search

caiquesergio / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade @angular-devkit/build-angular from 13.3.9 to 14.2.10 #12

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @angular-devkit/build-angular The new version differs by 250 commits.
  • a677ccd release: cut the v14.2.10 release
  • 9dcea09 test(@ angular/cli): fix version specifier test
  • 9ce386c fix(@ angular/cli): exclude `@ angular/localize@<10.0.0` from ng add pa… (#24152)
  • 6446091 fix(@ angular/cli): exclude `@ angular/material@7.x` from ng add package discovery
  • f1fe0ea test(@ angular/cli): remove `node:assert` usage.
  • 87277d9 test(@ angular/cli): update NPM range in npm-7 test
  • 21cea0b fix(@ angular-devkit/build-angular): update `loader-utils` to `3.2.1`
  • 7541e04 fix(@ angular/cli): respect registry in RC when running update through yarn
  • ac3d230 release: cut the v14.2.9 release
  • e3e7877 fix(@ angular-devkit/architect): default to failure if no builder result is provided
  • 12b2dc5 fix(@ angular-devkit/build-angular): isolate zone.js usage when rendering server bundles
  • 4f730aa release: cut the v14.2.8 release
  • 4b0ee8a fix(@ schematics/angular): guard schematics should include all guards (CanMatch)
  • 7a40f87 release: cut the v14.2.7 release
  • bebed9d fix(@ angular-devkit/build-angular): issue dev-server support warning when using esbuild builder
  • 91b5bcb fix(@ angular/cli): disable version check during auto completion
  • 02a3d7b fix(@ angular/cli): skip node.js compatibility checks when running completion
  • 5d54503 release: cut the v14.2.6 release
  • 1c9cf59 fix(@ angular/cli): handle missing `which` binary in path
  • ad69281 fix(@ angular-devkit/core): project extension warning message should identify concerned project
  • 28b2cd1 fix(@ angular/cli): skip downloading temp CLI when running `ng update` without package names
  • 86b84a8 release: cut the v14.2.5 release
  • 17eb20c fix(@ angular-devkit/schematics): throw more relevant error when Rule returns invalid null value
  • a4f4b33 docs(@ angular/cli): update platform support information in auto-completion
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication