Skip to content

[Snyk] Fix for 2 vulnerabilities

名井南 requested to merge snyk-fix-b7d0cfea14e4f0fe2cdb59cad40c6491 into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/node/base/package.json
    • packages/node/base/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795 		No Proof of Concept
high severity 763/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4		 Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555 		Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @angular-devkit/build-angular The new version differs by 250 commits.
  • 7a901a6 release: cut the v15.2.11 release
  • 61f92fd build: update ng-dev config to work with Node.js 18.19
  • a398d2f test: disable failing test
  • c6feb0b fix(@ angular-devkit/build-angular): `update webpack-dev-middleware` to `6.1.2`
  • b479063 release: cut the v15.2.10 release
  • bfc1f0f test: install specific npm version in npm version E2E test
  • 05213c9 fix(@ angular-devkit/build-angular): update dependency postcss to v8.4.31
  • 00d9708 release: cut the v15.2.9 release
  • f36e38a fix(@ angular/cli): update direct semver dependencies to 7.5.3
  • cdb34b5 release: cut the v15.2.8 release
  • 069dcdf docs: improve wording in doc command version description
  • 51cf97f release: cut the v15.2.7 release
  • d9aefd6 fix(@ schematics/angular): replace vscode launch type from `pwa-chrome` to `chrome`
  • f4a6dac fix(@ angular/cli): process keeps running when analytics are enabled
  • d9e9f74 refactor(@ angular/cli): update E2E command alias
  • 037d84a ci: update CI `.bazelrc` to better support CI systems.
  • f9b2fb1 perf(@ angular/cli): register CLI commands lazily
  • 4d81cb4 release: cut the v15.2.6 release
  • f0b257e fix(@ schematics/angular): ignore hidden directories when running browserlist migration
  • 162484b release: cut the v15.2.5 release
  • db173d7 fix(@ angular/cli): collect tech information
  • a8376e2 ci: disable windows job on PRs
  • 85a048b release: cut the v15.2.4 release
  • f74bfea fix(@ angular-devkit/build-angular): update `webpack` dependency to `5.76.1`

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Path Traversal

Merge request reports