Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix vulnerability #455

Closed
sanyashvets opened this issue Jun 29, 2021 · 2 comments
Closed

fix vulnerability #455

sanyashvets opened this issue Jun 29, 2021 · 2 comments
Labels
released

Comments

@sanyashvets
Copy link

package version:

    "@ionic/angular-toolkit": "4.0.0",

message getting with npm audit

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ css-what                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @ionic/angular-toolkit [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @ionic/angular-toolkit > cheerio > css-select > css-what     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1754

image

please fix it if it's possible. Thanks in advance!
This was referenced Jul 6, 2021
Closed
Closed
@mhartington
Copy link
Contributor

I will fix but keep in mind, this is not a node app, so the audit feature will give you false positives. AKA, the tooling will run and shut down asap, not like a long-running node process that gets deployed.

Ionitron added a commit that referenced this issue Oct 28, 2021
@Ionitron
chore(release): 5.0.0 [skip ci]
a0bb11f 
# [5.0.0](v4.0.0...v5.0.0) (2021-10-28)

### Bug Fixes

* bump cheerio to rc4 ([905cff2](905cff2)), closes [#456](#456)
* update deps to match latest angular ([0100b8b](0100b8b)), closes [#455](#455) [#452](#452)

### Features

* update to support angular 12.0 ([671bfba](671bfba)), closes [#459](#459) [#460](#460)

### BREAKING CHANGES

* Apps must use Angular 12.0
@Ionitron
Copy link
Collaborator

🎉 This issue has been resolved in version 5.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@sync-by-unito sync-by-unito bot mentioned this issue Nov 1, 2021
Closed
@sync-by-unito sync-by-unito bot mentioned this issue Dec 1, 2021
Closed
@sync-by-unito sync-by-unito bot mentioned this issue Mar 1, 2022
Closed
@sync-by-unito sync-by-unito bot mentioned this issue Mar 30, 2022
Closed
@sync-by-unito sync-by-unito bot mentioned this issue Aug 1, 2022
Closed
wand1252 added a commit to wand1252/angular-toolkit-develop that referenced this issue Aug 31, 2022
@wand1252
chore(release): 5.0.0 [skip ci]
79ec775 
# [5.0.0](ionic-team/angular-toolkit@v4.0.0...v5.0.0) (2021-10-28)

### Bug Fixes

* bump cheerio to rc4 ([905cff2](ionic-team/angular-toolkit@905cff2)), closes [#456](ionic-team/angular-toolkit#456)
* update deps to match latest angular ([0100b8b](ionic-team/angular-toolkit@0100b8b)), closes [#455](ionic-team/angular-toolkit#455) [#452](ionic-team/angular-toolkit#452)

### Features

* update to support angular 12.0 ([671bfba](ionic-team/angular-toolkit@671bfba)), closes [#459](ionic-team/angular-toolkit#459) [#460](ionic-team/angular-toolkit#460)

### BREAKING CHANGES

* Apps must use Angular 12.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: Update cheerio dependency to rc.4 ionic-team/angular-toolkit
3 participants
@mhartington @Ionitron @sanyashvets