Update to minimist v1.2.3+ #17241
Comments
|
+1 same here |
|
github reports both acorn and minimist here's my [kushal@ideapadflex-kushal ondotnetangularfrontend]$ yarn why acorn
yarn why v1.22.4
[1/4] Why do we have the module "acorn"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "acorn@6.4.0"
info Reasons this module exists
- "@angular-devkit#build-angular#webpack" depends on it
- Hoisted from "@angular-devkit#build-angular#webpack#acorn"
info Disk size without dependencies: "1.08MB"
info Disk size with unique dependencies: "1.08MB"
info Disk size with transitive dependencies: "1.08MB"
info Number of shared dependencies: 0
=> Found "rollup#acorn@7.1.0"
info This module exists because "@angular-devkit#build-angular#rollup" depends on it.
info Disk size without dependencies: "1.08MB"
info Disk size with unique dependencies: "1.08MB"
info Disk size with transitive dependencies: "1.08MB"
info Number of shared dependencies: 0
Done in 0.66s.
[kushal@ideapadflex-kushal ondotnetangularfrontend]$ yarn why minimist
yarn why v1.22.4
[1/4] Why do we have the module "minimist"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "minimist@1.2.0"
info Has been hoisted to "minimist"
info Reasons this module exists
- Hoisted from "json5#minimist"
- Hoisted from "@angular#compiler-cli#minimist"
- Hoisted from "protractor#blocking-proxy#minimist"
- Hoisted from "protractor#webdriver-manager#minimist"
- Hoisted from "@angular-devkit#build-angular#loader-utils#json5#minimist"
info Disk size without dependencies: "96KB"
info Disk size with unique dependencies: "96KB"
info Disk size with transitive dependencies: "96KB"
info Number of shared dependencies: 0
=> Found "mkdirp#minimist@0.0.8"
info This module exists because "cacache#mkdirp" depends on it.
info Disk size without dependencies: "72KB"
info Disk size with unique dependencies: "72KB"
info Disk size with transitive dependencies: "72KB"
info Number of shared dependencies: 0
=> Found "optimist#minimist@0.0.10"
info This module exists because "karma#optimist" depends on it.
info Disk size without dependencies: "80KB"
info Disk size with unique dependencies: "80KB"
info Disk size with transitive dependencies: "80KB"
info Number of shared dependencies: 0
Done in 0.65s.Associated git commit ondotnet/angularfrontend@9da071c |
|
Blocking as this needs to be fixed upstream by several direct and transitive dependencies. |
|
Hi guys, im having the same error, and really, i don't know how i can resolve it. The NPM documentacion about this situation, si soo short |
|
I am working around this at the moment by choosing to up the audit level from low to moderate which then passes because the minimalist issue is at the low level, while I wait for the upstream fix. so instead of |
Thanks for that @alastairtree i will try this, and then, i will let you know |
|
if you add the following below devDependencies in package.json:
then delete node_modules and run |
|
@DomTripodi93 what if we don't have browserlist installed? browserlist is required for this fix? |
No, browserlist isn't relevant, it's just the default last item in React(which is experiencing the same problem) I should have said below "devDependencies", but it doesn't technically matter where it is located, it's just best practice to make it the last value, as you will likely remove it after the dependency is updated in the affected packages. I will update above |
I'm getting a npm ERR! extraneous: minimist@1.2.3 after doing your solution steps and running |
|
Karma version 5.0.0 and Protractor version 5.4.4 have been released and both of them contain the security fix. @kyliau is liaising with the Karma team to see if it is possible to backport the fix in Karma version 4. |
alan-agius4
added
area: @schematics/angular
and removed
area: @angular-devkit/build-angular
labels
|
I am currently using Angular core 8.3.0 and I see two versions of minimist 0.0.8 and 1.2.0. How do I include different versions of minimist for each dependency. Say for example for mkdirp@0.5.1, I want to use minimist@0.2.1 and for rc@1.2.8 I want to use minimist@1.2.3? Below is my current npm list minimist before any updates: ├─┬ karma@4.1.0 |
|
@tomvmac, you update karma to version ~5.0.0 |
|
Closed via #17525 |
|
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
Please read https://angular.io/guide/security#report-issues on how to disclose security related issues.
🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
npm auditcommand is reporting a new vulnerability in an angular/cli dev dependency. This does not appear critical but it does affect my company's internal tooling that requires passingnpm audits.https://www.npmjs.com/advisories/1179 - moderate vulnerability in minimist pre v1.2.3
The text was updated successfully, but these errors were encountered: