I just installed the newest version of Angular through 'ng new' and got a High Severity Vulnerability. After running the Audit, as suggested by npm, I got this:
I installed the latest webpack (4.28.3) and webpack-dev-server (3.1.14) versions.
My current devDependicies on packages.json are the following:
"devDependencies": {
"@angular-devkit/build-angular": "^0.11.4",
"@angular/cli": "~7.1.4",
"@angular/compiler-cli": "~7.1.0",
"@angular/language-service": "~7.1.0",
"@types/jasmine": "~2.8.8",
"@types/jasminewd2": "~2.0.3",
"@types/node": "~8.9.4",
"codelyzer": "~4.5.0",
"jasmine-core": "~2.99.1",
"jasmine-spec-reporter": "~4.2.1",
"karma": "~3.1.1",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "~2.0.1",
"karma-jasmine": "~1.1.2",
"karma-jasmine-html-reporter": "^0.2.2",
"protractor": "~5.4.0",
"ts-node": "~7.0.0",
"tslint": "~5.11.0",
"typescript": "~3.1.6",
"webpack": "^4.28.3",
"webpack-cli": "^3.2.0" }
As suggested by the correct answer on issue webpack-dev-server@3.1.14 getting Missing Origin Validation while using npm audit I tried running the commands on this link: https://npm.community/t/npm-audit-sweems-to-get-semver-wrong/4352/12, which were:
npm install --save-dev webpack-dev-server@latest
It merely added the following line to the devDependecies:
"webpack-dev-server": "^3.1.14"
But the severity still shows.
Am I still missing something?
Update from NPM: "If you’re still having issues, see https://npm.community/t/npm-audit-sweems-to-get-semver-wrong because some packages have not updated webpack-dev-server and thus, there’s no way to fix this without removing those packages right now."
