时间戳

首页 > 解决方案 > 如果 npm 显示未解决的漏洞怎么办?

angular - 如果 npm 显示未解决的漏洞怎么办?

问题描述

我将 Angular aspnet 核心应用程序从 10 升级到 12,现在我有一堆无法修复的拒绝服务漏洞。

我什至不明白它是如何发布的?Angular 12 的产品部署策略是什么?

css-what  <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
No fix available
node_modules/css-what
  css-select  <=3.1.2
  Depends on vulnerable versions of css-what                                                                                                                                          node_modules/css-select                                                                                                                                                      17:22    svgo  >=1.0.0
    Depends on vulnerable versions of css-select
    node_modules/svgo
      postcss-svgo  >=4.0.0-nightly.2020.1.9
      Depends on vulnerable versions of svgo
      node_modules/postcss-svgo
        cssnano-preset-default  *
        Depends on vulnerable versions of postcss-svgo
        node_modules/cssnano-preset-default
          cssnano  >=4.0.0-nightly.2020.1.9
          Depends on vulnerable versions of cssnano-preset-default
          node_modules/cssnano
            css-minimizer-webpack-plugin  *
            Depends on vulnerable versions of cssnano
            node_modules/css-minimizer-webpack-plugin
              @angular-devkit/build-angular  *
              Depends on vulnerable versions of @angular-devkit/build-webpack
              Depends on vulnerable versions of css-minimizer-webpack-plugin
              Depends on vulnerable versions of sass-loader
              Depends on vulnerable versions of webpack-dev-server
              node_modules/@angular-devkit/build-angular

glob-parent  <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
No fix available
node_modules/webpack-dev-server/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/webpack-dev-server/node_modules/chokidar
    webpack-dev-server  2.0.0-beta - 3.11.2
    Depends on vulnerable versions of chokidar
    node_modules/webpack-dev-server
      @angular-devkit/build-angular  *
      Depends on vulnerable versions of @angular-devkit/build-webpack
      Depends on vulnerable versions of css-minimizer-webpack-plugin
      Depends on vulnerable versions of sass-loader
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular
      @angular-devkit/build-webpack  *
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-webpack

trim-newlines  <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
No fix available
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow
    node-sass  3.5.0-beta.1 - 6.0.0
    Depends on vulnerable versions of meow
    node_modules/node-sass
      sass-loader  5.0.0 - 6.0.7 || 8.0.0 - 10.1.1 || 11.0.0 - 11.0.1
      Depends on vulnerable versions of node-sass
      node_modules/sass-loader
        @angular-devkit/build-angular  *
        Depends on vulnerable versions of @angular-devkit/build-webpack
        Depends on vulnerable versions of css-minimizer-webpack-plugin                                                                                                                      Depends on vulnerable versions of sass-loader                                                                                                                                       Depends on vulnerable versions of webpack-dev-server                                                                                                                                node_modules/@angular-devkit/build-angular                                                                                                                                                                                                                                                                                                                      16 vulnerabilities (4 moderate, 12 high)

标签: angularasp.net-corenpmwebpackangular12

解决方案

推荐阅读