Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`ng new` creates 25 vulnerabilities (6 moderate, 19 high)

See original GitHub issue

🐞 Bug report

Command (mark with an `x`)

new
build
serve
test
e2e
generate
add
update
lint
extract-i18n
run
config
help
version
doc

Is this a regression?

Don’t know.

Description

Creating a new project with ng new creates 25 vulnerabilities (6 moderate, 19 high).

🔬 Minimal Reproduction

Create a new project with ng new.
Remove node_modules
Run npm install to install dependencies

🔥 Exception or Error

npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142

added 1326 packages, and audited 1327 packages in 6s

88 packages are looking for funding
  run `npm fund` for details

25 vulnerabilities (6 moderate, 19 high)

🌍 Your Environment

Angular CLI: 12.2.11
Node: 16.5.0 (Unsupported)
Package Manager: npm 7.22.0
OS: linux x64

Angular: 12.0.5
... animations, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router

Package                         Version
---------------------------------------------------------
@angular-devkit/architect       0.1200.5
@angular-devkit/build-angular   12.0.5
@angular-devkit/core            12.0.5
@angular-devkit/schematics      12.2.11
@angular/cli                    12.2.11
@schematics/angular             12.2.11
rxjs                            6.6.7
typescript                      4.2.4

Anything else relevant?

Issue Analytics

State:
Created 2 years ago
Reactions:3
Comments:5

Top GitHub Comments

1reaction

alan-agius4commented, Oct 25, 2021

Hi @jackwootton,

Most of these vulnerabilities have been addressed in recent releases. Please update to a more recent version of the Angular CLI.

The remaining vulnerabilities are coming from webpack-dev-server v3, which have been addressed in v4. Webpack-dev-server is used in Angular CLI version 13, which is currently in pre-release. However, due the breaking nature of this change it cannot back-ported to version 12.

0reactions

angular-automatic-lock-bot[bot]commented, Nov 25, 2021

This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}