Home > Blockchain >  loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)

Time:12-04

I got some errors in my VSCode terminal in my Angular App:

loader-utils  3.0.0 - 3.2.0
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
fix available via `npm audit fix`
node_modules/@angular-devkit/build-angular/node_modules/loader-utils
  @angular-devkit/build-angular  13.0.0-next.0 - 13.3.9 || 14.0.0-next.0 - 14.2.9 || 15.0.0-next.0 - 15.0.0-rc.5
  Depends on vulnerable versions of loader-utils
  node_modules/@angular-devkit/build-angular

2 high severity vulnerabilities

I tried to use npm audit fix but didn't help.

How to fix it safely (I am quite new w Angular)?

I attach screenshot from terminal.enter image description here

Thank you for a help!

CodePudding user response:

To fix the vulnerabilities in your Angular app, you need to update the @angular-devkit/build-angular package and its dependencies to the latest version.

Open a terminal window and navigate to the root directory of your Angular app.

Run the following command to update the @angular-devkit/build-angular package and its dependencies to the latest version:

npm update @angular-devkit/build-angular

Run the following command to verify that the vulnerabilities have been fixed:

npm audit

You should see a message that indicates that the vulnerabilities have been fixed, and that there are no more vulnerabilities in your Angular app.

Alternatively, you can use the npm audit fix --force command to automatically fix the vulnerabilities without manually updating the packages. However, this may cause other issues or conflicts in your Angular app, so it is recommended to update the packages manually.

It is also important to regularly update your Angular app and its dependencies to the latest version to avoid security vulnerabilities and other issues. You can use the npm outdated command to check for outdated packages in your Angular app, and update them using the npm update command.

Page link:https//www.codepudding.com/Blockchain/631776.html

Prev:How can I install @ng-bootstrap/ng-bootstrap on Angular 15?
Next:Jest test fails when using a pipe, but succeeds when using a subscription
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding