I just updated my Ionic CLI from 6.12.3 to 6.12.4 and after that I got some unfixable vulnerabilities on the npm stack:
ini <1.3.6
Prototype Pollution - https://npmjs.com/advisories/1589
fix available via `npm audit fix`
node_modules/@angular/cli/node_modules/ini
node_modules/@schematics/update/node_modules/ini
node_modules/ini
@angular/cli 6.2.9 || 7.1.0-beta.0 - 9.1.12 || 10.0.0-next.0 - 10.2.0 || 11.0.0-next.0 - 11.0.4 || 11.1.0-next.0 - 11.1.0-rc.0
Depends on vulnerable versions of @schematics/update
Depends on vulnerable versions of ini
node_modules/@angular/cli
@schematics/update 0.11.0-beta.0 - 0.901.12 || 0.1000.0-next.0 - 0.1002.0 || 0.1100.0-next.0 - 0.1100.4 || 0.1101.0-next.0 - 0.1101.0-rc.0
Depends on vulnerable versions of ini
node_modules/@schematics/update
serialize-javascript <3.1.0
Severity: high
Remote Code Execution - https://npmjs.com/advisories/1548
fix available via `npm audit fix`
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.1.1
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@ionic/angular-toolkit 2.2.0 - 2.3.0
Depends on vulnerable versions of copy-webpack-plugin
node_modules/@ionic/angular-toolkit
6 vulnerabilities (3 low, 3 high)
I tried to fix them running both npm audit fix
and sudo npm audit fix
, but in boths cases the result is the same:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: com.dooliz.eazytablepay@0.0.1
npm ERR! Found: @angular/compiler-cli@9.1.13
npm ERR! node_modules/@angular/compiler-cli
npm ERR! dev @angular/compiler-cli@"~9.1.6" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer @angular/compiler-cli@"^11.0.0 || ^11.1.0-next" from @angular-devkit/build-angular@0.1101.2
npm ERR! node_modules/@angular-devkit/build-angular
npm ERR! dev @angular-devkit/build-angular@"^0.1101.2" from the root project
npm ERR! peer @angular-devkit/build-angular@">=0.800.0" from @ionic/angular-toolkit@2.3.3
npm ERR! node_modules/@ionic/angular-toolkit
npm ERR! dev @ionic/angular-toolkit@"^2.2.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
This the content of the report file generated:
# npm resolution error report
2021-02-03T14:49:34.413Z
While resolving: com.dooliz.eazytablepay@0.0.1
Found: @angular/compiler-cli@9.1.13
node_modules/@angular/compiler-cli
dev @angular/compiler-cli@"~9.1.6" from the root project
Could not resolve dependency:
peer @angular/compiler-cli@"^11.0.0 || ^11.1.0-next" from @angular-devkit/build-angular@0.1101.2
node_modules/@angular-devkit/build-angular
dev @angular-devkit/build-angular@"^0.1101.2" from the root project
peer @angular-devkit/build-angular@">=0.800.0" from @ionic/angular-toolkit@2.3.3
node_modules/@ionic/angular-toolkit
dev @ionic/angular-toolkit@"^2.2.0" from the root project
Fix the upstream dependency conflict, or retry
this command with --force, or --legacy-peer-deps
to accept an incorrect (and potentially broken) dependency resolution.
Raw JSON explanation object:
{
"code": "ERESOLVE",
"current": {
"name": "@angular/compiler-cli",
"version": "9.1.13",
"whileInstalling": {
"name": "com.dooliz.eazytablepay",
"version": "0.0.1",
"path": "/Users/victorespina/Work/Fuentes/NOI/DEV/ds/cfp"
},
"location": "node_modules/@angular/compiler-cli",
"dependents": [
{
"type": "dev",
"name": "@angular/compiler-cli",
"spec": "~9.1.6",
"from": {
"location": "/Users/victorespina/Work/Fuentes/NOI/DEV/ds/cfp"
}
}
]
},
"edge": {
"type": "peer",
"name": "@angular/compiler-cli",
"spec": "^11.0.0 || ^11.1.0-next",
"error": "INVALID",
"from": {
"name": "@angular-devkit/build-angular",
"version": "0.1101.2",
"whileInstalling": {
"name": "com.dooliz.eazytablepay",
"version": "0.0.1",
"path": "/Users/victorespina/Work/Fuentes/NOI/DEV/ds/cfp"
},
"location": "node_modules/@angular-devkit/build-angular",
"dependents": [
{
"type": "dev",
"name": "@angular-devkit/build-angular",
"spec": "^0.1101.2",
"from": {
"location": "/Users/victorespina/Work/Fuentes/NOI/DEV/ds/cfp"
}
},
{
"type": "peer",
"name": "@angular-devkit/build-angular",
"spec": ">=0.800.0",
"from": {
"name": "@ionic/angular-toolkit",
"version": "2.3.3",
"whileInstalling": {
"name": "com.dooliz.eazytablepay",
"version": "0.0.1",
"path": "/Users/victorespina/Work/Fuentes/NOI/DEV/ds/cfp"
},
"location": "node_modules/@ionic/angular-toolkit",
"dependents": [
{
"type": "dev",
"name": "@ionic/angular-toolkit",
"spec": "^2.2.0",
"from": {
"location": "/Users/victorespina/Work/Fuentes/NOI/DEV/ds/cfp"
}
}
]
}
}
]
}
},
"peerConflict": null,
"strictPeerDeps": false,
"force": false
}
and this is my Ionic info:
Ionic:
Ionic CLI : 6.12.4 (/usr/local/lib/node_modules/@ionic/cli)
Ionic Framework : @ionic/angular 5.2.2
@angular-devkit/build-angular : 0.1101.2
@angular-devkit/schematics : 9.1.7
@angular/cli : 9.1.7
@ionic/angular-toolkit : 2.2.0
Cordova:
Cordova CLI : 10.0.0
Cordova Platforms : android 9.0.0
Cordova Plugins : cordova-plugin-ionic-keyboard 2.2.0, cordova-plugin-ionic-webview 4.2.1, (and 7 other plugins)
Utility:
cordova-res (update available: 0.15.3) : 0.15.1
native-run (update available: 1.3.0) : 0.2.7
System:
Android SDK Tools : 26.1.1 (/Users/victorespina/Library/Android/sdk)
ios-deploy : 1.9.4
NodeJS : v12.18.0 (/usr/local/bin/node)
npm : 7.5.2
OS : macOS Catalina
Xcode : Xcode 12.2 Build version 12B45b
Iโve already searched google and this forum for some clue on how to fix this, but no luck so far. I also deleted the node_modules
folder and ran npm install
but it fails with the same 6 vulnerabilities.