• Empleos
  • Sobre nosotros
  • profesionales
    • Inicio
    • Empleos
    • Cursos y retos
  • empresas
    • Inicio
    • Publicar vacante
    • Nuestro proceso
    • Precios
    • Evaluaciones
    • Nómina
    • Blog
    • Comercial
    • Calculadora de salario

0

676
Vistas
Uncontrolled Resource Consumption in ansi-html

I am getting one of the High vulnerability in angular project is 'Uncontrolled Resource Consumption in ansi-html'. enter image description here

I have got few more such type of High vulnerabilities but those are fixed by adding 'resolutions' section under package.json file and under scripts section added "preinstall": "npx npm-force-resolutions". Which I had fixed those vulnerabilities came Patched in with version like 'Patched in │ >=4.0.1 ' . But this this came with 'No patch available'. So I am getting bit confuse to fix this. Does anyone have idea, how to fix this? Thanks

about 3 years ago · Santiago Trujillo
3 Respuestas
Responde la pregunta

0

If you aren't using ansi-html directly but rely on dependencies that use it, you should instead set up a resolutions section in package.json. (You should never edit package-lock.json directly since it is regenerated every time you run npm install). You just need to provide a link to the tarball where you would normally specify the overriding version number. Your resolutions section of package.json should look like this:

"resolutions": {
    "ansi-html": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz"
}

Please refer to this post for more details:

How to override a nested npm sub-dependency with a different package altogether (not just different package version number)?

about 3 years ago · Santiago Trujillo Denunciar

0

Uncontrolled Resource Consumption in ansi-html (CVE-2021-23424) is a vulnerability that won’t be fixed by the project’s author, since it’s been abandoned and there won’t be a patched version of ansi-html.

You just have to go to package-lock.json and find the line with:

"ansi-html": {
  "version": "0.0.7",
  "resolved": "https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz",
  "integrity": "sha1-gTWEAhliqenm/QOflA0S9WynhZ4="

And replace with this:

"ansi-html-community": {
  "version": "0.0.8",
  "resolved": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz",
  "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw=="

And this line in the same file:

"dependencies": {
    "ansi-html": "^0.0.7",

Replace with:

"dependencies": {
    "ansi-html-community": "^0.0.8",

Then just type npm update and thats it.

You can get more info in this link.

And check the entire commit here.

about 3 years ago · Santiago Trujillo Denunciar

0

Updating your Angular to the latest version (Angular 13 is the latest version for now) will solve your problem! Cheers!

about 3 years ago · Santiago Trujillo Denunciar
Responde la pregunta
Encuentra empleos remotos

¡Descubre la nueva forma de encontrar empleo!

Top de empleos
Top categorías de empleo
Empresas
Publicar vacante Precios Nuestro proceso Comercial
Legal
Términos y condiciones Política de privacidad
© 2025 PeakU Inc. All Rights Reserved.

Andres GPT

Recomiéndame algunas ofertas
Necesito ayuda