Not able to solve vulnerabilities due to node-forge

[erjain]

Details

node-forge  <1.0.0
Severity: moderate
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    Depends on vulnerable versions of yargs
    node_modules/@angular-devkit/build-angular/node_modules/webpack-dev-server
      @angular-devkit/build-angular  <=13.0.0-rc.3
      Depends on vulnerable versions of @angular-devkit/build-webpack
      Depends on vulnerable versions of webpack
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular
      @angular-devkit/build-webpack  <=0.1300.0-rc.3
      Depends on vulnerable versions of webpack-dev-server
      node_modules/@angular-devkit/build-angular/node_modules/@angular-devkit/build-webpack

Node.js version

12

Example code

"dependencies": {
    "@angular-devkit/schematics": "^11.0.4",
    "@angular/animations": "11.2.14",
    "@angular/common": "11.2.14",
    "@angular/compiler": "11.2.14",
    "@angular/core": "11.2.14",
    "@angular/forms": "11.2.14",
    "@angular/platform-browser": "11.2.14",
    "@angular/platform-browser-dynamic": "11.2.14",
    "@angular/platform-server": "11.2.14",
    "@angular/router": "11.2.14",
    "@microsoft/signalr": "3.0.1",
    "@ng-bootstrap/ng-bootstrap": "^8.0.0",
    "@popperjs/core": "2.0.0",
    "acorn": "^6.4.1",
    "acorn-dynamic-import": "4.0.0",
    "bootstrap": "4.4.1",
    "core-js": "^3.14.0",
    "file-loader": "2.0.0",
    "font-awesome": "4.7.0",
    "is-svg": ">=4.2.2",
    "isomorphic-fetch": "3.0.0",
    "jquery": "3.5.0",
    "ngx-toastr": "^13.2.0",
    "normalize.css": "8.0.0",
    "popper.js": "1.16.1",
    "rxjs": "^6.5.2",
    "rxjs-compat": "^6.5.2",
    "ssri": ">=8.0.1",
    "tslib": "^2.0.0",
    "typedoc": "0.22.11",
    "webpack-dev-server": "4.7.4",
    "zone.js": "~0.10.2"
  },
  "devDependencies": {
    "@angular-devkit/build-angular": "~0.1102.14",
    "@angular/cli": "11.2.14",
    "@angular/compiler-cli": "11.2.14",
    "@angular/language-service": "11.2.14",
    "@types/core-js": "2.5.0",
    "@types/hammerjs": "2.0.35",
    "@types/jasmine": "~3.6.0",
    "@types/node": "^12.11.1",
    "@types/protractor": "4.0.0",
    "@types/selenium-webdriver": "3.0.10",
    "codelyzer": "^6.0.0",
    "eslint": "8.10.0",
    "handlebars": "^4.7.7",
    "jasmine-core": "~3.6.0",
    "jasmine-spec-reporter": "~5.0.0",
    "karma": "~6.3.16",
    "karma-chrome-launcher": "~3.1.0",
    "karma-cli": "^2.0.0",
    "karma-jasmine": "~4.0.0",
    "karma-jasmine-html-reporter": "^1.5.0",
    "lodash": "^4.17.21",
    "merge": "2.1.1",
    "npm-watch": "0.5.0",
    "protractor": "~7.0.0",
    "rxjs-tslint": "^0.1.8",
    "sass-lint": "^1.13.1",
    "ts-helpers": "1.1.2",
    "ts-node": "~7.0.1",
    "tslint": "~6.1.0",
    "typedoc": "0.22.11",
    "typescript": "4.0.8",
    "url-loader": "1.1.1",
    "webpack": "^4.42.1"
  }

Operating system

win 10

Scope

installation dependencies

Module and version

Not applicable.

[M33p5t3r]

Hi @erjain, Hope you're doing well, I'm currently facing the issue above, Could I ask if you had perhaps found a solution ?

[avivkeller]

Hi! This is an issue with a dependency, and not Node itself.