search

SrDih / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 1 forks source link

[Snyk] Security upgrade @angular-devkit/build-angular from 13.3.11 to 16.2.5 #24

Open SrDih opened 1 year ago

SrDih commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - frontend/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JS-POSTCSS-5926692](https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @angular-devkit/build-angular The new version differs by 250 commits.
  • 44e375c release: cut the v16.2.5 release
  • 493bd39 fix(@ angular-devkit/build-angular): update dependency postcss to v8.4.31
  • 0201061 test(@ angular/cli): remove Safari 15 test
  • 9333581 fix(@ angular-devkit/build-angular): do not print `Angular is running in development mode.` in the server console when using dev-server
  • 660d849 release: cut the v16.2.4 release
  • 5dc7fb1 fix(@ schematics/angular): update `@ angular/cli` version specifier to use `^`
  • ae41ab5 refactor(@ angular-devkit/build-angular): typo in ignore list plugin function
  • 64b3586 release: cut the v16.2.3 release
  • f1195d0 fix(@ ngtools/webpack): fix recursion in webpack resolve
  • 1f9caa9 refactor(@ schematics/angular): remove empty space in app.config.ts.template
  • 7d61494 Revert "ci: use `head_ref` for concurrency group"
  • 7801185 ci: use `head_ref` for concurrency group
  • d8d116b fix(@ angular-devkit/build-angular): several windows fixes to application builder prerendering
  • 39643be fix(@ angular-devkit/build-angular): correctly re-point RXJS to ESM on Windows
  • 37ee259 release: cut the v16.2.2 release
  • e3a40a4 fix(@ angular-devkit/build-angular): support dev server proxy pathRewrite field in Vite-based server
  • 275a9ba docs(@ angular/cli): Add Puppeteer schematics to e2e command
  • 3b5083b docs: update @ angular/pwa readme
  • 7d0cebd docs: update statsJson application builder description
  • 889338c test: install specific npm version in npm version E2E test
  • f312c19 docs(@ angular/cli): update outdated statement about CLI accepting camelCase
  • c13ceea docs: updated the http tag with https
  • 6779622 release: cut the v16.2.1 release
  • ad821d2 refactor(@ angular-devkit/build-angular): remove disabling certificate validation when inlining fonts
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/srdih/project/aa301cec-789d-4f72-a79e-ee7b4d4f3d85?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/srdih/project/aa301cec-789d-4f72-a79e-ee7b4d4f3d85?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"7315f483-c612-409a-b695-190afbbbfc23","prPublicId":"7315f483-c612-409a-b695-190afbbbfc23","dependencies":[{"name":"@angular-devkit/build-angular","from":"13.3.11","to":"16.2.5"}],"packageManager":"npm","projectPublicId":"aa301cec-789d-4f72-a79e-ee7b4d4f3d85","projectUrl":"https://app.snyk.io/org/srdih/project/aa301cec-789d-4f72-a79e-ee7b4d4f3d85?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-POSTCSS-5926692"],"upgrade":["SNYK-JS-POSTCSS-5926692"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[551],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)
sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication