英文:
Vulnerability error in loader-utils in Angular 12
问题
I'm getting vulnerability error with loader-utils:2.0.0. 我在运行angular 12应用程序的安全扫描时,出现了loader-utils:2.0.0的漏洞错误。
The loader utils is used by the angular devkit. 我了解,loader utils是angular devkit所使用的。
Is there any way to upgrade loader-utils from 2.0.0 to 3.*.* without upgrading angular? 有没有办法升级loader-utils从2.0.0到3.*.*而不升级angular?
I'm getting the below error now. 我现在收到以下错误信息。
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
在webpack loader-utils的parseQuery.js文件中,版本在2.0.3之前存在prototype污染漏洞,通过parseQuery.js中的name变量引起。
英文:
When I run security scan in my angular 12 application, I'm getting vulnerability error with loader-utils:2.0.0. I understand, the loader utils is used by the angular devkit. Is there any way to upgrade loader-utils from 2.0.0 to 3.*.* without upgrading angular ?
I'm getting the below error now.
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
答案1
得分: 1
loader-utils是一个固定的依赖项,所以你需要升级。
但是:
由于@angular-devkit/build-angular仅在构建阶段使用,loader-utils不会包含在构建的产物中。
你的应用程序没有安全问题。
英文:
loader-utils is fixed dependency, so you'll have to upgrade.
BUT:
As @angular-devkit/build-angular is only used in the building stages, loader-utils will not be included in the built artifact.
There is no security issue for your app.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论