You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
npm audit reports a high severity denial of service vulnerability in the http-proxy dependency.
This is in the @angular-devkit/build-angular dependency. http-proxy is a downstream dependency of webpack-dev-server.
Minimal Reproduction
> npm i -D @angular-builders/custom-webpack
> npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Denial of Service
Package http-proxy
Patched in No patch available
Dependency of @angular-builders/custom-webpack [dev]
Path @angular-builders/custom-webpack >
@angular-devkit/build-angular > webpack-dev-server >
http-proxy-middleware > http-proxy
More info https://npmjs.com/advisories/1486
Seems like there is a corresponding issue in Angular CLI. I don't think I can do something about this...
In fact the issue should be fixed in webpack-dev-server and the dependency of Angular CLI should be updated. Once it's done it will be fixed in the builder automatically.
Describe the Bug
npm audit reports a high severity denial of service vulnerability in the
http-proxy
dependency.This is in the
@angular-devkit/build-angular
dependency.http-proxy
is a downstream dependency ofwebpack-dev-server
.Minimal Reproduction
Expected Behavior
npm audit
reports no vulnerabilitiesEnvironment
Additional Context
npm advisory: https://npmjs.com/advisories/1486
Related issues:
http-proxy: http-party/node-http-proxy#1446
webpack-dev-server: webpack/webpack-dev-server#2605
angular-cli: angular/angular-cli#17738
The text was updated successfully, but these errors were encountered: