我生成了一个新的角度应用程序。提交代码后,SnarQube 分析显示质量门失败,因为:websocket-extensions:0.1.4 | 参考:CVE-2020-7663 | CVSS 评分:7.5。
我读了这篇文章: James Coglan, fix with 0.1.4 但它不能解决我的问题。在 package-lock.json 中,它们是 0.1.4 的 websocket-extensions,那么如何解决呢?在我的配置下方:
Angular CLI: 9.1.12
Node: 10.16.3
OS: linux x64
Angular: 9.1.12
... animations, cli, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Ivy Workspace: Yes
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.901.12
@angular-devkit/build-angular 0.901.12
@angular-devkit/build-optimizer 0.901.12
@angular-devkit/build-webpack 0.901.12
@angular-devkit/core 9.1.12
@angular-devkit/schematics 9.1.12
@angular/cdk 9.2.4
@angular/flex-layout 9.0.0-beta.31
@angular/material 9.2.4
@ngtools/webpack 9.1.12
@schematics/angular 9.1.12
@schematics/update 0.901.12
rxjs 6.5.5
typescript 3.8.3
webpack 4.42.0
Also:
npm : 6.9.0
感谢帮助,