Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: @angular/animations, @angular/common, @angular/compiler, @angular/core, @angular/forms, @angular/platform-browser, @angular/router #7

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: @angular/animations, @angular/common, @angular/compiler, @angular/core, @angular/forms, @angular/platform-browser, @angular/router #7

wants to merge 1 commit into from

Conversation

matrix-compute
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade multiple dependencies.

馃懐鈥嶁檪 The following dependencies are linked and will therefore be updated together.

鈩癸笍 Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on
@angular/animations
from 17.3.0 to 17.3.2		 2 versions ahead of your current version a month ago
on 2024-03-28
@angular/common
from 17.3.0 to 17.3.2		 2 versions ahead of your current version a month ago
on 2024-03-28
@angular/compiler
from 17.3.0 to 17.3.2		 2 versions ahead of your current version a month ago
on 2024-03-28
@angular/core
from 17.3.0 to 17.3.2		 2 versions ahead of your current version a month ago
on 2024-03-28
@angular/forms
from 17.3.0 to 17.3.2		 2 versions ahead of your current version a month ago
on 2024-03-28
@angular/platform-browser
from 17.3.0 to 17.3.2		 2 versions ahead of your current version a month ago
on 2024-03-28
@angular/router
from 17.3.0 to 17.3.2		 2 versions ahead of your current version a month ago
on 2024-03-28

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 158/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 33, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5		 Proof of Concept
Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 158/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 33, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5		 Proof of Concept
Open Redirect
SNYK-JS-EXPRESS-6474509		 158/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 33, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5		 No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 158/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 33, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5		 Proof of Concept
Improper Access Control
SNYK-JS-VITE-6531286		 158/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 33, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5		 Proof of Concept
Improper Access Control
SNYK-JS-UNDICI-6564963		 158/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 33, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5		 No Known Exploit
Improper Authorization
SNYK-JS-UNDICI-6564964		 158/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 33, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @angular/animations
  • 17.3.2 - 2024-03-28

    17.3.2 (2024-03-28)

    compiler

    Commit Description
    fix - 2b7bad5151 invoke method-based tracking function with context (#54960)

    compiler-cli

    Commit Description
    fix - b478dfbfda report errors when initializer APIs are used on private fields (#55070)

    core

    Commit Description
    fix - 708ba8115f establish proper injector resolution order for @ defer blocks (#55079)

    http

    Commit Description
    fix - cb433af0e1 include transferCache when cloning HttpRequest (#54939)
    fix - 64f202cab9 manage different body types for caching POST requests (#54980)

    migrations

    Commit Description
    fix - 2f9d94bc4a account for variables in imports initializer (#55081)

    router

    Commit Description
    fix - 365fd50407 RouterLinkActive will always remove active classes when links are not active (#54982)
  • 17.3.1 - 2024-03-20

    17.3.1 (2024-03-20)

    compiler

    Commit Description
    fix - c0788200e2 capture data bindings for content projection purposes in blocks (#54876)

    compiler-cli

    Commit Description
    fix - 99e9474aa2 symbol feature detection for the compiler (#54711)
  • 17.3.0 - 2024-03-13
from @angular/animations GitHub release notes
Package name: @angular/common
  • 17.3.2 - 2024-03-28

    17.3.2 (2024-03-28)

    compiler

    Commit Description
    fix - 2b7bad5151 invoke method-based tracking function with context (#54960)

    compiler-cli

    Commit Description
    fix - b478dfbfda report errors when initializer APIs are used on private fields (#55070)

    core

    Commit Description
    fix - 708ba8115f establish proper injector resolution order for @ defer blocks (#55079)

    http

    Commit Description
    fix - cb433af0e1 include transferCache when cloning HttpRequest (#54939)
    fix - 64f202cab9 manage different body types for caching POST requests (#54980)

    migrations

    Commit Description
    fix - 2f9d94bc4a account for variables in imports initializer (#55081)

    router

    Commit Description
    fix - 365fd50407 RouterLinkActive will always remove active classes when links are not active (#54982)
  • 17.3.1 - 2024-03-20

    17.3.1 (2024-03-20)

    compiler

    Commit Description
    fix - c0788200e2 capture data bindings for content projection purposes in blocks (#54876)

    compiler-cli

    Commit Description
    fix - 99e9474aa2 symbol feature detection for the compiler (#54711)
  • 17.3.0 - 2024-03-13
from @angular/common GitHub release notes
Package name: @angular/compiler
  • 17.3.2 - 2024-03-28

    17.3.2 (2024-03-28)

    compiler

    Commit Description
    fix - 2b7bad5151 invoke method-based tracking function with context (#54960)

    compiler-cli

    Commit Description
    fix - b478dfbfda report errors when initializer APIs are used on private fields (#55070)

    core

    Commit Description
    fix - 708ba8115f establish proper injector resolution order for @ defer blocks (#55079)

    http

    Commit Description
    fix - cb433af0e1 include transferCache when cloning HttpRequest (#54939)
    fix - 64f202cab9 manage different body types for caching POST requests (#54980)

    migrations

    Commit Description
    fix - 2f9d94bc4a account for variables in imports initializer (#55081)

    router

    Commit Description
    fix - 365fd50407 RouterLinkActive will always remove active classes when links are not active (#54982)
  • 17.3.1 - 2024-03-20
    Read more
  • 17.3.0 - 2024-03-13
from @angular/compiler GitHub release notes
Package name: @angular/core from @angular/core GitHub release notes
Package name: @angular/forms from @angular/forms GitHub release notes
Package name: @angular/platform-browser from @angular/platform-browser GitHub release notes
Package name: @angular/router from @angular/router GitHub release notes
Commit messages
Package name: @angular/animations

Compare

Package name: @angular/common

Compare

Package name: @angular/compiler

Compare

Package name: @angular/core

Compare

Package name: @angular/forms

Compare

Package name: @angular/platform-browser

@snyk-bot
fix: upgrade multiple dependencies with Snyk
7c07b6b 
Snyk has created this PR to upgrade:
  - @angular/animations from 17.3.0 to 17.3.2.
    See this package in npm: https://www.npmjs.com/package/@angular/animations
  - @angular/common from 17.3.0 to 17.3.2.
    See this package in npm: https://www.npmjs.com/package/@angular/common
  - @angular/compiler from 17.3.0 to 17.3.2.
    See this package in npm: https://www.npmjs.com/package/@angular/compiler
  - @angular/core from 17.3.0 to 17.3.2.
    See this package in npm: https://www.npmjs.com/package/@angular/core
  - @angular/forms from 17.3.0 to 17.3.2.
    See this package in npm: https://www.npmjs.com/package/@angular/forms
  - @angular/platform-browser from 17.3.0 to 17.3.2.
    See this package in npm: https://www.npmjs.com/package/@angular/platform-browser
  - @angular/router from 17.3.0 to 17.3.2.
    See this package in npm: https://www.npmjs.com/package/@angular/router

See this project in Snyk:
https://app.snyk.io/org/matrix-compute/project/91bdd86d-7367-4aae-9c2b-3aaace7fa9be?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@matrix-compute @snyk-bot