Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #89

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #89

wants to merge 1 commit into from

Conversation

twilio-product-security
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • angular/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 80 commits.
  • 634ab49 chore(release): 2.0.0
  • 6ade2d0 refactor: remove unused file (#860)
  • e7525c9 test: nested url (#859)
  • 7259faa test: css hacks (#858)
  • 5e6034c feat: allow to filter import at-rules (#857)
  • 5e702e7 feat: allow filtering urls (#856)
  • 9642aa5 test: css stuff (#855)
  • 3338656 fix: reduce number of require for url (#854)
  • 533abbe test: issue 636 (#853)
  • 08c551c refactor: better warning on invalid url resolution (#852)
  • b0aa159 test: issue #589 (#851)
  • f599c70 fix: broken unucode characters (#850)
  • 1e551f3 test: issue 286 (#849)
  • 419d27b docs: improve readme (#848)
  • d94a698 refactor: webpack-default (#847)
  • b97d997 feat: schema options
  • 453248f fix: support module resolution in composes (#845)
  • 8a6ea10 refactor: postcss plugins (#844)
  • fdcf687 fix: url resolving logic (#843)
  • 889dc7f feat: allow to disable css modules and disable their by default (#842)
  • ee2d253 test: importLoaders option (#841)
  • 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
  • fe94ebc test: icss reserved keywords (#839)
  • 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • c8732c8 3.4.0
  • d1619d4 Merge pull request #4856 from matthewmeyer/hashDependantModuleIds
  • b159ec2 Merge pull request #5180 from webpack/feature/improve-module-concat-bailout-messages
  • 32264b8 Merge branch 'master' into feature/improve-module-concat-bailout-messages
  • 4b12c56 Merge pull request #5369 from webpack/bugfix/scope-hoisting-dll
  • 440b5df use original request as libIdent for delegated modules
  • 35c8097 Make sure it's a real module when choosing for ModuleConcatenation
  • d4f3bc3 Merge pull request #5150 from webpack/test/benchmark
  • bb0f41a Merge pull request #5362 from webpack/deps/minor-updates
  • 544fee4 fix lint problem
  • 3598359 update stats test for larger file
  • 378ad46 update all dependencies to latest compatible version
  • 008ac78 Merge pull request #5353 from webpack/deps/extract-text-webpack-plugin
  • ee358bd Merge pull request #5351 from webpack/deps/supports-color
  • 91332b6 Merge pull request #5356 from webpack/deps/i18n-webpack-plugin
  • 838d416 Merge branch 'master' into deps/extract-text-webpack-plugin
  • 98a7cb6 Merge branch 'master' into deps/i18n-webpack-plugin
  • e72a88a Merge pull request #5355 from webpack/deps/file-loader
  • f296790 update stats tests
  • 7d5916c make child names relative
  • ea8e4d0 Merge pull request #5354 from webpack/deps/yargs
  • 42af3d2 Merge pull request #5347 from webpack/cleanup/aggressive-splitting
  • 732c85c fix extract-text-plugin arguments
  • 8c3c75e upgrade supports-color

See the full diff

Package name: webpack-dev-server The new version differs by 19 commits.
  • 6e1d886 3.0.0
  • eedf10f Try again at fixing CI by upping timeout (necessary for node v6)
  • dfe137c Hopefully fix failing CI tests (the hacky way)
  • 1e7acca Actually make the yargs version test do something
  • cdd10fa Stop testing node v4 on travis ci
  • 7378e3e Merge branch 'webpack-4'
  • dbea323 Update deps
  • f4f14ce Fix support for DynamicEntryPlugin (#1319)
  • 398c773 3.0.0-beta.2
  • cdc7288 Simplify build webpack configs thanks to webpack 4
  • e603e0d Allow no publicPath or entry point (#1310)
  • 9852a5f 3.0.0-beta.1
  • 6db2e85 Fix tests after webpack v4 upgrade
  • eb2f0a9 Fix option rename in webpack-dev-middleware
  • 8bc0e45 Don't rely on webpack's webpack-cli installed check
  • 087bf04 Fix bundling client files with webpack v4
  • 86de93e Require node v6+ since webpack-dev-middleware is now v6+ too
  • c004349 Explain webpack-serve in doc
  • a02c083 Initial webpack v4 compatibility

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@twilio-product-security @snyk-bot