I have a project for a while and recently installed prime15 to angle 15, frequently runs npm audit to check the status of my app, today I find a security problem that I even have in the Avalon project without making modifications, that is, download of the web, npm install and then the npm audi and I have an error in webpack 5.0.0 - 0.75.0, Severity : high
# npm audit report
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
webpack 5.0.0 - 5.75.0
Severity: high
Cross-realm object access in Webpack 5 - https://github.com/advisories/GHSA-hc6q-2mpp-qw7j
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@0.1101.2, which is a breaking change
node_modules/webpack
@angular-devkit/build-angular 0.1200.0-next.0 - 16.0.0-next.3
Depends on vulnerable versions of webpack
node_modules/@angular-devkit/build-angular
3 vulnerabilities (1 moderate, 2 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Some idea of how to solve the problem, NPM Audit Fix --force generates other problems and does not solve the main one, thanks
