NPM Audit failure - webpack-dev-server - NG 7.2 #13387
Labels
area: devkit/build-angular
freq4: critical
Happens to many users every day
severity6: security
type: bug/fix
Milestone
This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.
Bug Report or Feature Request (mark with an
x
)Versions
node: v8.11.3
npm: 6.5.0
Angular: 7.2.0
Package Version
@angular-devkit/architect 0.12.0
@angular-devkit/build-angular 0.12.0
@angular-devkit/build-ng-packagr 0.12.0
@angular-devkit/build-optimizer 0.12.0
@angular-devkit/build-webpack 0.12.0
@angular-devkit/core 7.2.0
@angular-devkit/schematics 7.2.0
@angular/cdk 7.2.1
@angular/cdk-experimental 7.2.1
@ngtools/json-schema 1.1.0
@ngtools/webpack 7.2.0
@schematics/angular 7.2.0
@schematics/update 0.12.0
ng-packagr 4.4.5
rxjs 6.3.3
typescript 3.2.2
webpack 4.23.1
macOS (High Sierra)
Repro steps
ng new audit-test
Would you like routing? Y or N
After NG installs itself you will receive:
added 1167 packages from 1176 contributors and audited 39136 packages in 49.677s
found 1 high severity vulnerability
run npm audit
The log given by the failure
│ High │ Missing Origin Validation │
│ Package │ webpack-dev-server │
│ Dependency of │ @angular-devkit/build-angular [dev] │
│ Path │ @angular-devkit/build-angular > webpack-dev-server │
│ More info │ https://nodesecurity.io/advisories/725 │
Desired functionality
Audit failure should not be there
Mention any other details that might be useful
This has been resolved I believe in the 7.1.x branches, I guess it just needs applying to the 7.2 branches.
The text was updated successfully, but these errors were encountered: