[Snyk] Fix for 9 vulnerabilities

[snyk-io]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/node/base/package.json
  • packages/node/base/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	63/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00066, Social Trends: No, Days since published: 690, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.64, Score Version: V5	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	99/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 687, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.75, Score Version: V5	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	94/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00071, Social Trends: No, Days since published: 617, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.67, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	107/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00072, Social Trends: No, Days since published: 617, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.89, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	94/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00062, Social Trends: No, Days since published: 617, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.67, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
	49/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 57, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.06, Score Version: V5	Improper Input Validation SNYK-JS-POSTCSS-5926692	No	No Known Exploit
	80/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00068, Social Trends: No, Days since published: 852, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 1.89, Score Version: V5	Improper Input Validation SNYK-JS-XMLDOM-1534562	No	No Known Exploit
	125/1000 Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00116, Social Trends: No, Days since published: 412, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 1.41, Score Version: V5	Prototype Pollution SNYK-JS-XMLDOM-3042242	No	No Known Exploit
	259/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0006, Social Trends: No, Days since published: 390, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.64, Score Version: V5	Improper Input Validation SNYK-JS-XMLDOM-3092935	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @angular-devkit/build-angular

The new version differs by 250 commits.

• cef5afb release: cut the v13.2.0 release
• c0713ec build: update angular
• c5cd828 build: update all non-major dependencies
• 2285a78 docs: fix character code in expression example (#22564)
• fc839e1 build: add RC releases to framework peer deps
• ae0931a build: update all non-major dependencies
• cc24766 release: cut the v13.2.0-rc.1 release
• 9407ee5 build: bump Angular dependency to `rc`
• f2c6b2b fix(@ angular-devkit/architect): correctly handle ESM builders
• 820ff2a fix(@ angular-devkit/build-webpack): correctly handle ESM webpack configurations
• 9b3b57a build: lock file maintenance
• 88cc37c build: update dependency node-fetch to v2.6.7 [security]
• 5f5fc86 build: update angular
• d3716a9 build: update all non-major dependencies
• 0982537 build: update dependency typescript to v4.5.5
• 977e761 build: update angular to 27f7616
• 3d55f6d build: update all non-major dependencies
• a5ead32 build: remove old build-ng-packagr reference
• 1a51945 build: substitute snapshot repo dependencies in snapshot builds
• e2028b3 build: correctly stamp experimental packages in bazel build
• 086feca build: update angular
• 8ad019a build: update all non-major dependencies to v7.16.10
• 340066e release: cut the v13.2.0-rc.0 release
• 633643e docs: release notes for the v13.1.4 release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution
🦉 Improper Input Validation