I am on the way to upgrade my Angular project. I have followed all the steps mentioned here https://update.angular.io/. After that am able to resolve all the issues except one high related to @angular-devkit/builder-angular.
This is the issue which causing build failure.
High Denial of Service
Package css-what
Patched in >=5.0.1
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > css-minimizer-webpack-plugin
> cssnano > cssnano-preset-default > postcss-svgo > svgo >
css-select > css-what ```
found 3 vulnerabilities (2 moderate, 1 high) in 1651 scanned packages
3 vulnerabilities require manual review. See the full report for details.
I have tried updating using all the version @angular-devkit/builder-angular available, but no luck. You can see some of the version which i have tried below.
```-- @angular-devkit/build-angular@12.0.2
-- css-minimizer-webpack-plugin@3.0.0
-- cssnano@5.0.6 -- cssnano-preset-default@5.1.3
-- postcss-svgo@5.0.2 -- svgo@2.3.0
-- css-select@3.1.2 -- css-what@4.0.0
-- @angular-devkit/build-angular@12.0.5
-- css-minimizer-webpack-plugin@3.0.0
-- cssnano@5.0.6 -- cssnano-preset-default@5.1.3
-- postcss-svgo@5.0.2 -- svgo@2.3.0
-- css-select@3.1.2 -- css-what@4.0.0
-- @angular-devkit/build-angular@12.1.0-next.6
-- css-minimizer-webpack-plugin@3.0.1
-- cssnano@5.0.6 -- cssnano-preset-default@5.1.3
-- postcss-svgo@5.0.2 -- svgo@2.3.0
-- css-select@3.1.2 -- css-what@4.0.0 ```
In above @angular-devkit/build-angular is excepting css-what version should be >= 5.0.1 which I am not able to find.
Which version of @angular-devkit/builder-angular@? i need to install so that css-what >= 5.0.1 . Then only that high issue will get resolve.
```FYI
Node version - v12.18.2
npm - 6.14.5
"dependencies": {
"@angular-devkit/core": "^12.0.2",
"@angular/animations": "^12.0.2",
"@angular/common": "^12.0.2",
"@angular/compiler": "^12.0.2",
"@angular/core": "^12.0.2",
"@angular/forms": "^12.0.2",
"@angular/localize": "^12.0.2",
"@angular/platform-browser": "^12.0.2",
"@angular/platform-browser-dynamic": "^12.0.2",
"@angular/platform-server": "^12.0.2",
"@angular/router": "^12.0.2",
"@angular/service-worker": "^12.0.2",
"@fortawesome/fontawesome-free": "^5.15.3",
"@ng-bootstrap/ng-bootstrap": "^9.1.2",
"@ng-select/ng-select": "^5.1.0",
"@ngrx/store-devtools": "^6.1.0",
"ag-grid": "^18.1.2",
"ag-grid-angular": "^18.1.0",
"ag-grid-community": "^19.0.0",
"angular2-text-mask": "^9.0.0",
"autoprefixer": "^10.2.6",
"classlist.js": "^1.1.20150312",
"compass-mixins": "^0.12.10",
"core-js": "^2.6.12",
"jquery": "^3.6.0",
"moment": "^2.29.1",
"ng6-toastr": "^6.0.0",
"ngx-bootstrap": "^6.2.0",
"ngx-moment": "^3.2.0",
"ngx-spinner": "^6.1.2",
"ngx-toastr": "^14.0.0",
"postcss-scss": "^3.0.5",
"rxjs": "^6.6.7",
"rxjs-compat": "^6.6.7",
"zone.js": "^0.11.4"
},
"devDependencies": {
"@angular-devkit/build-angular": "^12.1.0-next.6",
"@angular/cli": "^12.0.2",
"@angular/compiler-cli": "^12.0.2",
"@angular/language-service": "^12.0.2",
"@ngrx/store": "^12.1.0",
"@types/jasmine": "^3.7.6",
"@types/jasminewd2": "^2.0.9",
"@types/node": "^15.6.1",
"codelyzer": "^6.0.2",
"jasmine-core": "^3.7.1",
"jasmine-spec-reporter": "^7.0.0",
"jspm": "^0.16.53",
"karma": "^6.3.3",
"karma-chrome-launcher": "^3.1.0",
"karma-coverage-istanbul-reporter": "^3.0.3",
"karma-jasmine": "^4.0.1",
"karma-jasmine-html-reporter": "^1.6.0",
"protractor": "^7.0.0",
"ts-node": "^8.3.0",
"tslint": "^6.1.0",
"typescript": "^4.2.4"
},```
>quote Thanks in advance, early reply will be appreciated.
