Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @angular/cli from 10.2.4 to 11.0.0 #65

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @angular/cli from 10.2.4 to 11.0.0 #65

wants to merge 1 commit into from

Conversation

PDSSnyk
Copy link
Owner

@PDSSnyk PDSSnyk commented May 20, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • frontend/package.json
    • frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @angular/cli
  • 11.0.0 - 2020-11-11

    Commits

    @ angular-devkit/architect-cli (0.1100.0)

    Commit Description Notes
    remove minimist `_` from options [Closes #18889]

    @ angular-devkit/build-angular (0.1100.0)

    Commit Description Notes
    enable font inlining optimizations
    add font inliner
    support custom headers in dev-server
    bump ng-packagr supported version to 11
    enable Ivy extraction by default for Ivy applications
    support package references in styles & scripts options
    out of the box hot module replacement (HMR) [Closes #17324]
    extract i18n messages from libraries [Closes #18871]
    improve build stats output format
    Switch to karma-coverage [Closes #17757]
    ask to use a new port if in use
    Downgrade Karma to 5.1.x
    add validation to fileReplacement values [Closes #11451]
    add default value to progress option
    reduce clutter in dev-server logs
    right align size column and add total bundle size
    show bundle sizes with 2 decimal places
    sort bundle stats by size
    improve server builder output logs
    show verbose logging when using `--verbose` and differential loading
    improve builder phase reporting
    remove title attribute from inlined fonts style tag [Closes #19271]
    validate extracted i18n messages for duplicates
    control legacy ID i18n extraction via TypeScript configuration
    improve network error message during fonts inlining [Closes #19259]
    when optimizing don't wrap function arguments in parenthesis
    correctly index and remove webpack client script in non main chunk [Closes #19219]
    skip application emit during i18n extraction
    support emitting AVIF image files
    don't add publicHost pathname to sockPath in dev-server
    update resolve-url-loader to version 3.1.2
    add a base href to karma debug context [Closes #19116]
    don't set watchOptions in webpack-middleware
    disable dev-server live-reload when using protoactor
    correctly reference hmr-accept.js file in windows error [Closes #19099]
    ensure correct SRI values with differential loading [Closes #18254]
    set HTML lang attribute when serving [Closes #18094]
    override already existing assets in compilation [Closes #18787]
    remove .js files equivalent of css when using extract css
    only show cannot restore inputs/options when old length is > 0
    include HMR accept code in main.ts
    use IE11 as oldest browser when downlevelling
    don't process stylesheets in extraction builder
    fixes optimizeChunkAssets is deprecated in webpack 5
    fixes deprecation warning for MainTemplate.hooks.assetPath in webpack 5
    fix webpack 5 deprecation warning for chunk.push
    handle undefined descriptionFileData [Closes #18631]
    fixed afterOptimizeChunkAssets is deprecated in webpack 5
    resolve i18n outFile from workspaceRoot
    fixed Module.issuer is deprecated in webpack 5 for commonjs warn plugin
    implement `relative` method in extractor FS
    maxModules were deprecated and renamed to modulesSpace
    webpack5 deprecation of module property in Dependency
    add tslint as an optional peer dependency
    add protractor as an optional peer dependency
    add karma as an optional peer dependency
    warn if using unsupported IE9/10 browsers
    add missing defaults to `optimization` property
    add node-sass deprecation warning
    set logging level to verbose when using `--verbose`
    filter unactionable System.import webpack warning
    update Angular peer dependencies to 11.0 prerelease
    consider ascii_only terser setting when counting components in analytics
    improve debugging experience
    generate sourcemaps with relative paths in monorepo [Closes #17046]
    correct i18n function parameter type
    don't generate `vendor.js.map` when vendor sourcemaps is disabled [Closes #18060]
    correct Windows paths in ivy i18n extract
    ensure ivy extraction file names match sourcemaps

    @ angular-devkit/build-optimizer (0.1100.0)

    Commit Description Notes
    mark rxjs add imports as having side effects
    set rxjs as having safe side effects
    support jit mode guarded class metadata removal
    increase safety of code removal [Closes #14033]
     [Closes #18621]
    remove decorators calls when tslib helpers are inlined [Closes #18682]

    @ angular-devkit/build-webpack (0.1100.0)

    Commit Description Notes
    fully close Webpack 5 compiler
    avoid deprecation warning with Webpack 5 watch mode

    @ angular-devkit/core (11.0.0)

    Commit Description Notes
    add basic support for oneOf/anyOf to `addUndefinedDefaults` transformer
    allow prompt providers to access property types
    remove deprecated isObservable function
    allow property remove with workspace API

    @ angular-devkit/schematics (11.0.0)

    Commit Description Notes
    support schema validation in NodeWorkflow
    allow using a root path with NodeWorkflow
    show active package manager with install task
    resolve external schematics from requesting collection [Closes #18098]
     [Closes #11026]

    @ angular/cli (11.0.0)

    Commit Description Notes
    correctly read transitive dependency
    use newer update command if global version is newer
    coerce prompt answers to requested property types
    skip searching deprecated packages with ng add
    include deprecated option in JSON help
    add missing dev-server `headers` option in IDE schema
    resolve packages package.json from workspace directory
    don't display prompts twice [Closes #19027]
    don't show deprecation messages for defaults when using `--defaults`
    collect analytics option usage from workspace config and prompts
    add blank line in migration commit message
    no-op ng update --all [Closes #15278]
     [Closes #13095]
     [Closes #12261]
     [Closes #12243]
     [Closes #18813]
    add missing defaults to `optimization` property
    favor dirname when resolving @ schematics/angular [Closes #18840]
    replace regex with correct project name validation [Closes #17579]
    improve logs in ng update
    remove version command node module assumptions [Closes #10474]

    @ schematics/angular (11.0.0)

    Commit Description Notes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@PDSSnyk @snyk-bot