我将 Angular aspnet 核心应用程序从 10 升级到 12,现在我有一堆无法修复的拒绝服务漏洞。
我什至不明白它是如何发布的?Angular 12 的产品部署策略是什么?
css-what <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
No fix available
node_modules/css-what
css-select <=3.1.2
Depends on vulnerable versions of css-what node_modules/css-select 17:22 svgo >=1.0.0
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo >=4.0.0-nightly.2020.1.9
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
cssnano-preset-default *
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano-preset-default
cssnano >=4.0.0-nightly.2020.1.9
Depends on vulnerable versions of cssnano-preset-default
node_modules/cssnano
css-minimizer-webpack-plugin *
Depends on vulnerable versions of cssnano
node_modules/css-minimizer-webpack-plugin
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of css-minimizer-webpack-plugin
Depends on vulnerable versions of sass-loader
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
glob-parent <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
No fix available
node_modules/webpack-dev-server/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/webpack-dev-server/node_modules/chokidar
webpack-dev-server 2.0.0-beta - 3.11.2
Depends on vulnerable versions of chokidar
node_modules/webpack-dev-server
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of css-minimizer-webpack-plugin
Depends on vulnerable versions of sass-loader
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack *
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-webpack
trim-newlines <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
No fix available
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 3.5.0-beta.1 - 6.0.0
Depends on vulnerable versions of meow
node_modules/node-sass
sass-loader 5.0.0 - 6.0.7 || 8.0.0 - 10.1.1 || 11.0.0 - 11.0.1
Depends on vulnerable versions of node-sass
node_modules/sass-loader
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of css-minimizer-webpack-plugin Depends on vulnerable versions of sass-loader Depends on vulnerable versions of webpack-dev-server node_modules/@angular-devkit/build-angular 16 vulnerabilities (4 moderate, 12 high)