Angular 12 中 loader-utils 的漏洞错误

huangapple go评论70阅读模式
英文:

Vulnerability error in loader-utils in Angular 12

问题

I'm getting vulnerability error with loader-utils:2.0.0. 我在运行angular 12应用程序的安全扫描时,出现了loader-utils:2.0.0的漏洞错误。

The loader utils is used by the angular devkit. 我了解,loader utilsangular devkit所使用的。

Is there any way to upgrade loader-utils from 2.0.0 to 3.*.* without upgrading angular? 有没有办法升级loader-utils2.0.03.*.*而不升级angular

I'm getting the below error now. 我现在收到以下错误信息。

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
在webpack loader-utils的parseQuery.js文件中,版本在2.0.3之前存在prototype污染漏洞,通过parseQuery.js中的name变量引起。

英文:

When I run security scan in my angular 12 application, I'm getting vulnerability error with loader-utils:2.0.0. I understand, the loader utils is used by the angular devkit. Is there any way to upgrade loader-utils from 2.0.0 to 3.*.* without upgrading angular ?

I'm getting the below error now.

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.

答案1

得分: 1

loader-utils是一个固定的依赖项,所以你需要升级。

但是:

由于@angular-devkit/build-angular仅在构建阶段使用,loader-utils不会包含在构建的产物中。

你的应用程序没有安全问题。

英文:

loader-utils is fixed dependency, so you'll have to upgrade.

BUT:

As @angular-devkit/build-angular is only used in the building stages, loader-utils will not be included in the built artifact.

There is no security issue for your app.

huangapple
  • 本文由 发表于 2023年3月9日 13:58:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/75680905.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定