NPM Audit Failure = @angular-devkit/build-angular

[Adam-Kernig]

🐞 Bug report

Command (mark with an x)

• [ X ] new
• build
• serve
• test
• e2e
• generate
• add
• update
• lint
• xi18n
• run
• config
• help
• version
• doc

### Is this a regression?
no

### Description
Up to date NG CLI, creating a new project, npm audit strikes


## 🔬 Minimal Reproduction
Up to date NG CLI, creating a new project, npm audit strikes

## 🔥 Exception or Error
<pre><code>
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.4.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @angular-devkit/build-angular [dev]                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @angular-devkit/build-angular > node-sass > node-gyp > tar   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/803                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
</code></pre>


## 🌍 Your Environment
<pre><code>
Angular CLI: 7.3.8
Node: 10.15.0
OS: darwin x64
Angular: 
... 

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.13.8
@angular-devkit/core         7.3.8
@angular-devkit/schematics   7.3.8
@schematics/angular          7.3.8
@schematics/update           0.13.8
rxjs                         6.3.3
typescript                   3.2.4
</code></pre>

**Anything else relevant?**
Nothing further

[alan-agius4]

Hi, thanks for reporting this, however this is caused by an upstream package and will be fixed when they release a new version nodejs/node-gyp#1714

[spp125]

I am having the same issue.

[cap-akimrey]

v4.4.8 was just released.

[chet-manley]

Looks like node-gyp already took care of it.
nodejs/node-gyp#1713

[Adam-Kernig]

Im guessing with it now being resolved we can expect this in the next release?

[HansITChange]

Building a new app still generates the same error

[alan-agius4]

node-sass are using an older version of node-gyp. hence we are still blocked on this.

See: sass/node-sass#2625

[ignaciorecuerda]

This question has already been answered. Can you try this solution https://stackoverflow.com/a/55649551/10961281, it has worked for me

[Adam-Kernig]

This question has already been answered. Can you try this solution https://stackoverflow.com/a/55649551/10961281, it has worked for me

Do NOT manually edit the lock file.

[Adam-Kernig]

This question has already been answered. Can you try this solution https://stackoverflow.com/a/55649551/10961281, it has worked for me

Do NOT manually edit the lock file.

Then how should it be done?

Wait till sass is updated and give the angular chaps time, it's friday (for us anyway) We aren't releasing this weekend.

The Angular guys are extremely quick at resolving issues, patience is key.