Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 4 vulnerabilities #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 4 vulnerabilities #5

wants to merge 1 commit into from

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented Dec 19, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/node/base/package.json
    • packages/node/base/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 386, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5		 Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 Yes Proof of Concept
medium severity 45/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00071, Social Trends: No, Days since published: 427, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit
low severity 58/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 638, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
high severity 169/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 182, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @angular-devkit/build-angular The new version differs by 250 commits.
  • 29f2c17 release: cut the v16.1.0 release
  • f0a4ce6 build: bump versions for minor release
  • 72629bd refactor: move esbuild index generator, code bundle option and execution results
  • 15e0a88 refactor(@ angular-devkit/build-angular): update code base structure to facilitate future builders
  • abc49bd build: update angular
  • 8424ab0 fix(@ angular-devkit/build-angular): support proxy configuration array-form in esbuild builder
  • a0e3ae9 docs: removed the duplicate words
  • 32e2b22 refactor: removed unused import statements
  • 0e25fec refactor: replaced the String wrapper object with primitive type string
  • 78084aa build: update all non-major dependencies
  • 1aa9fb4 docs: updated the i tag to the em tag in the html and docs
  • 0fa1167 build: update all non-major dependencies
  • cd7c825 fix(@ angular-devkit/build-angular): correctly handle sass imports
  • ef384f3 build: update angular
  • 8772b62 release: cut the v16.1.0-rc.0 release
  • bc48a0d build: update all non-major dependencies
  • 15c14f7 docs: release notes for the v16.0.5 release
  • bc5b7d5 refactor(@ angular-devkit/build-angular): improve initial file analysis for esbuild builder
  • 7155cbe fix(@ angular-devkit/build-angular): ignore folders starting with a dot in browser-esbuild watcher
  • 772fe84 fix(@ angular-devkit/build-angular): ignore .git folder in browser-esbuild watcher
  • e2954d2 build: update angular
  • dfc052a refactor(@ schematics/angular): deprecate private standalone utilities
  • b14b959 feat(@ schematics/angular): add bootstrap-agnostic utilities for writing ng-add schematics
  • b36effd refactor(@ schematics/angular): add utility to find top-level identifiers

See the full diff

Package name: @angular/cli The new version differs by 250 commits.
  • f9527ce release: cut the v17.0.0 release
  • 180dfa3 build: update Angular packages to version 17 stable
  • 8bae6ad release: cut the v17.0.0-rc.5 release
  • 8a9def5 test: add timeout to vite re-use cache
  • 9d4d11c fix(@ angular-devkit/build-angular): allow SSR compilation to work with TS allowJs option
  • ec5e302 refactor(@ schematics/angular): add fallback fonts
  • 3c6d2d8 refactor(@ schematics/angular): remove unused CSS
  • abb1c6f refactor(@ schematics/angular): use control flow to reduce code
  • 81e4917 fix(@ angular/pwa): replace Angular logos
  • ecdcff2 fix(@ schematics/angular): add missing icons in ng-new template
  • 569b714 build: lock file maintenance
  • 303c98c fix(@ angular-devkit/build-angular): normalize exclude path
  • 455aed8 Revert "test: temporary disable Jest E2E tests"
  • 278bfa0 test(@ angular-devkit/build-angular): add test to validate vite cache re-usage
  • a8f041f release: cut the v17.0.0-rc.4 release
  • ae45c4a feat(@ schematics/angular): update `ng new` generated application
  • e10f49e fix(@ angular-devkit/build-angular): convert AOT compiler exceptions into diagnostics
  • 1b38430 fix(@ angular-devkit/build-angular): disable parallel TS/NG compilation inside WebContainers
  • f87f22d fix(@ angular-devkit/build-angular): keep dependencies pre-bundling validate between builds
  • d46fb12 fix(@ angular-devkit/build-angular): disable dependency optimization for SSR
  • 4733cd3 refactor(@ angular-devkit/build-angular): clean externalMetadata arrays on every rebuild
  • a02db0a refactor(@ angular-devkit/build-angular): allow JS transformer result reuse for application dev-server builder
  • 323b005 build: update angular
  • 59c22aa perf(@ angular-devkit/build-angular): start SSR dependencies optimization before the first request

See the full diff

Package name: puppeteer The new version differs by 250 commits.
  • 377cd83 chore: release main (#11081)
  • 11f7c69 test: update Firefox BiDi expectations (#11082)
  • 0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (#11077)
  • 163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (#11063)
  • 67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (#11075)
  • 54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (#11064)
  • c5083bb docs: update link to `third_party/README.md` (#11068)
  • a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
  • 28c1c26 test: crash mocha if unhandled errors occur (#11055)
  • c5f2d28 test: move queryObjects to a CDP only tests (#11050)
  • 88681a8 test: Remove invalid drag and drop test (#11054)
  • eedbb13 chore: release main (#11051)
  • b0d7375 fix: remove the flag disabling bfcache (#11047)
  • 30bd030 chore: use yargs for mocha runner (#11045)
  • 03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (#11043)
  • 897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (#11042)
  • f59537e ci: add sharding for chrome (#11038)
  • bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (#11040)
  • e853e63 refactor: use common debugError (#11039)
  • 48f9382 test: synchronize bidi expectations changes for Bug 1756595 (#11005)
  • aa16ab1 chore: use RxJS for wait for Navigation (#11024)
  • c502ca8 chore: release main (#11025)
  • e0e7e3a test: move cdp only tests to a subfolder (#11033)
  • 8993def ci: disable failing doctest (#11035)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants