Title: [Snyk] Fix for 2 vulnerabilities by one3chens · Pull Request #68 · feicc/angular-cli · GitHub
Open Graph Title: [Snyk] Fix for 2 vulnerabilities by one3chens · Pull Request #68 · feicc/angular-cli
X Title: [Snyk] Fix for 2 vulnerabilities by one3chens · Pull Request #68 · feicc/angular-cli
Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes included in this PR Changes to the following files to upgrade the vulnerable dependencies to a fixed version: package.json package-lock.json Vulnerabilities that will be fixed With an upgrade: Severity Priority Score (*) Issue Breaking Change Exploit Maturity 718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5 Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909 Yes Proof of Concept 763/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4 Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555 Yes Proof of Concept (*) Note that the real score may have changed since the PR was raised. Commit messages Package name: node-sass The new version differs by 228 commits. 7105b0a 5.0.0 (angular#3015) 0648b5a chore: Add Node 15 support (angular#2983) e2391c2 Add a deprecation message to the readme (angular#3011) 6a33e53 chore: Don't upload artifacts on PRs d763506 chore: Only run coverage on main repo d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2 f877689 chore: Don't double build DependaBot PRs b48fac4 chore: Add weekly DependaBot updates 91c40a0 Remove deprecated process.sass API 1f6df86 Replace lodash/assign in favor of the native Object.assign 522828a Remove workarounds for old Node.js versions 40e0f00 chore: Remove second NPM badge ab91bf6 chore: Remove Slack badge 6853a80 chore: Cleanup status badges fb1109c chore: Bump minimum engine version to v10 d185440 chore: Add basic Node version support policy db25736 chore: Bump node-gyp to 7.1.0 2c5b110 chore: Bump cross-spawn to v7.0.3 38b9633 chore: Update Istanbul to NYC d63b5bf chore: Bump mocha to v8.1.3 d0d8865 chore: Skip constructor tests on v14.6+ ee3984d chore: Hoist test ESLint config feee448 chore: Remove disabled and recommended rules See the full diff Package name: webpack-dev-middleware The new version differs by 250 commits. 86071ea chore(release): 5.3.4 189c4ac fix(security): do not allow to read files above (angular#1779) f3c62b8 chore(release): 5.3.3 eeb8aa8 fix: types for `Request` and `Response` (angular#1271) 1a45388 chore(release): 5.3.2 b8fb945 chore(deps): memfs force update (angular#1269) f88067d chore: update deps and ci (angular#1260) 7186318 chore(deps-dev): bump @ commitlint/cli 57c50ef ci: update `checkout`, `setup-node`, and `codecov` actions (angular#1267) 840146a chore(deps-dev): bump @ babel/preset-env 10c12eb chore(deps-dev): bump del from 6.0.0 to 6.1.0 (angular#1264) d35413f chore(deps-dev): bump standard-version 990ee2f chore(deps-dev): bump @ types/node d68ab36 fix: node types (angular#1195) 85d38da chore(deps-dev): bump @ babel/cli b4fb714 chore(deps-dev): bump eslint from 8.14.0 to 8.15.0 (angular#1258) f0e8a64 chore(deps-dev): bump webpack from 5.72.0 to 5.72.1 (angular#1259) 79a4d39 chore(deps-dev): bump express from 4.18.0 to 4.18.1 (angular#1254) d817499 chore(deps-dev): bump @ babel/core c6d573c chore(deps-dev): bump @ babel/preset-env fa7a2fe chore(deps-dev): bump @ commitlint/cli ff6037f chore(deps-dev): bump @ commitlint b311726 chore(deps-dev): bump lint-staged from 12.4.0 to 12.4.1 (angular#1249) a51135a chore(deps-dev): bump supertest from 6.2.2 to 6.2.3 (angular#1248) See the full diff Package name: webpack-dev-server The new version differs by 250 commits. c9271b9 chore(release): 4.0.0 18bf369 test: fix stability (angular#3676) cdcabb2 fix: respect protocol from browser for manual setup (angular#3675) 1768d6b fix: initial reloading for lazy compilation (angular#3662) 4f5bab1 docs: improve examples (angular#3672) f2d87fb fix: improve https CLI output (angular#3673) 0277c5e chore: remove redundant console statements (angular#3671) 16fcdbc docs: add `ipc` example (angular#3667) 8915fb8 test: add e2e tests for built in routes (angular#3669) 4d1cbe1 docs: ask `version` information in issue template (angular#3668) b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (angular#3666) ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (angular#3665) f1fdaa7 chore(release): 4.0.0-rc.1 c4678bc fix: legacy API (angular#3660) d8bdd03 test: fix stability (angular#3661) 22b1414 refactor: remove `killable` (angular#3657) 75bafbf test: add e2e tests for module federation (angular#3658) 493ccbd chore(deps): update `ws` (angular#3652) ae8c523 test: add e2e test for universal compiler (angular#3656) f94b84f chore(deps): update (angular#3655) 1923132 test: fix cli 2adfd01 test: fix todo (angular#3653) 6e2cbde fix: proxy logging and allow to pass options without the `target` option (angular#3651) c9ccc96 fix: respect infastructureLogging.level for client.logging (angular#3613) See the full diff Check the changes in this PR to ensure they won't cause issues with your project. Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: 🧐 View latest project report 🛠 Adjust project settings 📚 Read more about Snyk's upgrade and patch logic Learn how to fix vulnerabilities with free interactive lessons: 🦉 Uncontrolled Resource Consumption ('Resource Exhaustion') 🦉 Path Traversal
Open Graph Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...
X Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc...
Opengraph URL: https://github.com/feicc/angular-cli/pull/68
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/checks(.:format) |
| route-controller | pull_requests |
| route-action | checks |
| fetch-nonce | v2:29ab3b24-e71a-98b9-91cb-7c9acd1c3e53 |
| current-catalog-service-hash | 87dc3bc62d9b466312751bfd5f889726f4f1337bdff4e8be7da7c93d6c00a25a |
| request-id | 8878:267D16:2D21EC2:3ADF85C:69770835 |
| html-safe-nonce | 3ca2ac3a1350da08e859d9e2cdbad295fe5bf1a17c35c716d55072a232c74442 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4ODc4OjI2N0QxNjoyRDIxRUMyOjNBREY4NUM6Njk3NzA4MzUiLCJ2aXNpdG9yX2lkIjoiNzQ2Nzg0NTk2MzU5NTg0MzYzNyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 20a2a3bc18585c2b23b518d27f2a27b4a64dc9170b885c97b2eb9606fbe48d1c |
| hovercard-subject-tag | pull_request:1787284883 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,checks,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/feicc/angular-cli/pull/68/checks |
| twitter:image | https://avatars.githubusercontent.com/u/7861351?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/7861351?s=400&v=4 |
| og:image:alt | This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project. Changes inc... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 01d198479908d09a841b2febe8eb105a81af2af7d81830960fe0971e1f4adc09 |
| turbo-cache-control | no-preview |
| go-import | github.com/feicc/angular-cli git https://github.com/feicc/angular-cli.git |
| octolytics-dimension-user_id | 31312357 |
| octolytics-dimension-user_login | feicc |
| octolytics-dimension-repository_id | 101761014 |
| octolytics-dimension-repository_nwo | feicc/angular-cli |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 36891867 |
| octolytics-dimension-repository_parent_nwo | angular/angular-cli |
| octolytics-dimension-repository_network_root_id | 36891867 |
| octolytics-dimension-repository_network_root_nwo | angular/angular-cli |
| turbo-body-classes | logged-out env-production page-responsive full-width full-width-p-0 |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | f752335dbbea672610081196a1998e39aec5e14b |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width