guardrails[bot]
commented
3 years ago :warning: We detected 17 security issues in this pull request:
Vulnerable Libraries (17)
Severity | Details ----- | -------- Medium | [acorn@6.3.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>5.7.3 || >6.4.0 || >7.1.0` Medium | [browserslist@4.6.6](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>4.16.4` High | [dns-packet@1.3.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=1.3.2 || >=5.2.2` High | [dot-prop@4.2.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=4.2.1 || >=5.1.1` High | [elliptic@6.5.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>6.5.3` Critical | [handlebars@4.1.2](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>4.7.6` Medium | [hosted-git-info@2.8.4](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=2.8.9 || >=3.0.8` High | [http-proxy@1.17.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=1.18.1` High | [https-proxy-agent@2.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=2.2.3` High | [merge@1.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=2.1.1` High | [node-forge@0.7.5](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>0.9.2` High | [serialize-javascript@1.9.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>3.0.0` Medium | [ssri@5.3.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>6.0.1 || >7.1.0 || 8.0.0` High | [tree-kill@1.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=1.2.2` High | [url-parse@1.4.7](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=1.5.0` Medium | [websocket-extensions@0.1.3](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=0.1.4` High | [y18n@4.0.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/9c6a21bee497cb52dd51da46974606e229d1f12b/package.json) upgrade to `>=5.0.5` More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
dependabot-preview[bot]
Bumps @angular/cli from 7.3.9 to 12.0.3.
Release notes
Sourced from
@angular/cli's releases.... (truncated)
Commits
8990849release: v12.0.3c68572fperf(@angular-devkit/build-webpack): include only required stats in webpackStats1ca193fdocs(@angular-devkit/build-angular): updateincludePathsdescriptiona9c3a35fix(@ngtools/webpack): remove redundant inline style cache7bba446fix(@angular-devkit/core): transform path using getSystemPath for NodeJsAsync...bd88af5perf(@angular-devkit/build-angular): updatelicense-webpack-pluginto2.3.19b36c0c9fix(@schematics/angular): show better error when non existing project is pass...b8c5d56build: bump dns-packet from 1.3.1 to 1.3.4ff87570fix(@ngtools/webpack): normalize paths when adding file dependencies8bee9cbbuild: fix typings to works with webpack 5.37.0Maintainer changes
This version was pushed to npm by google-wombot, a new releaser for
@angular/clisince your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)