search

caiquesergio / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade @angular-devkit/build-angular from 13.3.11 to 15.2.11 #37

Open caiquesergio opened 7 months ago

caiquesergio commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - frontend/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **763/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4 | Path Traversal
[SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555](https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @angular-devkit/build-angular The new version differs by 250 commits.
  • 7a901a6 release: cut the v15.2.11 release
  • 61f92fd build: update ng-dev config to work with Node.js 18.19
  • a398d2f test: disable failing test
  • c6feb0b fix(@ angular-devkit/build-angular): `update webpack-dev-middleware` to `6.1.2`
  • b479063 release: cut the v15.2.10 release
  • bfc1f0f test: install specific npm version in npm version E2E test
  • 05213c9 fix(@ angular-devkit/build-angular): update dependency postcss to v8.4.31
  • 00d9708 release: cut the v15.2.9 release
  • f36e38a fix(@ angular/cli): update direct semver dependencies to 7.5.3
  • cdb34b5 release: cut the v15.2.8 release
  • 069dcdf docs: improve wording in doc command version description
  • 51cf97f release: cut the v15.2.7 release
  • d9aefd6 fix(@ schematics/angular): replace vscode launch type from `pwa-chrome` to `chrome`
  • f4a6dac fix(@ angular/cli): process keeps running when analytics are enabled
  • d9e9f74 refactor(@ angular/cli): update E2E command alias
  • 037d84a ci: update CI `.bazelrc` to better support CI systems.
  • f9b2fb1 perf(@ angular/cli): register CLI commands lazily
  • 4d81cb4 release: cut the v15.2.6 release
  • f0b257e fix(@ schematics/angular): ignore hidden directories when running browserlist migration
  • 162484b release: cut the v15.2.5 release
  • db173d7 fix(@ angular/cli): collect tech information
  • a8376e2 ci: disable windows job on PRs
  • 85a048b release: cut the v15.2.4 release
  • f74bfea fix(@ angular-devkit/build-angular): update `webpack` dependency to `5.76.1`
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/caiquesergio/project/12815a6b-e12b-411e-8280-c890bf2f95a6?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/caiquesergio/project/12815a6b-e12b-411e-8280-c890bf2f95a6?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"e8c9145a-c3df-4213-bee6-8a580a3241ea","prPublicId":"e8c9145a-c3df-4213-bee6-8a580a3241ea","dependencies":[{"name":"@angular-devkit/build-angular","from":"13.3.11","to":"15.2.11"}],"packageManager":"npm","projectPublicId":"12815a6b-e12b-411e-8280-c890bf2f95a6","projectUrl":"https://app.snyk.io/org/caiquesergio/project/12815a6b-e12b-411e-8280-c890bf2f95a6?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555"],"upgrade":["SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[763],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Path Traversal](https://learn.snyk.io/lesson/directory-traversal/?loc=fix-pr)
sonarcloud[bot] commented 7 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud