[Snyk] Security upgrade @angular-devkit/build-angular from 13.0.4 to 15.2.11
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/node/base/package.json
- packages/node/base/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 3, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5 |
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @angular-devkit/build-angular
The new version differs by 250 commits.- 7a901a6 release: cut the v15.2.11 release
- 61f92fd build: update ng-dev config to work with Node.js 18.19
- a398d2f test: disable failing test
- c6feb0b fix(@ angular-devkit/build-angular): `update webpack-dev-middleware` to `6.1.2`
- b479063 release: cut the v15.2.10 release
- bfc1f0f test: install specific npm version in npm version E2E test
- 05213c9 fix(@ angular-devkit/build-angular): update dependency postcss to v8.4.31
- 00d9708 release: cut the v15.2.9 release
- f36e38a fix(@ angular/cli): update direct semver dependencies to 7.5.3
- cdb34b5 release: cut the v15.2.8 release
- 069dcdf docs: improve wording in doc command version description
- 51cf97f release: cut the v15.2.7 release
- d9aefd6 fix(@ schematics/angular): replace vscode launch type from `pwa-chrome` to `chrome`
- f4a6dac fix(@ angular/cli): process keeps running when analytics are enabled
- d9e9f74 refactor(@ angular/cli): update E2E command alias
- 037d84a ci: update CI `.bazelrc` to better support CI systems.
- f9b2fb1 perf(@ angular/cli): register CLI commands lazily
- 4d81cb4 release: cut the v15.2.6 release
- f0b257e fix(@ schematics/angular): ignore hidden directories when running browserlist migration
- 162484b release: cut the v15.2.5 release
- db173d7 fix(@ angular/cli): collect tech information
- a8376e2 ci: disable windows job on PRs
- 85a048b release: cut the v15.2.4 release
- f74bfea fix(@ angular-devkit/build-angular): update `webpack` dependency to `5.76.1`
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: