search

marceloframires / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade @angular/cli from 13.3.11 to 14.2.12 #18

Open marceloframires opened 1 year ago

marceloframires commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - frontend/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @angular/cli The new version differs by 250 commits.
  • 9b79b45 release: cut the v14.2.12 release
  • 8283932 test: update E2E Node.js v14 version to v14.19 to allow installs
  • bd396b6 fix(@ angular/cli): update direct semver dependencies to 7.5.3
  • d177918 release: cut the v14.2.11 release
  • ddd33bf fix(@ angular-devkit/build-angular): update webpack dependency to `5.76.1`
  • 6df825d ci: update to latest version of dev-infra orb
  • 31e8a58 ci: create daily_run_workflow for 14.2.x branch
  • e9d30d4 release: cut the v14.2.10 release
  • 9dcea09 test(@ angular/cli): fix version specifier test
  • 9ce386c fix(@ angular/cli): exclude `@ angular/localize@<10.0.0` from ng add pa… (#24152)
  • 6446091 fix(@ angular/cli): exclude `@ angular/material@7.x` from ng add package discovery
  • f1fe0ea test(@ angular/cli): remove `node:assert` usage.
  • 87277d9 test(@ angular/cli): update NPM range in npm-7 test
  • 21cea0b fix(@ angular-devkit/build-angular): update `loader-utils` to `3.2.1`
  • 7541e04 fix(@ angular/cli): respect registry in RC when running update through yarn
  • ac3d230 release: cut the v14.2.9 release
  • e3e7877 fix(@ angular-devkit/architect): default to failure if no builder result is provided
  • 12b2dc5 fix(@ angular-devkit/build-angular): isolate zone.js usage when rendering server bundles
  • 4f730aa release: cut the v14.2.8 release
  • 4b0ee8a fix(@ schematics/angular): guard schematics should include all guards (CanMatch)
  • 7a40f87 release: cut the v14.2.7 release
  • bebed9d fix(@ angular-devkit/build-angular): issue dev-server support warning when using esbuild builder
  • 91b5bcb fix(@ angular/cli): disable version check during auto completion
  • 02a3d7b fix(@ angular/cli): skip node.js compatibility checks when running completion
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/marceloframires/project/7c7d7227-2ecd-4dee-a49b-0466bd51edcd?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/marceloframires/project/7c7d7227-2ecd-4dee-a49b-0466bd51edcd?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"92990862-e1d8-4485-bd58-f7cc1725da02","prPublicId":"92990862-e1d8-4485-bd58-f7cc1725da02","dependencies":[{"name":"@angular/cli","from":"13.3.11","to":"14.2.12"}],"packageManager":"npm","projectPublicId":"7c7d7227-2ecd-4dee-a49b-0466bd51edcd","projectUrl":"https://app.snyk.io/org/marceloframires/project/7c7d7227-2ecd-4dee-a49b-0466bd51edcd?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication