Fix issue #114

Manually removed vulnerability by upgrading 'tar' package from 2.2.1 to 4.4.8 (https://stackoverflow.com/questions/55635378/angular-devkit-build-angular-arbitrary-file-overwrite). angular-devkit and node-sass issues are still open. (https://github.com/angular/angular-cli/issues/14138, https://github.com/sass/node-sass/issues/2625). Will permanently be fixed once above 2 issues are addressed by Angular and node-sass teams.
5 years ago · 79e34ee283
parent 0cd830f002
commit 79e34ee283
2 changed files with 312 additions and 284 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -51,8 +51,8 @@
    "zone.js": "~0.8.26"
  },
  "devDependencies": {
-    "@angular-devkit/build-angular": "^0.13.6",
-    "@angular/cli": "~7.1.4",
+    "@angular-devkit/build-angular": "^0.13.8",
+    "@angular/cli": "^7.3.8",
    "@angular/compiler-cli": "^7.2.9",
    "@angular/language-service": "^7.0.0",
    "@types/jasmine": "~2.8.8",