Open
Description
When following the instructions for running a dev server, you run into the following npm vulnerability audit that should probably be addressed (I'm very new to node/npm/angular, maybe someone else has a better knowledge of how to address this?):
# npm audit report
@angular/core <10.2.5
Severity: moderate
Cross site scripting in Angular - https://github.com/advisories/GHSA-c75v-2vq8-878f
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/codelyzer/node_modules/@angular/core
codelyzer >=1.0.0-beta.0
Depends on vulnerable versions of @angular/core
node_modules/codelyzer
axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/wait-on/node_modules/axios
node_modules/webdav/node_modules/axios
wait-on 5.0.0-rc.0 - 7.1.0
Depends on vulnerable versions of axios
node_modules/wait-on
start-server-and-test 1.11.1 - 2.0.2
Depends on vulnerable versions of wait-on
node_modules/start-server-and-test
webdav 2.0.0-rc1 - 4.11.3
Depends on vulnerable versions of axios
node_modules/webdav
marked <=4.0.9
Severity: high
Regular Expression Denial of Service in marked - https://github.com/advisories/GHSA-ch52-vgq2-943f
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
No fix available
node_modules/jira2md/node_modules/marked
jira2md 2.0.4
Depends on vulnerable versions of marked
node_modules/jira2md
8 vulnerabilities (1 low, 6 moderate, 1 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.