New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Angular 12 upgradation issue related to css-what version inside package @angular-devkit/builder-angular #21185
Comments
This is not actionable from our end. Please follow svg/svgo#1488. |
Hi @alan-agius4 this seems to be resolved now on svgo's side, the relevant bug is now on cssnano (already merged on master and only needs tagging), relevant information is here Regards |
@aseques Based on the existing SemVer range for |
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃
Please read https://angular.io/guide/security#report-issues on how to disclose security related issues.
馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃馃洃
I am on the way to upgrade my Angular project. I have followed all the steps mentioned here https://update.angular.io/. After that am able to resolve all the issues except one high related to @angular-devkit/builder-angular.
This is issue
High Denial of Service
Package css-what
Patched in >=5.0.1
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > css-minimizer-webpack-plugin
> cssnano > cssnano-preset-default > postcss-svgo > svgo >
css-select > css-what
found 3 vulnerabilities (2 moderate, 1 high) in 1651 scanned packages
3 vulnerabilities require manual review. See the full report for details.
I have tried updating using all the version @angular-devkit/builder-angular available, but no luck. You can see some of the version which i have tried below.
-- @angular-devkit/build-angular@12.0.2
-- css-minimizer-webpack-plugin@3.0.0-- cssnano@5.0.6
-- cssnano-preset-default@5.1.3-- postcss-svgo@5.0.2
-- svgo@2.3.0-- css-select@3.1.2
-- css-what@4.0.0-- @angular-devkit/build-angular@12.0.5
-- css-minimizer-webpack-plugin@3.0.0-- cssnano@5.0.6
-- cssnano-preset-default@5.1.3-- postcss-svgo@5.0.2
-- svgo@2.3.0-- css-select@3.1.2
-- css-what@4.0.0-- @angular-devkit/build-angular@12.1.0-next.6
-- css-minimizer-webpack-plugin@3.0.1-- cssnano@5.0.6
-- cssnano-preset-default@5.1.3-- postcss-svgo@5.0.2
-- svgo@2.3.0-- css-select@3.1.2
-- css-what@4.0.0In above @angular-devkit/build-angular is excepting css-what version should be >= 5.0.1 which I am not able to find.
Which version of @angular-devkit/builder-angular@? i need to install so that css-what >= 5.0.1 . Then only that high get resolve.
FYI
Node version - v12.18.2
npm - 6.14.5
"dependencies": {
"@angular-devkit/core": "^12.0.2",
"@angular/animations": "^12.0.2",
"@angular/common": "^12.0.2",
"@angular/compiler": "^12.0.2",
"@angular/core": "^12.0.2",
"@angular/forms": "^12.0.2",
"@angular/localize": "^12.0.2",
"@angular/platform-browser": "^12.0.2",
"@angular/platform-browser-dynamic": "^12.0.2",
"@angular/platform-server": "^12.0.2",
"@angular/router": "^12.0.2",
"@angular/service-worker": "^12.0.2",
"@fortawesome/fontawesome-free": "^5.15.3",
"@ng-bootstrap/ng-bootstrap": "^9.1.2",
"@ng-select/ng-select": "^5.1.0",
"@ngrx/store-devtools": "^6.1.0",
"ag-grid": "^18.1.2",
"ag-grid-angular": "^18.1.0",
"ag-grid-community": "^19.0.0",
"angular2-text-mask": "^9.0.0",
"autoprefixer": "^10.2.6",
"classlist.js": "^1.1.20150312",
"compass-mixins": "^0.12.10",
"core-js": "^2.6.12",
"jquery": "^3.6.0",
"moment": "^2.29.1",
"ng6-toastr": "^6.0.0",
"ngx-bootstrap": "^6.2.0",
"ngx-moment": "^3.2.0",
"ngx-spinner": "^6.1.2",
"ngx-toastr": "^14.0.0",
"postcss-scss": "^3.0.5",
"rxjs": "^6.6.7",
"rxjs-compat": "^6.6.7",
"zone.js": "^0.11.4"
},
"devDependencies": {
"@angular-devkit/build-angular": "^12.1.0-next.6",
"@angular/cli": "^12.0.2",
"@angular/compiler-cli": "^12.0.2",
"@angular/language-service": "^12.0.2",
"@ngrx/store": "^12.1.0",
"@types/jasmine": "^3.7.6",
"@types/jasminewd2": "^2.0.9",
"@types/node": "^15.6.1",
"codelyzer": "^6.0.2",
"jasmine-core": "^3.7.1",
"jasmine-spec-reporter": "^7.0.0",
"jspm": "^0.16.53",
"karma": "^6.3.3",
"karma-chrome-launcher": "^3.1.0",
"karma-coverage-istanbul-reporter": "^3.0.3",
"karma-jasmine": "^4.0.1",
"karma-jasmine-html-reporter": "^1.6.0",
"protractor": "^7.0.0",
"ts-node": "^8.3.0",
"tslint": "^6.1.0",
"typescript": "^4.2.4"
},
The text was updated successfully, but these errors were encountered: