I got some errors in my VSCode terminal in my Angular App:
loader-utils 3.0.0 - 3.2.0
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
fix available via `npm audit fix`
node_modules/@angular-devkit/build-angular/node_modules/loader-utils
@angular-devkit/build-angular 13.0.0-next.0 - 13.3.9 || 14.0.0-next.0 - 14.2.9 || 15.0.0-next.0 - 15.0.0-rc.5
Depends on vulnerable versions of loader-utils
node_modules/@angular-devkit/build-angular
2 high severity vulnerabilities
I tried to use npm audit fix
but didn't help.
How to fix it safely (I am quite new w Angular)?
I attach screenshot from terminal.
Thank you for a help!
CodePudding user response:
To fix the vulnerabilities in your Angular app, you need to update the @angular-devkit/build-angular
package and its dependencies to the latest version.
Open a terminal window and navigate to the root directory of your Angular app.
Run the following command to update the @angular-devkit/build-angular
package and its dependencies to the latest version:
npm update @angular-devkit/build-angular
Run the following command to verify that the vulnerabilities have been fixed:
npm audit
You should see a message that indicates that the vulnerabilities have been fixed, and that there are no more vulnerabilities in your Angular app.
Alternatively, you can use the npm audit fix --force
command to automatically fix the vulnerabilities without manually updating the packages. However, this may cause other issues or conflicts in your Angular app, so it is recommended to update the packages manually.
It is also important to regularly update your Angular app and its dependencies to the latest version to avoid security vulnerabilities and other issues. You can use the npm outdated command to check for outdated packages in your Angular app, and update them using the npm update command.