search

NationalBankBelgium / stark

Modern client-side Web application framework based on Angular, Angular Material / Material Design, TypeScript, Redux, RxJS, ...
https://stark.nbb.be
Other
55 stars 23 forks source link

[Snyk] Fix for 3 vulnerabilities #3749

Open SuperITMan opened 5 months ago

SuperITMan commented 5 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - packages/stark-build/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **631/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.2 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JS-POSTCSS-5926692](https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692) | Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-STYLELINT-1585622](https://snyk.io/vuln/SNYK-JS-STYLELINT-1585622) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @angular-builders/custom-webpack The new version differs by 77 commits.
  • 4dd0f2d ci(release): publish
  • dae4a57 ci(release): publish
  • b0b6a80 fix(ci): graduate flow
  • 020d3c4 fix(ci): update node version in graduate workflow
  • 3184a34 chore(deps): update commitlint monorepo to v17.6.5 (#1383)
  • d9df15b chore(deps): update dependency cpy-cli to v4 (#1175)
  • d3a537c chore(deps): update dependency @ types/node to v18 (#1298)
  • 5717596 chore(deps): update dependency @ types/jasmine to v4.3.2 (#1331)
  • 8d74d14 chore(deps): update dependency @ types/node to v16.18.34 (#1358)
  • aa04af3 chore(deps): update dependency @ types/lodash to v4.14.195 (#1382)
  • 8cfc11e chore(deps): update dependency cypress to v12.13.0 (#1376)
  • 047cfa6 chore(deps): update dependency tslib to v2.5.2 (#1370)
  • 726c605 chore(deps): update dependency html-webpack-plugin to v5.5.1 (#1359)
  • 358409d chore(deps): update angular-cli monorepo to v16.0.3 (#1381)
  • ca2b535 chore(deps): update angular monorepo to v16.0.3 (#1375)
  • 4fe16d0 chore(deps): update dependency rimraf to v5 (#1380)
  • 13465fc chore(deps): update dependency puppeteer to v20 (#1378)
  • c05d5f4 chore(deps): update dependency jest-junit to v16 (#1377)
  • faeb075 chore(deps): update dependency @ lerna-lite/cli to v2 (#1372)
  • efa4467 ci(release): publish
  • 8f728fa chore(deps): update dependency jasmine-core to v5 (#1374)
  • 97d816a ci(release): publish
  • aae89a1 chore(jest): update default mocks (#1371)
  • 97e6f46 ci(release): publish
See the full diff
Package name: @angular-devkit/build-angular The new version differs by 250 commits.
  • 29f2c17 release: cut the v16.1.0 release
  • f0a4ce6 build: bump versions for minor release
  • 72629bd refactor: move esbuild index generator, code bundle option and execution results
  • 15e0a88 refactor(@ angular-devkit/build-angular): update code base structure to facilitate future builders
  • abc49bd build: update angular
  • 8424ab0 fix(@ angular-devkit/build-angular): support proxy configuration array-form in esbuild builder
  • a0e3ae9 docs: removed the duplicate words
  • 32e2b22 refactor: removed unused import statements
  • 0e25fec refactor: replaced the String wrapper object with primitive type string
  • 78084aa build: update all non-major dependencies
  • 1aa9fb4 docs: updated the i tag to the em tag in the html and docs
  • 0fa1167 build: update all non-major dependencies
  • cd7c825 fix(@ angular-devkit/build-angular): correctly handle sass imports
  • ef384f3 build: update angular
  • 8772b62 release: cut the v16.1.0-rc.0 release
  • bc48a0d build: update all non-major dependencies
  • 15c14f7 docs: release notes for the v16.0.5 release
  • bc5b7d5 refactor(@ angular-devkit/build-angular): improve initial file analysis for esbuild builder
  • 7155cbe fix(@ angular-devkit/build-angular): ignore folders starting with a dot in browser-esbuild watcher
  • 772fe84 fix(@ angular-devkit/build-angular): ignore .git folder in browser-esbuild watcher
  • e2954d2 build: update angular
  • dfc052a refactor(@ schematics/angular): deprecate private standalone utilities
  • b14b959 feat(@ schematics/angular): add bootstrap-agnostic utilities for writing ng-add schematics
  • b36effd refactor(@ schematics/angular): add utility to find top-level identifiers
See the full diff
Package name: stylelint The new version differs by 250 commits.
  • 5882290 16.1.0
  • 6c4b64d Prepare 16.1.0 (#7415)
  • 566c422 Bump file-entry-cache from 7.0.2 to 8.0.0 (#7427)
  • 42bf8f8 Bump meow from 12.1.1 to 13.0.0 (#7426)
  • cb509a0 Fix `function-url-quotes` false positives for SCSS variable and `@` character (#7416)
  • e222352 Document benefits from TypeScript annotation (#7423)
  • 760a6f1 Fix `selector-pseudo-class-no-unknown` false positive for `:popover-open` (#7425)
  • 8ec6748 Add `ignore: ["keyframe-selectors"]` to `selector-disallowed-list` (#7417)
  • 548b221 Add missing changelog for PR #7366
  • 19ab06a Sort rules alphabetically in `docs/user-guide/rules.md` (#7422)
  • 0e8b1fd Bump rollup from 4.8.0 to 4.9.1 (#7414)
  • 0455938 Bump the csstools-parser group with 2 updates (#7411)
  • e03a0f9 Update stylelint-stylistic plugin link (#7419)
  • b92260f Bump @ csstools/selector-specificity from 3.0.0 to 3.0.1 (#7413)
  • 368e40f Bump the eslint group with 2 updates (#7412)
  • ef766cd Bump github/codeql-action from 2 to 3 (#7410)
  • b34a184 Document testing options in more detail in the v16 migration guide (#7407)
  • 7620c2c Fix `declaration-property-value-no-unknown` and other false positives for multiline SCSS interpolation (#7406)
  • d03def6 Add lightness-notation (#7366)
  • da7ce21 16.0.2
  • 303b3c9 Prepare 16.0.2 (#7386)
  • fbc6adf Bump rollup from 4.6.1 to 4.8.0 (#7394)
  • d4b12aa Bump np from 8.0.4 to 9.2.0 (#7391)
  • 0ec3df4 Bump the typescript group with 1 update (#7390)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/nationalbankbelgium/project/71f0613c-77eb-47f0-a53a-c7b2c1331f69?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/nationalbankbelgium/project/71f0613c-77eb-47f0-a53a-c7b2c1331f69?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"ccadce62-4d9d-402d-81a7-b15bc1950ef8","prPublicId":"ccadce62-4d9d-402d-81a7-b15bc1950ef8","dependencies":[{"name":"@angular-builders/custom-webpack","from":"14.1.0","to":"16.0.0"},{"name":"@angular-devkit/build-angular","from":"14.2.13","to":"16.1.0"},{"name":"stylelint","from":"13.13.1","to":"16.1.0"}],"packageManager":"npm","projectPublicId":"71f0613c-77eb-47f0-a53a-c7b2c1331f69","projectUrl":"https://app.snyk.io/org/nationalbankbelgium/project/71f0613c-77eb-47f0-a53a-c7b2c1331f69?utm_source=github&utm_medium=referral&page=fix-pr","type":"user-initiated","patch":[],"vulns":["SNYK-JS-INFLIGHT-6095116","SNYK-JS-POSTCSS-5926692","SNYK-JS-STYLELINT-1585622"],"upgrade":["SNYK-JS-INFLIGHT-6095116","SNYK-JS-POSTCSS-5926692","SNYK-JS-STYLELINT-1585622"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[631,479,589],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
sonarcloud[bot] commented 5 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud