[Snyk] Security upgrade @angular-devkit/build-angular from 13.0.4 to 15.0.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/node/base/package.json
- packages/node/base/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5 |
Uncontrolled resource consumption SNYK-JS-BRACES-6838727 |
Yes | No Known Exploit | |
125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5 |
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @angular-devkit/build-angular
The new version differs by 250 commits.- 406fc5a release: cut the v15.0.0 release
- aabb0d6 refactor: update framework dependencies to v15
- 91904b7 release: cut the v15.0.0-rc.5 release
- 9afc5ce refactor: temporaily disable sending analytics
- 0fe6b3b perf(@ angular-devkit/build-angular): add vendor chunking to server builder
- d97d425 release: cut the v15.0.0-rc.4 release
- 54e1c01 fix(@ angular-devkit/build-angular): show file replacement in TS missing file error in esbuild builder
- 974688f test(@ angular/cli): remove version 12 update tests
- 9d0872f perf(@ angular-devkit/build-angular): add initial global styles incremental rebuilds with esbuild builder
- 444475f refactor(@ angular-devkit/build-angular): move internal bundle output processing into esbuild bundle helper
- ff03827 fix(@ angular/cli): respect registry in RC when running update through yarn
- fc82e3b fix(@ angular-devkit/build-angular): update browerslist package
- 0724dd7 build: update all non-major dependencies
- 58e6580 build: update all non-major dependencies
- e65b370 build: update angular
- 5dd1e28 release: cut the v15.0.0-rc.3 release
- f14d29b build: update version to 15.0.0-rc.2
- b390c19 build: remove unused dependency `minimatch` from `@ angular-devkit/build-angular`
- b059fc7 fix(@ angular-devkit/build-angular): warn when components styles sourcemaps are not generated when styles optimization is enabled
- 4cb27b8 fix(@ angular-devkit/build-angular): avoid attempted resolve of external CSS URLs with esbuild builder
- 24770f4 fix(@ angular-devkit/architect): default to failure if no builder result is provided
- 0d62157 fix(@ angular-devkit/build-angular): update sourcemaps when rebasing Sass url() functions in esbuild builder
- 2115ac1 build: update all non-major dependencies
- f143171 fix(@ angular-devkit/build-angular): only add `@ angular/platform-server/init` when package is installed.
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: