angular - 如果 npm 显示未解决的漏洞怎么办?
问题描述
我将 Angular aspnet 核心应用程序从 10 升级到 12,现在我有一堆无法修复的拒绝服务漏洞。
我什至不明白它是如何发布的?Angular 12 的产品部署策略是什么?
css-what <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
No fix available
node_modules/css-what
css-select <=3.1.2
Depends on vulnerable versions of css-what node_modules/css-select 17:22 svgo >=1.0.0
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo >=4.0.0-nightly.2020.1.9
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
cssnano-preset-default *
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano-preset-default
cssnano >=4.0.0-nightly.2020.1.9
Depends on vulnerable versions of cssnano-preset-default
node_modules/cssnano
css-minimizer-webpack-plugin *
Depends on vulnerable versions of cssnano
node_modules/css-minimizer-webpack-plugin
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of css-minimizer-webpack-plugin
Depends on vulnerable versions of sass-loader
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
glob-parent <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
No fix available
node_modules/webpack-dev-server/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/webpack-dev-server/node_modules/chokidar
webpack-dev-server 2.0.0-beta - 3.11.2
Depends on vulnerable versions of chokidar
node_modules/webpack-dev-server
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of css-minimizer-webpack-plugin
Depends on vulnerable versions of sass-loader
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack *
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-webpack
trim-newlines <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
No fix available
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 3.5.0-beta.1 - 6.0.0
Depends on vulnerable versions of meow
node_modules/node-sass
sass-loader 5.0.0 - 6.0.7 || 8.0.0 - 10.1.1 || 11.0.0 - 11.0.1
Depends on vulnerable versions of node-sass
node_modules/sass-loader
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of css-minimizer-webpack-plugin Depends on vulnerable versions of sass-loader Depends on vulnerable versions of webpack-dev-server node_modules/@angular-devkit/build-angular 16 vulnerabilities (4 moderate, 12 high)
解决方案
推荐阅读
- javascript - 在 onChange 事件从 Paste (ctrl+v) 接收数据后 React Initiating 组件重新渲染
- r - 生成降序数的向量
- javascript - 三个按钮更改数据表内容
- kotlin - 是否可以在 Kotlin 中使安全内联可选?
- python - 如何生成弯曲的文本
- javascript - 获取复选框值并使用它们作为搜索参数创建 window.location URL
- templates - Go 模板不能与 if 和 range 一起正常工作
- javascript - 无法在更改时更新项目 - React Native
- python - 如何将用户输入的数字转换为python中的列表?就像用户输入 56989 一样,我希望这些数字分别在列表中{5,6,9,8,9}
- python - 在 pandas DataFrame 上应用函数,2 个循环,其中外循环是轴 = 1,内循环是轴 = 0