1 min read

Today, Minko Gechev, an engineer in the Angular team at Google announced the release of Angular CLI 7.2.1. This release fixes a webpack-dev-server vulnerability and also comes with support for multiselect list prompt, TypeScript 3.2, and Angular 7.2.0-rc.0.

Understanding the webpack-dev-server vulnerability

The npm install command was showing the Missing Origin Validation vulnerability because webpack-dev-server versions before 3.1.10 are missing origin validation on the websocket server. A remote attacker can take advantage of this vulnerability to steal a developer’s code as the origin of requests to the websocket server, which is used for Hot Module Replacement (HMR) are not validated.

Other updates in Angular 7.2.1 CLI

Several updates and bug fixes were listed in the release notes of Angular CLI’s GitHub repository. Some of them are:

  • Support is added for multiselect list prompt
  • Support is added for TypeScript 3.2 and Angular 7.2.0-rc.0
  • Optimization options are updated
  • Warnings are added for overriding flags in arguments
  • lintFix is added to several other schematics
  • `resourcesOutputPath` is added to the schema to define where style resources will be placed, relative to outputPath.
  • The architect command project parsing is improved
  • Prompt support is added using Inquirer
  • Jobs API is added
  • Directly loading component templates is supported

Read Next

Angular 7 is now stable

Unit testing Angular components and classes [Tutorial]

Setting up Jasmine for Unit Testing in Angular [Tutorial]