Skip to content

fix(@angular-devkit/build-angular): address vulnerability in webpack-dev-server #17719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 15, 2020
Merged

fix(@angular-devkit/build-angular): address vulnerability in webpack-dev-server #17719

merged 3 commits into from
May 15, 2020

Conversation

clydin
Copy link
Member

@clydin clydin commented May 13, 2020

webpack-dev-server <3.11.0 contains a low severity vulnerability due to one of its dependencies (yargs-parser). This change updates to 3.11.0 to remove the vulnerability.
https://npmjs.com/advisories/1500

Closes: #17716

@clydin
fix(@angular-devkit/build-angular): address vulnerability in webpack-…
ff7b3a3 
…dev-server

webpack-dev-server <3.11.0 contains a low severity vulnerability due to one of its dependencies (yargs-parser).  This change updates to 3.11.0 to remove the vulnerability.
https://npmjs.com/advisories/1500

Closes: angular#17716
@clydin clydin added the target: lts This PR is targeting a version currently in long-term support label May 13, 2020
@clydin clydin force-pushed the webpack-dev-server-vuln-8.3.x branch from 4032f32 to ff7b3a3 Compare May 13, 2020 17:58
@alan-agius4
Copy link
Collaborator

Can you update protractor to v7 as well?

@clydin clydin requested a review from alan-agius4 May 14, 2020 16:38
alan-agius4
alan-agius4 approved these changes May 14, 2020
View reviewed changes
Copy link
Collaborator

@alan-agius4 alan-agius4 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, when you remove the explorer test
See: f23dc01#diff-c5e40a6ac557251b9500ab9899fffe2f

@alan-agius4 alan-agius4 added the action: merge The PR is ready for merge by the caretaker label May 14, 2020
@filipesilva filipesilva merged commit a2caae2 into angular:8.3.x May 15, 2020
@clydin clydin deleted the webpack-dev-server-vuln-8.3.x branch May 15, 2020 14:04
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jun 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker target: lts This PR is targeting a version currently in long-term support
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@clydin @alan-agius4 @filipesilva @googlebot