Skip to content
This repository was archived by the owner on Aug 9, 2024. It is now read-only.

[Snyk] Fix for 1 vulnerabilities#92

Open
twilio-product-security wants to merge 1 commit into
masterfrom
snyk-fix-24778a875e5848dc39b3b10f41bb54d2
Open

[Snyk] Fix for 1 vulnerabilities#92
twilio-product-security wants to merge 1 commit into
masterfrom
snyk-fix-24778a875e5848dc39b3b10f41bb54d2

Conversation

@twilio-product-security
Copy link
Copy Markdown

@twilio-product-security twilio-product-security commented Mar 18, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • angular/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 9 commits.
  • 43179a8 chore(release): 1.0.0
  • 3d53968 Merge remote-tracking branch 'origin/master'
  • 240db53 version 1.0 (#742)
  • 1b7acf7 Merge remote-tracking branch 'origin/master'
  • 1703721 docs(README): add more context to `localIdentName` (#711)
  • 1c51265 docs(README): fix malformed emoji (#701)
  • 50f8ec0 Merge remote-tracking branch 'origin/master'
  • 07444ad tests: css custom variables (#709)
  • 3de8aa7 tests: css custom variables (#709)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 213226e 4.0.0
  • fde0183 Merge pull request #6081 from webpack/formating/prettier
  • b6396e7 update stats
  • f32bd41 fix linting
  • 5238159 run prettier on existing code
  • 518d1e0 replace js-beautify with prettier
  • 4c25bfb 4.0.0-beta.3
  • dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
  • 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
  • c7eb895 Merge pull request #6452 from webpack/update_acorn
  • 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
  • e52f323 optimize performance of assignDepth
  • 6bf5df5 Fixed template.md
  • 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
  • b0949cb add integration test for spread operator
  • 39438c7 unittest now also walks the ast
  • 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
  • 1611ce1 Merge pull request #6561 from joshunger/patch-1
  • 6e175bc Merge pull request #6549 from webpack/md4_hash
  • 0637531 Add a hyperlink to create a new issue
  • 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
  • 72477f4 upgrade versions to stable versions
  • ed30285 Merge pull request #6546 from webpack/bot/review-permission
  • 40ee8c7 Use MD4 for hashing

See the full diff

Package name: webpack-dev-server The new version differs by 38 commits.
  • 7430648 3.1.2
  • 50f4007 Update deps
  • da33d2b speed up incremental builds by not doing excessive stats.toJSON work (#1362)
  • 3a7f7d5 3.1.1
  • 34a6cc3 And update pinned webpack-dev-middleware
  • 7b9269e Update deps
  • 3c9592e Actually upgrade package-lock.json...
  • 2b40391 Upgrade webpack-dev-middleware dependency
  • ef55984 Remove Tapable#apply calls (#1331)
  • f2db057 Don't invoke function on static html string (#1329)
  • 94398c4 3.1.0
  • d20757b Upgrade another timeout for slow CI
  • f0534fc Use webpack-log for logging
  • f76182c 3.0.1-beta.0
  • c375aa6 Fix support for multi compiler in webpack 4
  • 9921ecc Add basic example for multi-compiler
  • c32cfa8 Use non-deprecated webpack 4 API's
  • 31d94ab Make tests use more webpack 4 goodiness
  • 9934724 Fix accidental skip of nearly all tests (whoops)
  • 6e1d886 3.0.0
  • eedf10f Try again at fixing CI by upping timeout (necessary for node v6)
  • dfe137c Hopefully fix failing CI tests (the hacky way)
  • 1e7acca Actually make the yargs version test do something
  • cdd10fa Stop testing node v4 on travis ci

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@twilio-product-security @snyk-bot