angular-package-builder icon indicating copy to clipboard operation
angular-package-builder copied to clipboard

Published 20 hours ago verified publisher icon dominique-mueller

[Snyk] Fix for 1 vulnerabilities

Open dominique-mueller opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-sass The new version differs by 14 commits.
  • c167004 6.0.1
  • 911d4db remove mkdirp dep (#3108)
  • 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
  • 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
  • cfcbb2c chore: Use default Apline version from docker-node (#3121)
  • 886319b chore: Drop Node 10 support
  • c908f4f fix: Bump OSX minimum to 10.11
  • 8ab02da fix: Remove old compiler gyp settings
  • 3d7b9d0 chore: Add Node 16 support
  • 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
  • 06f3ab4 Update TROUBLESHOOTING.md
  • c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
  • 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
  • a2a3a78 chore: Bump dependabot limit

See the full diff

Package name: semver The new version differs by 202 commits.
  • e7b78de chore: release 7.5.2
  • 58c791f fix: diff when detecting major change from prerelease (#566)
  • 5c8efbc fix: preserve build in raw after inc (#565)
  • 717534e fix: better handling of whitespace (#564)
  • 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
  • aa016a6 chore: release 7.5.1
  • d30d25a fix: show type on invalid semver error (#559)
  • 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
  • 5b02ad7 chore: release 7.5.0
  • e219bb4 fix: throw on bad version with correct error message (#552)
  • 503a4e5 feat: allow identifierBase to be false (#548)
  • fc2f3df fix: incorrect results from diff sometimes with prerelease versions (#546)
  • 2781767 fix: avoid re-instantiating SemVer during diff compare (#547)
  • 82aa7f6 chore: release 7.4.0
  • 731d896 chore: enable CD (#545)
  • 940723d fix: intersects with v0.0.0 and v0.0.0-0 (#538)
  • aa516b5 fix: faster parse options (#535)
  • 61e6ea1 fix: faster cache key factory for range (#536)
  • f8b8b61 fix: optimistic parse (#541)
  • 796cbe2 fix: semver.diff prerelease to release recognition (#533)
  • 3f222b1 fix: reuse comparators on subset (#537)
  • 113f513 feat: identifierBase parameter for .inc (#532)
  • ea689bc chore: basic type test for RELEASE_TYPES
  • c5d29df docs: Add "Constants" section to README

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

dominique-mueller avatar Jun 22 '23 01:06 dominique-mueller