CSS-WHAT Package for Angular Update - Enhance Your Styles!

In my Angular setup, the configurations are as follows:

     _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/


Angular CLI: 12.0.3
Node: 14.17.0
Package Manager: npm 7.16.0
OS: win32 x64

Angular: 12.0.4
... animations, cdk, common, compiler, compiler-cli, core, forms
... localize, material, platform-browser
... platform-browser-dynamic, router

Package                         Version
---------------------------------------------------------
@angular-devkit/architect       0.1200.3
@angular-devkit/build-angular   0.1102.14
@angular-devkit/core            12.0.3
@angular-devkit/schematics      12.0.3
@angular/cli                    12.0.3
@schematics/angular             12.0.3
rxjs                            6.6.7
typescript                      4.2.4

When I run `npm audit --audit-level high`, it flags some issues including one concerning css-what:

css-what  <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install @angular-devkit/<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bddfc8d4d1d990dcd3dac8d1dccffd8d93848d8c938c88">[email protected]</a>, which is a breaking change
node_modules/css-what
  css-select  <=3.1.2
  Depends on vulnerable versions of css-what
  node_modules/css-select
    svgo  >=1.0.0
    Depends on vulnerable versions of css-select
    node_modules/svgo
      postcss-svgo  >=4.0.0-nightly.2020.1.9
      Depends on vulnerable versions of svgo
      node_modules/postcss-svgo
        cssnano-preset-default  *
        Depends on vulnerable versions of postcss-svgo
        node_modules/cssnano-preset-default
          cssnano  >=4.0.0-nightly.2020.1.9
          Depends on vulnerable versions of cssnano-preset-default
          node_modules/cssnano
            @angular-devkit/build-angular  *
            Depends on vulnerable versions of @angular-devkit/build-webpack
            Depends on vulnerable versions of resolve-url-loader
            Depends on vulnerable versions of webpack
            Depends on vulnerable versions of webpack-dev-server
            node_modules/@angular-devkit/build-angular

To address this warning, I tried running:

npm update css-what

However, the issue persists. Any guidance on resolving this audit warning would be appreciated.

angularnpm

Answer №1

I am encountering the same issue and struggling to find a resolution for this vulnerability.

I have discovered that manually updating css-what directly is not possible.

npm install @angular-devkit/build-angular@latest
// or
npm install css-what@latest

as it is an indirect dependency of css-select.

The maximum version that can be installed is 4.0.0 due to a conflicting dependency:

@angular-devkit/[email protected] requires css-what@^4.0.0 through a transitive dependency on [email protected]. The earliest fixed version available is 5.0.1.

This issue has also not been resolved in 

@angular-devkit/<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6507100c090148040b02100904172554574b554b50">[email protected]</a>
.

There are discussions regarding this matter: https://github.com/angular/angular-cli/issues/21185

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Trigger the Angular Dragula DropModel Event exclusively from left to right direction

In my application, I have set up two columns using dragula where I can easily drag and drop elements. <div class="taskboard-cards" [dragula]='"task-group"' [(dragulaModel)]="format"> <div class="tas ...

angulartypescriptdrag-and-dropdragulang2-dragula

Error: The property 'send' cannot be read because it is undefined - Node.js

We have integrated a Node.js package called springedge to handle SMS functionality in our project: npm install springedge Below is the code snippet from the file send_messages.js: var springedge = require('springedge'); var params = { &apos ...

node.jsnpm

Using Angular2 to assign the response from an http.get request to a class object

I am a beginner in Angular and I have a JSON file that holds the configuration URL for my application. Path: app/config/development.json { "apiUrl": "http://staging.domain.com:9000/", "debugging": true } Below is the content of my config.service.t ...

javascriptangulartypescript

Use npm to include a new dependency from the current dependency structure

I am currently working on a Vue application that utilizes both vuetable-2 and vue-axios. In my app.js file, I have the following imports: import Vue from 'vue' import VueMaterial from 'vue-material' import axios from 'axios' ...

javascriptnode.jsnpmnpm-install

Is the package.json file properly structured with the required dependencies?

Just getting started with Angular 2 and I'm still getting the hang of the package.json file. I've run into some issues with imports. Upon reviewing my files, I noticed that I have both @angular and angular2 in my dependencies. Is this package.j ...

angularnpm

Ember CLI's server experiencing issues on Windows with no error prompts

I typically work on a Linux machine, but I'm now attempting to establish a development environment on Windows. It seems like I have everything configured correctly because I can create projects using Ember CLI and install packages through Bower and N ...

windowsember.jsnpm

Navigating the process of downloading files in Angular

As I delve into the world of Angular, I am faced with the challenge of understanding how an address is routed within an application to trigger the download of a file stored on the backend database. Even after executing a window.open command, I remain cluel ...

angularfileroutesdownload

Unlocking Column Data Tooltips in Angular Datatables: A Step-by-Step Guide

I have a single datatable and was wondering how to implement tooltips for when hovering over table cells. I tried the following code snippet, which successfully populated the tooltips. However, I am interested in achieving the same functionality using Angu ...

javascriptangulartypescriptangular-datatables

Retrieve the encrypted URL

I'm facing an issue with extracting parameters from an encrypted URL. When using the queryparams function, it only retrieves a portion of the URL after being decrypted. For instance, consider this example URL: http://localhost:4200/househouse? MGRjYjQ ...

javascriptangular

Steps to resolve the 'Cannot assign value to userInfo$ property of [object Object] that only has getter' issue in Angular

I am currently in the process of building a web application using NGXS, and I'm encountering a specific error that I'm trying to troubleshoot. The issue arises when I attempt to fetch data from an API and display it within a column on the page. D ...

angulartypescriptngxs

What is the best way to bring in the angular/http module?

Currently, I am creating an application in Visual Studio with the help of gulp and node. Node organizes all dependencies into a folder named node_modules. During the build process, gulp transfers these dependencies to a directory called libs within wwwroo ...

visual-studiotypescriptangularecmascript-5node-modules

I'm encountering an npm deployment issue on Digital Ocean, what could be causing this?

As someone who is new to deployment, I am encountering errors that I cannot seem to resolve using Google. My platform of choice is digital ocean, and here is the error log: npm ERR! cipm can only install packages with an existing package-lock.json or npm-s ...

jsonnpmdeployment

Module not found, missing module error #557

Upon completing the command npm install -g @vue/<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="482b2421087b66786678652a2d3c296671">[email protected]</a>, I proceeded with the command vue create client and encount ...

node.jsnpmnpm-installnvmvue-cli

Encountered a problem when attempting to launch the React application

[Issue encountered while attempting to launch myfirstreact with npm start] Hello everyone, I am a beginner in the world of React. I am currently facing a problem when trying to run myfirstreact using npm start. Despite receiving an error message pointing ...

node.jsreactjsnpm

Turning off @Output as Observable: A step-by-step guide

I have a query regarding unsubscribing Outputs in Angular. While I am aware that EventEmitter is automatically cleaned up, there was a time when I needed to use an Observable as my Output. Specifically, I wanted to take an Output that emitted events at mos ...

angularrxjsrxjs5

What should be transmitted to the front-end following the successful validation of a token on the server?

My process starts with a login page and then moves to the profile page. When it comes to handling the token on the backend, I use the following code: app.use(verifyToken); function verifyToken(req, res, next) { if (req.path === '/auth/google&ap ...

javascriptnode.jsangularexpress

The search button in the ngx-pagination StartDate and EndDate Search Filter is unresponsive

Working with Angular-14 and ASP.Net Core-6 Web API to consume an endpoint and handle JSON responses. An example of the endpoint URL without parameters: https://localhost/MyApp/api/v1/all-merchants And when parameters are included: https://localhost/MyApp ...

angularngx-pagination

How to properly display an Angular Template expression in an Angular HTML Component Template without any issues?

When writing documentation within an Angular App, is there a way to prevent code from executing and instead display it as regular text? {{ date | date :'short'}} Many sources suggest using a span element to achieve this: <span class="pun"&g ...

javascripthtmlangulartypescript

What should I do to resolve the error when "HttpClient" name is not found?

Whenever I attempt to start my project using npm start, I encounter an error: [at-loader] Checking completed with 1 error [at-loader] ./node_modules/@ngx-translate/http-loader/src/http-loader.d.ts:10:23 TS2304: Cannot find name 'HttpClient' ...

angular

Require assistance in establishing a secure localhost using Node.js (NPM)

After exploring numerous methods, I have yet to successfully enable HTTPS for my Aurelia application (running via npm start) on Windows 10. If you have a foolproof solution for achieving this, please share it with me. Your help would be greatly welcomed. ...

node.jsnpmhttpsaurelia