 · 0 comments · Fixed by #43
Closed

@angular-devkit/build-angular has webpack-dev-middleware dependency vunerability #33

joematthews opened this issue Mar 24, 2024 · 0 comments · Fixed by #43
Labels
security Vunerabilities & security concerns tracking This will not be worked on

Comments

@joematthews
Copy link
Owner

joematthews commented Mar 24, 2024
edited
Loading

Tracking npm audit message:

webpack-dev-middleware  6.0.0 - 6.1.1
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@15.0.5, which is a breaking change
node_modules/webpack-dev-middleware
  @angular-devkit/build-angular  15.1.0-next.0 - 17.3.1
  Depends on vulnerable versions of webpack-dev-middleware
  node_modules/@angular-devkit/build-angular

GHSA-wr3j-pwj9-hqq6

npm audit fix --force would downgrade @angular-devkit/build-angular to version of 15 that is not affected, which is not acceptable.

Fixes are in place and will be release soon: angular/angular-cli#27334
@joematthews joematthews added tracking This will not be worked on security Vunerabilities & security concerns labels Mar 24, 2024
@joematthews joematthews changed the title @angular-devkit/build-angular has webpack dependency vunerability @angular-devkit/build-angular has webpack-dev-middleware dependency vunerability Mar 24, 2024
@joematthews joematthews mentioned this issue Apr 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Vunerabilities & security concerns tracking This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(update): run `ng update @angular/cdk @angular/cli @angular/core… joematthews/extreme-angular
1 participant
@joematthews