How to fix CVE-2020-7663 | CVSS Score: 7.5 vulnerability

384 views Asked by At

I generate a new angular application. After commiting the code, SnarQube analysis indicates that quality gate is failed, because : websocket-extensions:0.1.4 | Reference: CVE-2020-7663 | CVSS Score: 7.5 .

I read this post of : James Coglan, fix with 0.1.4 but it doesn't fix my issue. in package-lock.json, theire is websocket-extensions with 0.1.4, then how to fix it? below my cofiguration:

Angular CLI: 9.1.12
Node: 10.16.3
OS: linux x64

Angular: 9.1.12
... animations, cli, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Ivy Workspace: Yes

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.901.12
@angular-devkit/build-angular     0.901.12
@angular-devkit/build-optimizer   0.901.12
@angular-devkit/build-webpack     0.901.12
@angular-devkit/core              9.1.12
@angular-devkit/schematics        9.1.12
@angular/cdk                      9.2.4
@angular/flex-layout              9.0.0-beta.31
@angular/material                 9.2.4
@ngtools/webpack                  9.1.12
@schematics/angular               9.1.12
@schematics/update                0.901.12
rxjs                              6.5.5
typescript                        3.8.3
webpack                           4.42.0

Also:
npm  : 6.9.0

Thanks for help,

0

There are 0 answers