You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While working to fix security vulnerabilities in my own project, Codelyzer 6.0.02 gets flagged for Cross Site Scripting in Angular.. Trying to use npm audit fix --force will cause npm to install Codelyzer 0.0.28 for some strange reason. After the first run of npm audit fix --force, vulnerabilities for tslint, minimist, and optimist are flagged by npm. Running npm audit fix --force again will cause the vulnerabilities to revert back to the original vulnerability that suggests installing Codelyzer 0.0.28. Checking Codelyzer's current required version of @angular/core shows that it depends on Angular 9, which is an angular version flagged by the vulnerability link I mentioned above.
Context and configuration
Please share:
Bug is caused by dependency on Angular 9.
To Reproduce
Run npm install on a project running Angular 18 (or version 11 or higher) & Codelyzer 6.0.02, and follow npm's inline suggestions for fixing vulnerabilities. (see description above).
Expected behavior
Codelyzer should not cause security vulnerabilities when used with the latest version of Angular.
Code
npm install npm audit fix --force
Environment
Version 6.0.1
OS: MacOS Sonoma 14.4.1
Node.js version: 22.11.0
Package manager (yarn/npm) version: 10.9.0
Angular version: 18.2.11
tslint version: 5.20.1
The text was updated successfully, but these errors were encountered:
Describe the bug
While working to fix security vulnerabilities in my own project, Codelyzer 6.0.02 gets flagged for Cross Site Scripting in Angular.. Trying to use
npm audit fix --forcewill cause npm to install Codelyzer 0.0.28 for some strange reason. After the first run ofnpm audit fix --force, vulnerabilities fortslint, minimist, and optimistare flagged by npm. Runningnpm audit fix --forceagain will cause the vulnerabilities to revert back to the original vulnerability that suggests installing Codelyzer 0.0.28. Checking Codelyzer's current required version of @angular/core shows that it depends on Angular 9, which is an angular version flagged by the vulnerability link I mentioned above.Context and configuration
Please share:
Bug is caused by dependency on Angular 9.
To Reproduce
Run
npm installon a project running Angular 18 (or version 11 or higher) & Codelyzer 6.0.02, and follow npm's inline suggestions for fixing vulnerabilities. (see description above).Expected behavior
Codelyzer should not cause security vulnerabilities when used with the latest version of Angular.
Code
npm installnpm audit fix --forceEnvironment
The text was updated successfully, but these errors were encountered: