6

I got some errors in my VSCode terminal in my Angular App:

loader-utils  3.0.0 - 3.2.0
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
fix available via `npm audit fix`
node_modules/@angular-devkit/build-angular/node_modules/loader-utils
  @angular-devkit/build-angular  13.0.0-next.0 - 13.3.9 || 14.0.0-next.0 - 14.2.9 || 15.0.0-next.0 - 15.0.0-rc.5
  Depends on vulnerable versions of loader-utils
  node_modules/@angular-devkit/build-angular

2 high severity vulnerabilities

I tried to use npm audit fix but didn't help.

How to fix it safely (I am quite new w Angular)?

I attach screenshot from terminal.enter image description here

Thank you for a help!

R. Richards
  • 24,603
  • 10
  • 64
  • 64
luca88
  • 105
  • 2
  • 10

2 Answers2

7

In your package-lock.json file change loader-utils version to 3.2.1. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1, for Angular you use 3.2.1

"loader-utils": "3.2.0", ==> "loader-utils": "3.2.1",

Stefan Nagirniak
  • 86
  • 1
  • thanks for response, I have already done it same way as you advised but got another issue and forget about to close this question. – luca88 Dec 07 '22 at 21:04
  • Should I do anything after changing it in package-lock.json? I did it but it still occurs – hvma411 Jan 05 '23 at 11:40
2

What worked for me was:

Change package-lock.json to loader-utils version 3.2.1 as Stefan Nagirniak mentioned:

"loader-utils": "3.2.0", ==> "loader-utils": "3.2.1", save changes

Then run npm audit fix in CLI again:

npm audit fix

(Sorry, not enough rep to reply with a comment on Stefan Nagirniak answer)

Blindbald
  • 21
  • 3