Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terser Vulnerability from Webpack #6

Open
ViolanteCodes opened this issue Jul 28, 2022 · 0 comments
Open

Terser Vulnerability from Webpack #6

ViolanteCodes opened this issue Jul 28, 2022 · 0 comments
Assignees
@ViolanteCodes

Comments

@ViolanteCodes
Copy link
Collaborator

High severity vulnerability on npm install:

# npm audit report

terser  5.0.0 - 5.14.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
  @angular-devkit/build-angular  0.1001.0-next.0 - 12.2.17 || 13.0.0-next.0 - 13.3.8 || 14.0.0-next.0 - 14.1.0-rc.3
  Depends on vulnerable versions of terser
  node_modules/@angular-devkit/build-angular

This appears to be a brand new vulnerability without a related webpack fix. Will watch and update dependency once fix is ready:

webpack/webpack#16068
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ViolanteCodes ViolanteCodes

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ViolanteCodes