Angular 版本 7.1.4 上的 NPM 严重漏洞
NPM severity vulnerability on Angular version 7.1.4
我刚刚通过 'ng new' 安装了最新版本的 Angular 并获得了高严重性漏洞。
在 运行 审计之后,按照 npm 的建议,我得到了这个:
我安装了最新的 webpack (4.28.3) 和 webpack-dev-server (3.1.14) 版本。
我当前在 packages.json 上的 devDependicies 如下:
"devDependencies": {
"@angular-devkit/build-angular": "^0.11.4",
"@angular/cli": "~7.1.4",
"@angular/compiler-cli": "~7.1.0",
"@angular/language-service": "~7.1.0",
"@types/jasmine": "~2.8.8",
"@types/jasminewd2": "~2.0.3",
"@types/node": "~8.9.4",
"codelyzer": "~4.5.0",
"jasmine-core": "~2.99.1",
"jasmine-spec-reporter": "~4.2.1",
"karma": "~3.1.1",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "~2.0.1",
"karma-jasmine": "~1.1.2",
"karma-jasmine-html-reporter": "^0.2.2",
"protractor": "~5.4.0",
"ts-node": "~7.0.0",
"tslint": "~5.11.0",
"typescript": "~3.1.6",
"webpack": "^4.28.3",
"webpack-cli": "^3.2.0" }
正如问题 I tried running the commands on this link: https://npm.community/t/npm-audit-sweems-to-get-semver-wrong/4352/12 的正确答案所建议的那样:
npm install --save-dev webpack-dev-server@latest
它只是将以下行添加到 devDependecies:
"webpack-dev-server": "^3.1.14"
但严重程度仍然显示。
我是不是还漏掉了什么?
来自 NPM 的更新:
"If you’re still having issues, see https://npm.community/t/npm-audit-sweems-to-get-semver-wrong because some packages have not updated webpack-dev-server and thus, there’s no way to fix this without removing those packages right now."
更新到最新的 Angular 版本解决了问题(版本 7.2.1)。
我刚刚通过 'ng new' 安装了最新版本的 Angular 并获得了高严重性漏洞。 在 运行 审计之后,按照 npm 的建议,我得到了这个:
我安装了最新的 webpack (4.28.3) 和 webpack-dev-server (3.1.14) 版本。
我当前在 packages.json 上的 devDependicies 如下:
"devDependencies": {
"@angular-devkit/build-angular": "^0.11.4",
"@angular/cli": "~7.1.4",
"@angular/compiler-cli": "~7.1.0",
"@angular/language-service": "~7.1.0",
"@types/jasmine": "~2.8.8",
"@types/jasminewd2": "~2.0.3",
"@types/node": "~8.9.4",
"codelyzer": "~4.5.0",
"jasmine-core": "~2.99.1",
"jasmine-spec-reporter": "~4.2.1",
"karma": "~3.1.1",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "~2.0.1",
"karma-jasmine": "~1.1.2",
"karma-jasmine-html-reporter": "^0.2.2",
"protractor": "~5.4.0",
"ts-node": "~7.0.0",
"tslint": "~5.11.0",
"typescript": "~3.1.6",
"webpack": "^4.28.3",
"webpack-cli": "^3.2.0" }
正如问题
npm install --save-dev webpack-dev-server@latest
它只是将以下行添加到 devDependecies:
"webpack-dev-server": "^3.1.14"
但严重程度仍然显示。
我是不是还漏掉了什么?
来自 NPM 的更新: "If you’re still having issues, see https://npm.community/t/npm-audit-sweems-to-get-semver-wrong because some packages have not updated webpack-dev-server and thus, there’s no way to fix this without removing those packages right now."
更新到最新的 Angular 版本解决了问题(版本 7.2.1)。