guardrails[bot]
commented
1 year ago :warning: We detected 3 security issues in this pull request:
Mode: paranoid | Total findings: 3 | Considered vulnerability: 3
Vulnerable Libraries (3)
Severity | Details ----- | -------- High | [pkg:npm/mocha@4.1.0@4.1.0](https://github.com/turkdevops/angular/blob/9bdc38eb1c1a93ef54900a5d67e5f1df5df50d1f/packages/zone.js/yarn.lock#L2755) (t) - **no patch available** High | [pkg:npm/diff@3.3.1@3.3.1](https://github.com/turkdevops/angular/blob/9bdc38eb1c1a93ef54900a5d67e5f1df5df50d1f/packages/zone.js/yarn.lock#L1213) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/turkdevops/angular/blob/9bdc38eb1c1a93ef54900a5d67e5f1df5df50d1f/packages/zone.js/yarn.lock#L2702) (t) upgrade to: *3.0.5* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 9.8
npm:growl:20160721
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Arbitrary Code Injection