wireless-security-camera icon indicating copy to clipboard operation
wireless-security-camera copied to clipboard

Published 20 hours ago verified publisher icon twilio

[Snyk] Security upgrade webpack-dev-server from 2.11.5 to 3.1.2

Open twilio-product-security opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • angular/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: webpack-dev-server The new version differs by 38 commits.
  • 7430648 3.1.2
  • 50f4007 Update deps
  • da33d2b speed up incremental builds by not doing excessive stats.toJSON work (#1362)
  • 3a7f7d5 3.1.1
  • 34a6cc3 And update pinned webpack-dev-middleware
  • 7b9269e Update deps
  • 3c9592e Actually upgrade package-lock.json...
  • 2b40391 Upgrade webpack-dev-middleware dependency
  • ef55984 Remove Tapable#apply calls (#1331)
  • f2db057 Don't invoke function on static html string (#1329)
  • 94398c4 3.1.0
  • d20757b Upgrade another timeout for slow CI
  • f0534fc Use webpack-log for logging
  • f76182c 3.0.1-beta.0
  • c375aa6 Fix support for multi compiler in webpack 4
  • 9921ecc Add basic example for multi-compiler
  • c32cfa8 Use non-deprecated webpack 4 API's
  • 31d94ab Make tests use more webpack 4 goodiness
  • 9934724 Fix accidental skip of nearly all tests (whoops)
  • 6e1d886 3.0.0
  • eedf10f Try again at fixing CI by upping timeout (necessary for node v6)
  • dfe137c Hopefully fix failing CI tests (the hacky way)
  • 1e7acca Actually make the yargs version test do something
  • cdd10fa Stop testing node v4 on travis ci

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

twilio-product-security avatar Sep 17 '22 20:09 twilio-product-security