Skip to content

[Snyk] Security upgrade @angular/compiler-cli from 9.1.0-next.2 to 9.1.0#73

Open
BlackGox wants to merge 1 commit into
masterfrom
snyk-fix-a7f067303ab75d103f5b0c0d9586d248
Open

[Snyk] Security upgrade @angular/compiler-cli from 9.1.0-next.2 to 9.1.0#73
BlackGox wants to merge 1 commit into
masterfrom
snyk-fix-a7f067303ab75d103f5b0c0d9586d248

Conversation

@BlackGox

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • integration/ngcc/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230
  828  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@socket-security

Copy link
Copy Markdown

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/generator@7.7.4 None +1 819 kB nicolo-ribaudo
npm/@babel/helper-function-name@7.7.4 None 0 7.14 kB nicolo-ribaudo
npm/@babel/helper-get-function-arity@7.7.4 None 0 3.28 kB nicolo-ribaudo
npm/@babel/helper-split-export-declaration@7.7.4 None 0 5.01 kB nicolo-ribaudo
npm/@babel/highlight@7.0.0 None 0 5.1 kB hzoo
npm/@babel/parser@7.7.4 None 0 409 kB nicolo-ribaudo
npm/@babel/template@7.7.4 None 0 24 kB nicolo-ribaudo
npm/@babel/traverse@7.7.4 environment +1 234 kB nicolo-ribaudo
npm/accepts@1.3.5 None +1 32.9 kB dougwilson
npm/async-limiter@1.0.0 None 0 53.8 kB strml
npm/bluebird@3.5.3 environment, eval 0 620 kB esailija
npm/body-parser@1.18.3 network 0 55.9 kB dougwilson
npm/bytes@3.0.0 None 0 10.8 kB dougwilson
npm/chalk@2.4.1 environment 0 26.9 kB sindresorhus
npm/chokidar@3.3.0 environment, filesystem 0 87.9 kB paulmillr
npm/codelyzer@5.2.0 filesystem 0 558 kB mgechev
npm/esutils@2.0.2 None 0 49.3 kB michaelficarra
npm/eventemitter3@3.1.0 None 0 36.2 kB lpinca
npm/flatted@2.0.0 None 0 16.9 kB webreflection
npm/glob@7.1.3 filesystem 0 55.5 kB isaacs
npm/globals@11.9.0 None 0 37.8 kB sindresorhus
npm/graceful-fs@4.1.15 environment, filesystem 0 25.9 kB isaacs
npm/handlebars@4.5.3 filesystem 0 2.59 MB knappi
npm/http-proxy@1.17.0 network 0 444 kB jcrugzz
npm/iconv-lite@0.4.23 None 0 336 kB ashtuchkin
npm/mime-db@1.37.0 None 0 184 kB dougwilson
npm/mime-types@2.1.21 None 0 14.9 kB dougwilson
npm/mime@2.4.0 None 0 73.1 kB broofa
npm/negotiator@0.6.1 None 0 28 kB dougwilson

🚮 Removed packages: npm/@angular/material@9.0.0-rc.4, npm/engine.io-client@3.4.1, npm/fsevents@1.2.12, npm/hosted-git-info@2.8.8

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants