npm audit found 1 high severity vulnerability in @angular-devkit/build-angular > webpack-dev-server

[robertisaacBBN]

🐞 bug report

Affected Package

The issue is caused by package @angular-devkit/build-angular

Is this a regression?

no

Description

A clear and concise description of the problem...

                       === npm audit security report ===                        
                                                                                
                                                                                
                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           
                                                                                
                                                                                
  High            Missing Origin Validation                                     
                                                                                
  Package         webpack-dev-server                                            
                                                                                
  Patched in      >=3.1.11                                                      
                                                                                
  Dependency of   @angular-devkit/build-angular [dev]                           
                                                                                
  Path            @angular-devkit/build-angular > webpack-dev-server            
                                                                                
  More info       https://nodesecurity.io/advisories/725

🔬 Minimal Reproduction

ng new test-audit
npm audit

🌍 Your Environment

Angular Version:

Angular CLI: 7.1.4
Node: 10.14.1
OS: win32 x64
Angular: 7.1.4
... animations, cli, common, compiler, compiler-cli, core, forms
... language-service, platform-browser, platform-browser-dynamic
... router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.11.4
@angular-devkit/build-angular     0.11.4
@angular-devkit/build-optimizer   0.11.4
@angular-devkit/build-webpack     0.11.4
@angular-devkit/core              7.1.4
@angular-devkit/schematics        7.1.4
@ngtools/webpack                  7.1.4
@schematics/angular               7.1.4
@schematics/update                0.11.4
rxjs                              6.3.3
typescript                        3.1.6
webpack                           4.23.1

[ericmartinezr]

Follow this issue webpack/webpack-dev-server#1615

Edit:

This was already reported in angular-cli's repo angular/angular-cli#13342 and there's a PR with the possible solution angular/angular-cli#13347

[kwhjvdkamp]

...try 'npm rebuild' mentioned as option in the output... ! Had exactly the same audit output getting a tutorial up & running from Angular University - Security which needs Argon2. Ran in a lot of trouble: installing argon2: argon2@0.20.0 install: node-gyp rebuild, reverting to a previous version of argon2@0.19.3, fix Missing Origin Validation error for “webpack-dev-server”, node update to current version 11.6 (CTS not LTS) 7 & installing Python2, etc. etc... finally tried to stick to logic thinking... reading the almost scrambled output...somewhere my eye catched 'npm rebuild'...

[kara]

Closing, as this issue is already represented in angular-cli

[simanjuntak123]

Any one know how to make coloud database ?

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}