I have the following angular setup:
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 12.0.3
Node: 14.17.0
Package Manager: npm 7.16.0
OS: win32 x64
Angular: 12.0.4
... animations, cdk, common, compiler, compiler-cli, core, forms
... localize, material, platform-browser
... platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1200.3
@angular-devkit/build-angular 0.1102.14
@angular-devkit/core 12.0.3
@angular-devkit/schematics 12.0.3
@angular/cli 12.0.3
@schematics/angular 12.0.3
rxjs 6.6.7
typescript 4.2.4
I am having issue when running, npm audit --audit-level high. It is returning a few issue and one of them is the following:
css-what <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/css-what
css-select <=3.1.2
Depends on vulnerable versions of css-what
node_modules/css-select
svgo >=1.0.0
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo >=4.0.0-nightly.2020.1.9
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
cssnano-preset-default *
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano-preset-default
cssnano >=4.0.0-nightly.2020.1.9
Depends on vulnerable versions of cssnano-preset-default
node_modules/cssnano
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of resolve-url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
I run the following update to attempt resolve the issue,
npm update css-what
but i still get the same issue.
Can anyone help me here? How do i resolve the audit warning?
Angular v11. 2 added native support for running TailwindCSS PostCSS with the Angular CLI.
To solve the error "Could not find module '@angular-devkit/build-angular'", make sure to install the package by opening your terminal in your project's root directory and running the following command: npm i -D @angular-devkit/build-angular and restart your IDE and development server.
Update Angular CLI version GloballyFirst uninstall the existing Angular cli packages. Then run npm cache verify command to clear the node packages cache. Then install latest Angular CLI version using npm install -g @angular/cli@latest command.
How to Upgrade Angular Packages 1 Auto Upgrade. You may be able to update your project using the ng update command. ... 2 Manual Upgrade. You can manually upgrade Angular’s most common packages using the commands below. ... 3 Enabling Ivy. Refer to the official Angular Ivy guide if you run into issues. ...
Perform a basic update to the current stable release of the core framework and CLI by running the following command. content_copy. ng update @angular/cli @angular/core. To update to the next beta or pre-release version, use the --next option. To update from one major version to another, use the format.
In upcoming versions, Angular CLI will introduce the ng update command to help update Angular applications. As soon as more details are available, we’ll provide you with a follow-up article on how this new command can make our lives even easier.
The Angular Framework, Angular CLI, and components used by Angular applications are packaged as npm packages and distributed using the npm registry. You can download and install these npm packages by using the npm CLI client, which is installed with and runs as a Node.js® application. By default, the Angular CLI uses the npm client.
I am having identical issue and I couldn't find a solution to this vulnerability.
I've found out that you simply CAN NOT directly manually update css-what
npm install @angular-devkit/build-angular@latest
// or
npm install css-what@latest
because css-select is indirect dependancy.
The latest possible version that can be installed is 4.0.0 because of the following conflicting dependency:
@angular-devkit/[email protected] requires css-what@^4.0.0 via a transitive dependency on [email protected] The earliest fixed version is 5.0.1.
This dependancy HASN'T been fixed in @angular-devkit/[email protected]
either.
There are also threads about it: https://github.com/angular/angular-cli/issues/21185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With