wireless-security-camera icon indicating copy to clipboard operation
wireless-security-camera copied to clipboard

Published 20 hours ago verified publisher icon twilio

[Snyk] Security upgrade webpack from 2.7.0 to 3.4.0

Open twilio-product-security opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • angular/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: webpack The new version differs by 250 commits.
  • c8732c8 3.4.0
  • d1619d4 Merge pull request #4856 from matthewmeyer/hashDependantModuleIds
  • b159ec2 Merge pull request #5180 from webpack/feature/improve-module-concat-bailout-messages
  • 32264b8 Merge branch 'master' into feature/improve-module-concat-bailout-messages
  • 4b12c56 Merge pull request #5369 from webpack/bugfix/scope-hoisting-dll
  • 440b5df use original request as libIdent for delegated modules
  • 35c8097 Make sure it's a real module when choosing for ModuleConcatenation
  • d4f3bc3 Merge pull request #5150 from webpack/test/benchmark
  • bb0f41a Merge pull request #5362 from webpack/deps/minor-updates
  • 544fee4 fix lint problem
  • 3598359 update stats test for larger file
  • 378ad46 update all dependencies to latest compatible version
  • 008ac78 Merge pull request #5353 from webpack/deps/extract-text-webpack-plugin
  • ee358bd Merge pull request #5351 from webpack/deps/supports-color
  • 91332b6 Merge pull request #5356 from webpack/deps/i18n-webpack-plugin
  • 838d416 Merge branch 'master' into deps/extract-text-webpack-plugin
  • 98a7cb6 Merge branch 'master' into deps/i18n-webpack-plugin
  • e72a88a Merge pull request #5355 from webpack/deps/file-loader
  • f296790 update stats tests
  • 7d5916c make child names relative
  • ea8e4d0 Merge pull request #5354 from webpack/deps/yargs
  • 42af3d2 Merge pull request #5347 from webpack/cleanup/aggressive-splitting
  • 732c85c fix extract-text-plugin arguments
  • 8c3c75e upgrade supports-color

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

twilio-product-security avatar Jul 29 '22 19:07 twilio-product-security