René's URL Explorer Experiment

Title: [Snyk] Security upgrade webpack-dev-server from 2.7.1 to 4.8.0 by one3chens · Pull Request #67 · feicc/angular-cli · GitHub

Open Graph Title: [Snyk] Security upgrade webpack-dev-server from 2.7.1 to 4.8.0 by one3chens · Pull Request #67 · feicc/angular-cli

X Title: [Snyk] Security upgrade webpack-dev-server from 2.7.1 to 4.8.0 by one3chens · Pull Request #67 · feicc/angular-cli

Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes included in this PR Changes to the following files to upgrade the vulnerable dependencies to a fixed version: package.json package-lock.json Vulnerabilities that will be fixed With an upgrade: Severity Priority Score (*) Issue Breaking Change Exploit Maturity 823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864 Yes Proof of Concept (*) Note that the real score may have changed since the PR was raised. Commit messages Package name: webpack-dev-server The new version differs by 250 commits. 5aad1e7 chore(release): 4.8.0 28ad7ed chore(deps): bump graceful-fs from 4.2.9 to 4.2.10 (angular#4368) 7920364 feat: export initialized socket client (angular#4304) 4e7800e chore: update webpack (angular#4367) fbda2a8 chore(deps-dev): bump body-parser from 1.19.2 to 1.20.0 (angular#4366) 67c080b chore(deps-dev): bump puppeteer from 13.5.1 to 13.5.2 (angular#4361) 56ec411 chore(deps): bump html-entities from 2.3.2 to 2.3.3 (angular#4358) ca8a53a chore: update deps and fix audit (angular#4356) 501f6aa chore(deps-dev): bump @ babel/runtime 7d2b4f0 chore(deps-dev): bump @ babel/core 95e26fe test: add cases for `webSocketURL` with `server` option (angular#4346) 84b4774 chore: migrate script for examples on `setupMiddlewares` option (angular#4347) a7ccab1 chore: replace deprecated String.prototype.substr() (angular#4343) 1bf2614 chore(deps-dev): bump lint-staged from 12.3.6 to 12.3.7 (angular#4344) 188497a chore(deps-dev): bump prettier from 2.5.1 to 2.6.0 (angular#4339) 7560a37 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.6 (angular#4341) dc2d6f7 chore(deps): bump http-proxy-middleware from 2.0.3 to 2.0.4 (angular#4333) 552e4ab chore(deps-dev): bump @ babel/runtime af3de07 chore(deps-dev): bump @ babel/core a80fa1f chore(deps): bump @ types/ws 457e1e5 chore(deps-dev): bump eslint from 8.10.0 to 8.11.0 (angular#4334) b48ff7f chore(deps-dev): bump puppeteer from 13.5.0 to 13.5.1 (angular#4330) 3ce15d4 chore(deps-dev): bump puppeteer from 13.4.1 to 13.5.0 (angular#4329) a892235 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (angular#4328) See the full diff Check the changes in this PR to ensure they won't cause issues with your project. Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: 🧐 View latest project report 🛠 Adjust project settings 📚 Read more about Snyk's upgrade and patch logic Learn how to fix vulnerabilities with free interactive lessons: 🦉 Server-side Request Forgery (SSRF)

Open Graph Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...

X Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...

Opengraph URL: https://github.com/feicc/angular-cli/pull/67

X: @github

direct link

Domain: patch-diff.githubusercontent.com

Links:

Viewport: width=device-width