You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bug: Security Threats Denial of Service Regular expression denial of service - No fix available - using Ionic Capacitor (v3.0.2) Blank Starter App
#4790
Closed
edocbuhtig opened this issue
Jul 3, 2021
· 3 comments
Create a new Ionic (Angular) (Capacitor) Blank Starter app with below command:
ionic start demo blank
Security threats thrown by npm audit:
# npm audit report
css-what <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install @ionic/[email protected], which is a breaking change
node_modules/css-what
css-select <=3.1.2
Depends on vulnerable versions of css-what
node_modules/css-select
cheerio 0.19.0 - 1.0.0-rc.3
Depends on vulnerable versions of css-select
node_modules/cheerio
@ionic/angular-toolkit >=2.2.0
Depends on vulnerable versions of cheerio
node_modules/@ionic/angular-toolkit
glob-parent <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
No fix available
node_modules/webpack-dev-server/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/webpack-dev-server/node_modules/chokidar
webpack-dev-server 2.0.0-beta - 3.11.2
Depends on vulnerable versions of chokidar
node_modules/webpack-dev-server
@angular-devkit/build-angular *
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack *
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-webpack
9 vulnerabilities (5 moderate, 4 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Expected Behavior
For a base starter app 9 vulnerabilities (5 moderate, 4 high) should be 0 vulnerabilities (0 moderate, 0 high)
Code Reproduction
Pick a framework! 😁
Please select the JavaScript framework to use for your new app. To bypass this
prompt next time, supply a value for the --type option.
? Framework: Angular
✔ Preparing directory ./demo in 1.22ms
✔ Downloading and extracting blank starter in 250.69ms
? Integrate your new app with Capacitor to target native iOS and Android? Yes
> ionic integrations enable capacitor --quiet -- demo
> npm i --save -E @capacitor/core@latest
added 1626 packages, and audited 1627 packages in 1m
130 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (5 moderate, 4 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
> npm i -D -E @capacitor/cli@latest
added 35 packages, and audited 1662 packages in 6s
131 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (5 moderate, 4 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
> npm i --save -E @capacitor/haptics @capacitor/app @capacitor/keyboard @capacitor/status-bar
added 4 packages, and audited 1666 packages in 5s
131 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (5 moderate, 4 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
> capacitor init demo --web-dir www
✔ Creating capacitor.config.ts in /Users/xxx/demo in 34.21ms
[success] capacitor.config.ts created!
Next steps:
https://capacitorjs.com/docs/getting-started#where-to-go-next
[OK] Integration capacitor added!
Installing dependencies may take several minutes.
──────────────────────────────────────────────────────────────────────────────
Ionic Advisory, tailored solutions and expert services by Ionic
Go to market faster 🏆
Real-time troubleshooting and guidance 💁
Custom training, best practices, code and architecture reviews 🔎
Customized strategies for every phase of the development lifecycle 🔮
👉 https://ion.link/advisory 👈
──────────────────────────────────────────────────────────────────────────────
> npm i
up to date, audited 1666 packages in 3s
131 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (5 moderate, 4 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
> git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
Initialized empty Git repository in /Users/xxx/demo/.git/
> git add -A
> git commit -m "Initial commit" --no-gpg-sign
[master (root-commit) e8a39b4] Initial commit
40 files changed, 36480 insertions(+)
create mode 100644 .browserslistrc
create mode 100644 .editorconfig
create mode 100644 .eslintrc.json
create mode 100644 .gitignore
create mode 100644 angular.json
create mode 100644 capacitor.config.ts
create mode 100644 e2e/protractor.conf.js
create mode 100644 e2e/src/app.e2e-spec.ts
create mode 100644 e2e/src/app.po.ts
create mode 100644 e2e/tsconfig.json
create mode 100644 ionic.config.json
create mode 100644 karma.conf.js
create mode 100644 package-lock.json
create mode 100644 package.json
create mode 100644 src/app/app-routing.module.ts
create mode 100644 src/app/app.component.html
create mode 100644 src/app/app.component.scss
create mode 100644 src/app/app.component.spec.ts
create mode 100644 src/app/app.component.ts
create mode 100644 src/app/app.module.ts
create mode 100644 src/app/home/home-routing.module.ts
create mode 100644 src/app/home/home.module.ts
create mode 100644 src/app/home/home.page.html
create mode 100644 src/app/home/home.page.scss
create mode 100644 src/app/home/home.page.spec.ts
create mode 100644 src/app/home/home.page.ts
create mode 100644 src/assets/icon/favicon.png
create mode 100644 src/assets/shapes.svg
create mode 100644 src/environments/environment.prod.ts
create mode 100644 src/environments/environment.ts
create mode 100644 src/global.scss
create mode 100644 src/index.html
create mode 100644 src/main.ts
create mode 100644 src/polyfills.ts
create mode 100644 src/test.ts
create mode 100644 src/theme/variables.scss
create mode 100644 src/zone-flags.ts
create mode 100644 tsconfig.app.json
create mode 100644 tsconfig.json
create mode 100644 tsconfig.spec.json
Your Ionic app is ready! Follow these next steps:
- Go to your new project: cd ./demo
- Run ionic serve within the app directory to see your app in the browser
- Run ionic capacitor add to add a native iOS or Android project using Capacitor
- Generate your app icon and splash screens using cordova-res --skip-config
--copy
- Explore the Ionic docs for components, tutorials, and more:
https://ion.link/docs
- Building an enterprise app? Ionic has Enterprise Support and Features:
https://ion.link/enterprise-edition
The text was updated successfully, but these errors were encountered:
edocbuhtig
changed the title
bug: Denial of Service Regular expression denial of service - No fix available - using Ionic Capacitor (v3.0.2) Blank Starter App
bug: Security Threats Denial of Service Regular expression denial of service - No fix available - using Ionic Capacitor (v3.0.2) Blank Starter App
Jul 3, 2021
this is a bug in @ionic/angular-toolkit (in one of it's dependencies really) and it's already reported there, has nothing to do with Capacitor ionic-team/angular-toolkit#455
Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.
Bug Report
Capacitor Version
Platform(s)
Current Behavior
Create a new Ionic (Angular) (Capacitor) Blank Starter app with below command:
Security threats thrown by npm audit:
Expected Behavior
For a base starter app 9 vulnerabilities (5 moderate, 4 high) should be 0 vulnerabilities (0 moderate, 0 high)
Code Reproduction
Other Technical Details
npm --version
output: 7.19.1node --version
output: 14.17.2The text was updated successfully, but these errors were encountered: