npm audit
=== Security Report from npm audit ===
# You have 1 vulnerability that can be resolved by running `npm update terser-webpack-plugin --depth 3`
Severity Issue
Package serialize-javascript
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > webpack >
terser-webpack-plugin > serialize-javascript
More Information https://npmjs.com/advisories/1426
Manual Review Required
Some vulnerabilities need your attention to be resolved
Visit https://go.npm.me/audit-guide for further guidance
Severity Issue
Package serialize-javascript
Patched in >=2.1.1
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > copy-webpack-plugin >
serialize-javascript
More Information https://npmjs.com/advisories/1426
Severity Issue
Package serialize-javascript
Patched in >=2.1.1
Dependency of @angular-devkit/build-angular [dev]
Path @angular-devkit/build-angular > terser-webpack-plugin >
serialize-javascript
More Information https://npmjs.com/advisories/1426
found 3 moderate severity vulnerabilities in 18591 scanned packages
run `npm audit fix` to fix 1 of them.
2 vulnerabilities require manual review. See the full report for details.
package.json
{
"name": "client",
"version": "0.0.1",
"author": "Ionic Framework",
"homepage": "https://ionicframework.com/",
"scripts": {
"ng": "ng",
"start": "ng serve",
"build": "ng build",
"test": "ng test",
"lint": "ng lint",
"e2e": "ng e2e"
},
...
// Omitted for brevity
...
Cross-Site Scripting serialize-javascript
npm doc: https://www.npmjs.com/advisories/1426
The documentation states:
Overview
Versions of
serialize-javascriptbefore 2.1.1 are susceptible to Cross-Site Scripting (XSS) attacks. The package does not properly sanitize serialized regular expressions. Note that this vulnerability does not impact Node.js applications.Remediation
Upgrade to version 2.1.1 or later.
Even though I don't use serialize-javascript in my package.json file. How should I address this?