Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Angular Update Package CSS-WHAT

Tags:

npm

angular

I have the following angular setup:

     _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/


Angular CLI: 12.0.3
Node: 14.17.0
Package Manager: npm 7.16.0
OS: win32 x64

Angular: 12.0.4
... animations, cdk, common, compiler, compiler-cli, core, forms
... localize, material, platform-browser
... platform-browser-dynamic, router

Package                         Version
---------------------------------------------------------
@angular-devkit/architect       0.1200.3
@angular-devkit/build-angular   0.1102.14
@angular-devkit/core            12.0.3
@angular-devkit/schematics      12.0.3
@angular/cli                    12.0.3
@schematics/angular             12.0.3
rxjs                            6.6.7
typescript                      4.2.4

I am having issue when running, npm audit --audit-level high. It is returning a few issue and one of them is the following:

css-what  <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/css-what
  css-select  <=3.1.2
  Depends on vulnerable versions of css-what
  node_modules/css-select
    svgo  >=1.0.0
    Depends on vulnerable versions of css-select
    node_modules/svgo
      postcss-svgo  >=4.0.0-nightly.2020.1.9
      Depends on vulnerable versions of svgo
      node_modules/postcss-svgo
        cssnano-preset-default  *
        Depends on vulnerable versions of postcss-svgo
        node_modules/cssnano-preset-default
          cssnano  >=4.0.0-nightly.2020.1.9
          Depends on vulnerable versions of cssnano-preset-default
          node_modules/cssnano
            @angular-devkit/build-angular  *
            Depends on vulnerable versions of @angular-devkit/build-webpack
            Depends on vulnerable versions of resolve-url-loader
            Depends on vulnerable versions of webpack
            Depends on vulnerable versions of webpack-dev-server
            node_modules/@angular-devkit/build-angular

I run the following update to attempt resolve the issue,

npm update css-what

but i still get the same issue.

Can anyone help me here? How do i resolve the audit warning?

like image 677
Stephen Cossgrove Avatar asked Jun 10 '21 03:06

Stephen Cossgrove

People also ask

Does angular use PostCSS?

Angular v11. 2 added native support for running TailwindCSS PostCSS with the Angular CLI.

Can't find module angular Devkit build angular?

To solve the error "Could not find module '@angular-devkit/build-angular'", make sure to install the package by opening your terminal in your project's root directory and running the following command: npm i -D @angular-devkit/build-angular and restart your IDE and development server.

How do I update my local version of angular commands?

Update Angular CLI version GloballyFirst uninstall the existing Angular cli packages. Then run npm cache verify command to clear the node packages cache. Then install latest Angular CLI version using npm install -g @angular/cli@latest command.

How do I upgrade a package in angular?

How to Upgrade Angular Packages 1 Auto Upgrade. You may be able to update your project using the ng update command. ... 2 Manual Upgrade. You can manually upgrade Angular’s most common packages using the commands below. ... 3 Enabling Ivy. Refer to the official Angular Ivy guide if you run into issues. ...

How do I update angular core to latest release?

Perform a basic update to the current stable release of the core framework and CLI by running the following command. content_copy. ng update @angular/cli @angular/core. To update to the next beta or pre-release version, use the --next option. To update from one major version to another, use the format.

What is ng update in angular CLI?

In upcoming versions, Angular CLI will introduce the ng update command to help update Angular applications. As soon as more details are available, we’ll provide you with a follow-up article on how this new command can make our lives even easier.

How do I download and install the Angular framework?

The Angular Framework, Angular CLI, and components used by Angular applications are packaged as npm packages and distributed using the npm registry. You can download and install these npm packages by using the npm CLI client, which is installed with and runs as a Node.js® application. By default, the Angular CLI uses the npm client.

1 Answers

I am having identical issue and I couldn't find a solution to this vulnerability.

I've found out that you simply CAN NOT directly manually update css-what

npm install @angular-devkit/build-angular@latest
// or
npm install css-what@latest

because css-select is indirect dependancy.

The latest possible version that can be installed is 4.0.0 because of the following conflicting dependency:

@angular-devkit/[email protected] requires css-what@^4.0.0 via a transitive dependency on [email protected] The earliest fixed version is 5.0.1.

This dependancy HASN'T been fixed in @angular-devkit/[email protected] either.

There are also threads about it: https://github.com/angular/angular-cli/issues/21185

like image 163
Timothy Avatar answered Oct 07 '22 19:10

Timothy
Sign in to Comment

Related questions

Questions on .NET Core 3.1 & Angular SSR spa.UseSpaPrerendering alternative
Redux - How to organize store in big application [closed]
What are the proper steps for changing or swapping out Service Workers in Production?
What is the difference between Component.providers and Component.viewProviders?
Angular Universal not giving performance improvement as expected on Google pagespeed insights
To update a formgroup formcontrol value from different formgroup but I do not to want to change the values permanently(Angular)
Jenkins running Cypress test ends up with timeout
How to use union types in the HTML template side of an Angular component
Stop scrolling Event after function typescript
TypeError: Cannot read property 'requestContent' of undefined. HMR. Angular
ASP.NET Core 3.1 + Angular 9 role based authentication
Angular 10: Path Mapping shows error in VSCode when import
Navigate to a fragment of a **different** (not the same) page/component in Angular
XSRF-TOKEN not added to cookies by Angular (Client side) when .NET core API returns a response with an XSRF-TOKEN
How to use assets from another locale in angular?
DOMException: Failed to read the 'localStorage' property from 'Window': In Chrome Incognito mode and running in Iframe
Is it possible to add a CSS class on ':enter' or ':leave' events of a component/element like used with Animations in Angular 10?
Lambda@Edge function not being called on Cloudfront error page
Sharing images from whatsapp to angular app via Share_Target not working
Use autoprefixer with angular11

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!