guardrails[bot]
commented
2 years ago :warning: We detected 4 security issues in this pull request:
Mode: paranoid | Total findings: 4 | Considered vulnerability: 4
Vulnerable Libraries (4)
Severity | Details ----- | -------- Critical | [pkg:npm/socket.io@3.1.2@3.1.2](https://github.com/turkdevops/angular/blob/aceeef56967cc56c389f3b5b65873ac5a09431a6/yarn.lock#L14331) (t) - **no patch available** Medium | [pkg:npm/karma@6.0.4@6.0.4](https://github.com/turkdevops/angular/blob/aceeef56967cc56c389f3b5b65873ac5a09431a6/yarn.lock#L9752) (t) upgrade to: *6.3.14* Medium | [pkg:npm/ua-parser-js@0.7.32@0.7.32](https://github.com/turkdevops/angular/blob/aceeef56967cc56c389f3b5b65873ac5a09431a6/yarn.lock#L15687) (t) - **no patch available** Critical | [pkg:npm/socket.io-parser@4.0.5@4.0.5](https://github.com/turkdevops/angular/blob/aceeef56967cc56c389f3b5b65873ac5a09431a6/yarn.lock#L14322) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 9.8
SNYK-JS-SOCKETIOPARSER-3091012
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Input Validation