angular-app's People
Contributors
Watchers
angular-app's Issues
npm audit found vulnerabilities
# npm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/ajv
node_modules/istanbul-instrumenter-loader/node_modules/ajv
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
schema-utils <=0.4.3
Depends on vulnerable versions of ajv
node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
istanbul-instrumenter-loader >=3.0.0-beta.0
Depends on vulnerable versions of schema-utils
node_modules/istanbul-instrumenter-loader
ansi-html *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/ansi-html
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/inquirer/node_modules/strip-ansi/node_modules/ansi-regex
node_modules/protractor/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/@angular/compiler-cli/node_modules/strip-ansi
node_modules/inquirer/node_modules/string-width/node_modules/strip-ansi
node_modules/inquirer/node_modules/strip-ansi
node_modules/protractor/node_modules/cliui/node_modules/strip-ansi
node_modules/protractor/node_modules/string-width/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
node_modules/protractor/node_modules/cliui
node_modules/webpack-dev-server/node_modules/cliui
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
inquirer 3.2.0 - 7.0.4
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/inquirer
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/@angular/compiler-cli/node_modules/string-width
node_modules/inquirer/node_modules/string-width
node_modules/protractor/node_modules/string-width
node_modules/webpack-dev-server/node_modules/string-width
braces <2.3.1
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/braces
node_modules/expand-braces/node_modules/braces
node_modules/karma/node_modules/braces
expand-braces *
Depends on vulnerable versions of braces
node_modules/expand-braces
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/@angular/compiler-cli/node_modules/micromatch
node_modules/karma/node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/@angular/compiler-cli/node_modules/anymatch
node_modules/karma/node_modules/anymatch
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/@angular/compiler-cli/node_modules/chokidar
node_modules/chokidar
node_modules/karma/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist
debug <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io-client/node_modules/debug
node_modules/engine.io/node_modules/debug
node_modules/socket.io-adapter/node_modules/debug
node_modules/socket.io-client/node_modules/debug
node_modules/socket.io-parser/node_modules/debug
node_modules/socket.io/node_modules/debug
engine.io <=4.0.0-alpha.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
socket.io-adapter <=1.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-adapter
socket.io-parser <=3.3.1
Depends on vulnerable versions of debug
node_modules/socket.io-parser
dns-packet <1.3.2
Severity: high
Potential memory exposure in dns-packet - https://github.com/advisories/GHSA-3wcq-x3mq-6r9p
fix available via `npm audit fix`
node_modules/dns-packet
elliptic <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
fix available via `npm audit fix`
node_modules/elliptic
engine.io <=4.0.0-alpha.1
Severity: high
Resource exhaustion in engine.io - https://github.com/advisories/GHSA-j4f2-536g-r55m
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
follow-redirects <=1.14.7
Severity: high
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
fix available via `npm audit fix`
node_modules/follow-redirects
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
node_modules/karma/node_modules/glob-parent
node_modules/watchpack/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/@angular/compiler-cli/node_modules/chokidar
node_modules/chokidar
node_modules/karma/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
copy-webpack-plugin 4.3.0 - 5.1.2
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
parse-glob >=2.1.0
Depends on vulnerable versions of glob-base
node_modules/parse-glob
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/@angular/compiler-cli/node_modules/micromatch
node_modules/karma/node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/@angular/compiler-cli/node_modules/anymatch
node_modules/karma/node_modules/anymatch
handlebars <4.7.7
Severity: critical
Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
fix available via `npm audit fix`
node_modules/handlebars
hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/hosted-git-info
ini <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/ini
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
jszip <3.7.0
Severity: moderate
Prototype Pollution - https://github.com/advisories/GHSA-jg8v-48h5-wgxg
fix available via `npm audit fix`
node_modules/jszip
karma <=6.3.13
Severity: critical
Cross-site Scripting in karma - https://github.com/advisories/GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/karma
lodash <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Prototype pollution in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/karma/node_modules/lodash
node_modules/lodash
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
log4js <6.4.0
Severity: moderate
Incorrect Default Permissions in log4js - https://github.com/advisories/GHSA-82v2-mx6x-wq7q
fix available via `npm audit fix`
node_modules/log4js
marked <4.0.10
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/marked
mem <4.0.0
Severity: moderate
Denial of Service in mem - https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/mem
os-locale 2.0.0 - 3.0.0
Depends on vulnerable versions of mem
node_modules/@angular/compiler-cli/node_modules/os-locale
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
minimist <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/optimist/node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
node-forge <1.0.0
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
node-sass 2.0.0 - 6.0.1
Severity: high
Improper Certificate Validation in node-sass - https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
npm-registry-fetch <4.0.5
Severity: moderate
Sensitive information exposure through logs in npm-registry-fetch - https://github.com/advisories/GHSA-jmqm-f2gx-4fjv
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/npm-registry-fetch
pacote 9.0.0 - 9.5.2
Depends on vulnerable versions of npm-registry-fetch
node_modules/pacote
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
parsejson *
Severity: high
Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp
fix available via `npm audit fix`
node_modules/parsejson
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse
postcss <=7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/postcss
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
serialize-javascript <3.1.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.1.2
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
terser-webpack-plugin <=1.4.3 || 2.0.0 - 2.3.5
Depends on vulnerable versions of serialize-javascript
node_modules/terser-webpack-plugin
shelljs <0.8.5
Severity: moderate
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-64g7-mvw6-v9qj
fix available via `npm audit fix`
node_modules/shelljs
socket.io <=2.4.1
Severity: high
Insecure defaults due to CORS misconfiguration in socket.io - https://github.com/advisories/GHSA-fxwf-4rqh-v8g3
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
socket.io-parser <=3.3.1
Severity: high
Resource exhaustion in socket.io-parser - https://github.com/advisories/GHSA-xfhh-g9f5-x4m4
Depends on vulnerable versions of debug
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/socket.io-parser
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
socket.io-adapter <=1.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-adapter
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
sockjs <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/sockjs
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
ssri 5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/ssri
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/pacote/node_modules/tar
node_modules/tar
node-gyp <=3.8.0
Depends on vulnerable versions of tar
node_modules/node-gyp
node-sass 2.0.0 - 6.0.1
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
trim-newlines <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 2.0.0 - 6.0.1
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
url-parse <=1.5.7
Severity: high
Open redirect in url-parse - https://github.com/advisories/GHSA-hh27-ffr2-f2jc
Path traversal in url-parse - https://github.com/advisories/GHSA-9m6j-fcg5-2442
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-8v38-pw62-9cw2
fix available via `npm audit fix`
node_modules/url-parse
ws <=1.1.4
Severity: high
Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ws
engine.io <=4.0.0-alpha.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
xmlhttprequest-ssl <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
fix available via `npm audit fix`
node_modules/xmlhttprequest-ssl
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
yargs-parser 6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/yargs-parser
node_modules/protractor/node_modules/yargs-parser
node_modules/webpack-dev-server/node_modules/yargs-parser
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
79 vulnerabilities (6 low, 33 moderate, 35 high, 5 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
ZAP Scan Baseline Report
- Site: http://localhost:4200
New Alerts- Application Error Disclosure [90022] total: 1:
- CSP: Wildcard Directive [10055] total: 2:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Cross-Domain Misconfiguration [10098] total: 8:
- Missing Anti-clickjacking Header [10020] total: 1:
- Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] total: 7:
- Timestamp Disclosure - Unix [10096] total: 4:
- X-Content-Type-Options Header Missing [10021] total: 5:
- Information Disclosure - Suspicious Comments [10027] total: 13:
- Modern Web Application [10109] total: 3:
View the following link to download the report.
RunnerID:1909208036
ZAP Scan Baseline Report
- Site: http://localhost:4200
New Alerts- Application Error Disclosure [90022] total: 1:
- CSP: Wildcard Directive [10055] total: 2:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Cross-Domain Misconfiguration [10098] total: 8:
- Missing Anti-clickjacking Header [10020] total: 1:
- Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] total: 8:
- Timestamp Disclosure - Unix [10096] total: 15:
- X-Content-Type-Options Header Missing [10021] total: 6:
- Information Disclosure - Suspicious Comments [10027] total: 20:
- Modern Web Application [10109] total: 4:
View the following link to download the report.
RunnerID:1906747732
ZAP Scan Baseline Report
- Site: http://localhost:4200
New Alerts- Application Error Disclosure [90022] total: 1:
- CSP: Wildcard Directive [10055] total: 2:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Cross-Domain Misconfiguration [10098] total: 8:
- Missing Anti-clickjacking Header [10020] total: 1:
- Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] total: 8:
- Timestamp Disclosure - Unix [10096] total: 15:
- X-Content-Type-Options Header Missing [10021] total: 6:
- Information Disclosure - Suspicious Comments [10027] total: 13:
- Modern Web Application [10109] total: 4:
View the following link to download the report.
RunnerID:1901380100
npm audit found vulnerabilities
# npm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/ajv
node_modules/istanbul-instrumenter-loader/node_modules/ajv
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
schema-utils <=0.4.3
Depends on vulnerable versions of ajv
node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
istanbul-instrumenter-loader >=3.0.0-beta.0
Depends on vulnerable versions of schema-utils
node_modules/istanbul-instrumenter-loader
ansi-html *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/ansi-html
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/inquirer/node_modules/strip-ansi/node_modules/ansi-regex
node_modules/protractor/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/@angular/compiler-cli/node_modules/strip-ansi
node_modules/inquirer/node_modules/string-width/node_modules/strip-ansi
node_modules/inquirer/node_modules/strip-ansi
node_modules/protractor/node_modules/cliui/node_modules/strip-ansi
node_modules/protractor/node_modules/string-width/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
node_modules/protractor/node_modules/cliui
node_modules/webpack-dev-server/node_modules/cliui
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
inquirer 3.2.0 - 7.0.4
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/inquirer
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/@angular/compiler-cli/node_modules/string-width
node_modules/inquirer/node_modules/string-width
node_modules/protractor/node_modules/string-width
node_modules/webpack-dev-server/node_modules/string-width
braces <2.3.1
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/braces
node_modules/expand-braces/node_modules/braces
node_modules/karma/node_modules/braces
expand-braces *
Depends on vulnerable versions of braces
node_modules/expand-braces
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/@angular/compiler-cli/node_modules/micromatch
node_modules/karma/node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/@angular/compiler-cli/node_modules/anymatch
node_modules/karma/node_modules/anymatch
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/@angular/compiler-cli/node_modules/chokidar
node_modules/chokidar
node_modules/karma/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist
debug <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io-client/node_modules/debug
node_modules/engine.io/node_modules/debug
node_modules/socket.io-adapter/node_modules/debug
node_modules/socket.io-client/node_modules/debug
node_modules/socket.io-parser/node_modules/debug
node_modules/socket.io/node_modules/debug
engine.io <=4.0.0-alpha.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
socket.io-adapter <=1.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-adapter
socket.io-parser <=3.3.1
Depends on vulnerable versions of debug
node_modules/socket.io-parser
dns-packet <1.3.2
Severity: high
Potential memory exposure in dns-packet - https://github.com/advisories/GHSA-3wcq-x3mq-6r9p
fix available via `npm audit fix`
node_modules/dns-packet
elliptic <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
fix available via `npm audit fix`
node_modules/elliptic
engine.io <=4.0.0-alpha.1
Severity: high
Resource exhaustion in engine.io - https://github.com/advisories/GHSA-j4f2-536g-r55m
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
follow-redirects <=1.14.7
Severity: high
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
fix available via `npm audit fix`
node_modules/follow-redirects
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
node_modules/karma/node_modules/glob-parent
node_modules/watchpack/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/@angular/compiler-cli/node_modules/chokidar
node_modules/chokidar
node_modules/karma/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
copy-webpack-plugin 4.3.0 - 5.1.2
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
parse-glob >=2.1.0
Depends on vulnerable versions of glob-base
node_modules/parse-glob
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/@angular/compiler-cli/node_modules/micromatch
node_modules/karma/node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/@angular/compiler-cli/node_modules/anymatch
node_modules/karma/node_modules/anymatch
handlebars <4.7.7
Severity: critical
Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
fix available via `npm audit fix`
node_modules/handlebars
hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/hosted-git-info
ini <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/ini
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
jszip <3.7.0
Severity: moderate
Prototype Pollution - https://github.com/advisories/GHSA-jg8v-48h5-wgxg
fix available via `npm audit fix`
node_modules/jszip
karma <=6.3.13
Severity: critical
Cross-site Scripting in karma - https://github.com/advisories/GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/karma
lodash <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Prototype pollution in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/karma/node_modules/lodash
node_modules/lodash
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
log4js <6.4.0
Severity: moderate
Incorrect Default Permissions in log4js - https://github.com/advisories/GHSA-82v2-mx6x-wq7q
fix available via `npm audit fix`
node_modules/log4js
marked <4.0.10
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/marked
mem <4.0.0
Severity: moderate
Denial of Service in mem - https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/mem
os-locale 2.0.0 - 3.0.0
Depends on vulnerable versions of mem
node_modules/@angular/compiler-cli/node_modules/os-locale
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
minimist <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/optimist/node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
node-forge <1.0.0
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
node-sass 2.0.0 - 6.0.1
Severity: high
Improper Certificate Validation in node-sass - https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
npm-registry-fetch <4.0.5
Severity: moderate
Sensitive information exposure through logs in npm-registry-fetch - https://github.com/advisories/GHSA-jmqm-f2gx-4fjv
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/npm-registry-fetch
pacote 9.0.0 - 9.5.2
Depends on vulnerable versions of npm-registry-fetch
node_modules/pacote
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
parsejson *
Severity: high
Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp
fix available via `npm audit fix`
node_modules/parsejson
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse
postcss <=7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/postcss
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
serialize-javascript <3.1.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.1.2
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
terser-webpack-plugin <=1.4.3 || 2.0.0 - 2.3.5
Depends on vulnerable versions of serialize-javascript
node_modules/terser-webpack-plugin
shelljs <0.8.5
Severity: moderate
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-64g7-mvw6-v9qj
fix available via `npm audit fix`
node_modules/shelljs
socket.io <=2.4.1
Severity: high
Insecure defaults due to CORS misconfiguration in socket.io - https://github.com/advisories/GHSA-fxwf-4rqh-v8g3
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
socket.io-parser <=3.3.1
Severity: high
Resource exhaustion in socket.io-parser - https://github.com/advisories/GHSA-xfhh-g9f5-x4m4
Depends on vulnerable versions of debug
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/socket.io-parser
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
socket.io-adapter <=1.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-adapter
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
sockjs <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/sockjs
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
ssri 5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/ssri
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/pacote/node_modules/tar
node_modules/tar
node-gyp <=3.8.0
Depends on vulnerable versions of tar
node_modules/node-gyp
node-sass 2.0.0 - 6.0.1
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
trim-newlines <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 2.0.0 - 6.0.1
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
url-parse <=1.5.7
Severity: high
Open redirect in url-parse - https://github.com/advisories/GHSA-hh27-ffr2-f2jc
Path traversal in url-parse - https://github.com/advisories/GHSA-9m6j-fcg5-2442
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-8v38-pw62-9cw2
fix available via `npm audit fix`
node_modules/url-parse
ws <=1.1.4
Severity: high
Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ws
engine.io <=4.0.0-alpha.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
xmlhttprequest-ssl <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
fix available via `npm audit fix`
node_modules/xmlhttprequest-ssl
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
yargs-parser 6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/yargs-parser
node_modules/protractor/node_modules/yargs-parser
node_modules/webpack-dev-server/node_modules/yargs-parser
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
79 vulnerabilities (6 low, 33 moderate, 35 high, 5 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
npm audit found vulnerabilities
# npm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/ajv
node_modules/istanbul-instrumenter-loader/node_modules/ajv
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
schema-utils <=0.4.3
Depends on vulnerable versions of ajv
node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
istanbul-instrumenter-loader >=3.0.0-beta.0
Depends on vulnerable versions of schema-utils
node_modules/istanbul-instrumenter-loader
ansi-html *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/ansi-html
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/inquirer/node_modules/strip-ansi/node_modules/ansi-regex
node_modules/protractor/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/@angular/compiler-cli/node_modules/strip-ansi
node_modules/inquirer/node_modules/string-width/node_modules/strip-ansi
node_modules/inquirer/node_modules/strip-ansi
node_modules/protractor/node_modules/cliui/node_modules/strip-ansi
node_modules/protractor/node_modules/string-width/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
node_modules/protractor/node_modules/cliui
node_modules/webpack-dev-server/node_modules/cliui
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
inquirer 3.2.0 - 7.0.4
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/inquirer
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/@angular/compiler-cli/node_modules/string-width
node_modules/inquirer/node_modules/string-width
node_modules/protractor/node_modules/string-width
node_modules/webpack-dev-server/node_modules/string-width
braces <2.3.1
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/braces
node_modules/expand-braces/node_modules/braces
node_modules/karma/node_modules/braces
expand-braces *
Depends on vulnerable versions of braces
node_modules/expand-braces
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/@angular/compiler-cli/node_modules/micromatch
node_modules/karma/node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/@angular/compiler-cli/node_modules/anymatch
node_modules/karma/node_modules/anymatch
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/@angular/compiler-cli/node_modules/chokidar
node_modules/chokidar
node_modules/karma/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist
debug <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io-client/node_modules/debug
node_modules/engine.io/node_modules/debug
node_modules/socket.io-adapter/node_modules/debug
node_modules/socket.io-client/node_modules/debug
node_modules/socket.io-parser/node_modules/debug
node_modules/socket.io/node_modules/debug
engine.io <=4.0.0-alpha.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
socket.io-adapter <=1.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-adapter
socket.io-parser <=3.3.1
Depends on vulnerable versions of debug
node_modules/socket.io-parser
dns-packet <1.3.2
Severity: high
Potential memory exposure in dns-packet - https://github.com/advisories/GHSA-3wcq-x3mq-6r9p
fix available via `npm audit fix`
node_modules/dns-packet
elliptic <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
fix available via `npm audit fix`
node_modules/elliptic
engine.io <=4.0.0-alpha.1
Severity: high
Resource exhaustion in engine.io - https://github.com/advisories/GHSA-j4f2-536g-r55m
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
follow-redirects <=1.14.7
Severity: high
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
fix available via `npm audit fix`
node_modules/follow-redirects
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
node_modules/karma/node_modules/glob-parent
node_modules/watchpack/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/@angular/compiler-cli/node_modules/chokidar
node_modules/chokidar
node_modules/karma/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
@angular-devkit/core 0.0.23 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
Depends on vulnerable versions of chokidar
node_modules/@angular-devkit/core
@angular-devkit/architect <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/architect
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack <=0.803.28 || 0.900.0-next.0 - 0.901.11 || 0.1000.0-next.0 - 0.1000.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/build-webpack
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@angular-devkit/schematics
@ngtools/webpack 6.0.0-beta.2 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@ngtools/webpack
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schematics/angular
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
copy-webpack-plugin 4.3.0 - 5.1.2
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
parse-glob >=2.1.0
Depends on vulnerable versions of glob-base
node_modules/parse-glob
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/@angular/compiler-cli/node_modules/micromatch
node_modules/karma/node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/@angular/compiler-cli/node_modules/anymatch
node_modules/karma/node_modules/anymatch
handlebars <4.7.7
Severity: critical
Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
fix available via `npm audit fix`
node_modules/handlebars
hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/hosted-git-info
ini <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/ini
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
jszip <3.7.0
Severity: moderate
Prototype Pollution - https://github.com/advisories/GHSA-jg8v-48h5-wgxg
fix available via `npm audit fix`
node_modules/jszip
karma <=6.3.13
Severity: critical
Cross-site Scripting in karma - https://github.com/advisories/GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/karma
lodash <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Prototype pollution in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/karma/node_modules/lodash
node_modules/lodash
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
log4js <6.4.0
Severity: moderate
Incorrect Default Permissions in log4js - https://github.com/advisories/GHSA-82v2-mx6x-wq7q
fix available via `npm audit fix`
node_modules/log4js
marked <4.0.10
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/marked
mem <4.0.0
Severity: moderate
Denial of Service in mem - https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/mem
os-locale 2.0.0 - 3.0.0
Depends on vulnerable versions of mem
node_modules/@angular/compiler-cli/node_modules/os-locale
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
minimist <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/optimist/node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
node-forge <1.0.0
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
node-sass 2.0.0 - 6.0.1
Severity: high
Improper Certificate Validation in node-sass - https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
npm-registry-fetch <4.0.5
Severity: moderate
Sensitive information exposure through logs in npm-registry-fetch - https://github.com/advisories/GHSA-jmqm-f2gx-4fjv
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/npm-registry-fetch
pacote 9.0.0 - 9.5.2
Depends on vulnerable versions of npm-registry-fetch
node_modules/pacote
@angular/cli 1.5.6 || 1.6.4 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @angular-devkit/architect
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of pacote
node_modules/@angular/cli
@schematics/update <=0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ini
Depends on vulnerable versions of pacote
node_modules/@schematics/update
parsejson *
Severity: high
Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp
fix available via `npm audit fix`
node_modules/parsejson
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse
postcss <=7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/postcss
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
serialize-javascript <3.1.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.1.2
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
terser-webpack-plugin <=1.4.3 || 2.0.0 - 2.3.5
Depends on vulnerable versions of serialize-javascript
node_modules/terser-webpack-plugin
shelljs <0.8.5
Severity: moderate
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-64g7-mvw6-v9qj
fix available via `npm audit fix`
node_modules/shelljs
socket.io <=2.4.1
Severity: high
Insecure defaults due to CORS misconfiguration in socket.io - https://github.com/advisories/GHSA-fxwf-4rqh-v8g3
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
socket.io-parser <=3.3.1
Severity: high
Resource exhaustion in socket.io-parser - https://github.com/advisories/GHSA-xfhh-g9f5-x4m4
Depends on vulnerable versions of debug
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/socket.io-parser
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
socket.io-adapter <=1.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-adapter
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
sockjs <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/sockjs
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
ssri 5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/ssri
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/pacote/node_modules/tar
node_modules/tar
node-gyp <=3.8.0
Depends on vulnerable versions of tar
node_modules/node-gyp
node-sass 2.0.0 - 6.0.1
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
trim-newlines <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 2.0.0 - 6.0.1
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
url-parse <=1.5.5
Severity: high
Open redirect in url-parse - https://github.com/advisories/GHSA-hh27-ffr2-f2jc
Path traversal in url-parse - https://github.com/advisories/GHSA-9m6j-fcg5-2442
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
fix available via `npm audit fix`
node_modules/url-parse
ws <=1.1.4
Severity: high
Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ws
engine.io <=4.0.0-alpha.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of ws
node_modules/engine.io
socket.io <=2.4.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io
karma <=6.3.13
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of expand-braces
Depends on vulnerable versions of lodash
Depends on vulnerable versions of optimist
Depends on vulnerable versions of socket.io
node_modules/karma
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
xmlhttprequest-ssl <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
fix available via `npm audit fix`
node_modules/xmlhttprequest-ssl
engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
Depends on vulnerable versions of debug
Depends on vulnerable versions of parsejson
Depends on vulnerable versions of ws
Depends on vulnerable versions of xmlhttprequest-ssl
node_modules/engine.io-client
socket.io-client 1.0.0-pre - 2.1.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of engine.io-client
Depends on vulnerable versions of socket.io-parser
node_modules/socket.io-client
yargs-parser 6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install @angular/[email protected], which is a breaking change
node_modules/@angular/compiler-cli/node_modules/yargs-parser
node_modules/protractor/node_modules/yargs-parser
node_modules/webpack-dev-server/node_modules/yargs-parser
yargs 8.0.0-candidate.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of os-locale
Depends on vulnerable versions of yargs-parser
node_modules/@angular/compiler-cli/node_modules/yargs
node_modules/protractor/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
@angular/compiler-cli 5.0.0-beta.0 - 9.0.0-rc.14
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/@angular/compiler-cli
protractor 5.4.4
Depends on vulnerable versions of yargs
node_modules/protractor
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@angular-devkit/build-angular <=0.1102.17 || 0.1200.0-next.0 - 12.2.14 || 13.0.0-next.0 - 13.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of ajv
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of istanbul-instrumenter-loader
Depends on vulnerable versions of node-sass
Depends on vulnerable versions of postcss
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
79 vulnerabilities (6 low, 33 moderate, 35 high, 5 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.