I generate a new angular application. After commiting the code, SnarQube analysis indicates that quality gate is failed, because : websocket-extensions:0.1.4 | Reference: CVE-2020-7663 | CVSS Score: 7.5 .
I read this post of : James Coglan, fix with 0.1.4 but it doesn't fix my issue. in package-lock.json, theire is websocket-extensions with 0.1.4, then how to fix it? below my cofiguration:
Angular CLI: 9.1.12
Node: 10.16.3
OS: linux x64
Angular: 9.1.12
... animations, cli, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Ivy Workspace: Yes
Package Version
-----------------------------------------------------------
@angular-devkit/architect 0.901.12
@angular-devkit/build-angular 0.901.12
@angular-devkit/build-optimizer 0.901.12
@angular-devkit/build-webpack 0.901.12
@angular-devkit/core 9.1.12
@angular-devkit/schematics 9.1.12
@angular/cdk 9.2.4
@angular/flex-layout 9.0.0-beta.31
@angular/material 9.2.4
@ngtools/webpack 9.1.12
@schematics/angular 9.1.12
@schematics/update 0.901.12
rxjs 6.5.5
typescript 3.8.3
webpack 4.42.0
Also:
npm : 6.9.0
Thanks for help,