Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-28154 Security issue in webpack dependency #249

Open
FloppyNotFound opened this issue Mar 16, 2023 · 1 comment
Open

CVE-2023-28154 Security issue in webpack dependency #249

FloppyNotFound opened this issue Mar 16, 2023 · 1 comment

Comments

@FloppyNotFound
Copy link

I'm submitting a ... (check one with "x")

[x] security issue
[ ] bug report => search github for a similar issue or PR before submitting
[ ] feature request
  • Ngx-pipes version: 3.2.0

Current behavior
See https://security.snyk.io/vuln/SNYK-JS-WEBPACK-3358798 for details

grafik

Expected behavior
Uprade webpack dependency to >=5.76.0

Minimal reproduction of the problem with instructions
yarn audit

@marcinmajkowski
Copy link

marcinmajkowski commented Jan 24, 2024

webpack dependency should be moved back to devDependencies.

But best would be to have separate package.json file for library and separate one for its Angular workspace. Just like in CLI generated workspace containing library project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants