Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM Audit failure - webpack-dev-server - NG 7.2 #13387

Closed
Adam-Kernig opened this issue Jan 9, 2019 · 6 comments
Closed

NPM Audit failure - webpack-dev-server - NG 7.2 #13387

Adam-Kernig opened this issue Jan 9, 2019 · 6 comments
Labels
area: devkit/build-angular freq4: critical Happens to many users every day severity6: security type: bug/fix
Milestone
Backlog

Comments

@Adam-Kernig
Copy link

Adam-Kernig commented Jan 9, 2019
edited

This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.

Bug Report or Feature Request (mark with an x)

- [X ] bug report

Versions

node: v8.11.3
npm: 6.5.0

Angular: 7.2.0
Package Version

@angular-devkit/architect 0.12.0
@angular-devkit/build-angular 0.12.0
@angular-devkit/build-ng-packagr 0.12.0
@angular-devkit/build-optimizer 0.12.0
@angular-devkit/build-webpack 0.12.0
@angular-devkit/core 7.2.0
@angular-devkit/schematics 7.2.0
@angular/cdk 7.2.1
@angular/cdk-experimental 7.2.1
@ngtools/json-schema 1.1.0
@ngtools/webpack 7.2.0
@schematics/angular 7.2.0
@schematics/update 0.12.0
ng-packagr 4.4.5
rxjs 6.3.3
typescript 3.2.2
webpack 4.23.1

macOS (High Sierra)

Repro steps

ng new audit-test
Would you like routing? Y or N
After NG installs itself you will receive:
added 1167 packages from 1176 contributors and audited 39136 packages in 49.677s
found 1 high severity vulnerability
run npm audit

The log given by the failure

│ High │ Missing Origin Validation │
│ Package │ webpack-dev-server │
│ Dependency of │ @angular-devkit/build-angular [dev] │
│ Path │ @angular-devkit/build-angular > webpack-dev-server │
│ More info │ https://nodesecurity.io/advisories/725

Desired functionality

Audit failure should not be there

Mention any other details that might be useful

This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.
@filipesilva
Copy link
Contributor

filipesilva commented Jan 9, 2019
edited

Hi all, we're looking at why this wasn't included in the 7.2 release and will probably do a new release with it later today.

For context, #13342 was the main issue for this problem.

@ngbot ngbot bot added this to the Backlog milestone Jan 9, 2019
@filipesilva filipesilva pinned this issue Jan 9, 2019
@Adam-Kernig
Copy link
Author

@filipesilva thanks for looking into it, much appreciated!

@LTiger14 LTiger14 mentioned this issue Jan 9, 2019
Closed
@alexeagle
Copy link
Contributor

Fixed in 7.2.1

@filipesilva
Copy link
Contributor

filipesilva commented Jan 9, 2019
edited

@angular/cli@7.2.1 and @angular-devkit/build-angular@0.12.1 are now released. Using these versions should remove the audit failure.

@mgechev mgechev unpinned this issue Jan 9, 2019
@Adam-Kernig
Copy link
Author

@filipesilva Confirmed, I've performed an NG Update on a project, moving to 7.2.1 fix the issue.
Thanks for this.

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Sep 9, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area: devkit/build-angular freq4: critical Happens to many users every day severity6: security type: bug/fix
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@alexeagle @filipesilva @Adam-Kernig