Comments (5)
This also leads to npm audit vulnerabilities that can't be resolved:
# npm audit report
@angular/core <11.0.5
Severity: moderate
Cross site scripting in Angular - https://github.com/advisories/GHSA-c75v-2vq8-878f
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/codelyzer/node_modules/@angular/core
codelyzer >=1.0.0-beta.0
Depends on vulnerable versions of @angular/core
node_modules/codelyzer
2 moderate severity vulnerabilities
Running npm audit fix --force
will result in codelyzer being downgraded to 0.0.28 which wouldn't be what we want, removing codelyzer from our solution for now.
from codelyzer.
Was upgrading our Angular app and had to upgrade Codelyzer for the support of v11. However, this will result in two different versions of @angular/compiler
and @angular/core
in my yarn.lock file: one version 11 (Angular itself) and one version 9 (Codelyzer).
This does not seem the desired behavior, so it means our upgrade is blocked because of this.
from codelyzer.
Bump. Any actions taken around this for the 2+ years the issue has been open?
With Codelyzer currently on 6.0.2
, npm resolves it's dependency on vulnerability @angular/core <11.0.5
by downgrading to ^0.0.28
.
I would be flattered by a response from the dev team, uninstalling such a fantastic package would be a shame.
54 Open PRs, some date back to 2019?
Apparently this has been abandoned 2 years ago min.
from codelyzer.
This error caused me to have to remove Codelyzer from our app. There is a work-around, but we have too many people installing to have to explain work-around to each.
Work-around is to:
- installl angular core 9
- install angular compiler 9 (this will have updated package.json)
- run npm install (or whatever you use) for the rest
- revert package.json
- run npm install again (now with correct versions of angular)
Hope this is fixed soon.
from codelyzer.
Having these dependencies results in not being able to build our project that is within a monorepo, as Angular 9.0.0 is what gets installed in the root node_modules
directory, as opposed to version ^14.0.0 that our project desires. Is there a chance these are going to be removed?
from codelyzer.
Related Issues (20)
- Dependency Dashboard
- Support for Angular 10
- Update codelyzer support for Angular v13 HOT 3
- Angular 14 HOT 2
- Update Angular to resolve vulnerability CVE-2021-4231 HOT 3
- Deprecated dependency "[email protected]"
- tslint 6 compatibility HOT 5
- Support for Angular 8.x.x HOT 1
- directive-selector throws an error when it comes across an empty @Directive() HOT 2
- [feature request]: Add a new rule validate decorators
- Support Angular 10 HOT 15
- No changelog for version 6.0.0 HOT 7
- [Feature Request] Rule: Inputs, Outputs and lifecycle methods on top HOT 1
- [feature request]: Allow aria-label to suppress template-accessibility-alt-text violation
- component-class-suffix does not work. HOT 5
- 5.3.0 not published on NPM HOT 6
- How to Run Codelyzer
- [feature request]: Allow aria-label to suppress template-accessibility-elements-content violation HOT 1
- template-click-events-have-key-events throws error on anchor <a> element
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codelyzer.