[Snyk] Fix for 6 vulnerabilities #1357

snyk-io · 2023-12-19T18:04:57Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- eperusteet/eperusteet-app/yo/package.json
- eperusteet/eperusteet-app/yo/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00115, Social Trends: No, Days since published: 1491, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.62, Likelihood: 2.64, Score Version: V5	Prototype Pollution SNYK-JS-ANGULAR-534884	Yes	Proof of Concept
85/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0022, Social Trends: No, Days since published: 1290, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 98, Impact: 5.62, Likelihood: 1.51, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-570058	Yes	No Known Exploit
198/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1286, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.6, Likelihood: 2.06, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-572020	Yes	Proof of Concept
159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 386, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
112/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2185, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 98, Impact: 4.19, Likelihood: 2.67, Score Version: V5	Cross-site Scripting (XSS) npm:angular:20171018	Yes	Proof of Concept
81/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2129, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 98, Impact: 4.19, Likelihood: 1.92, Score Version: V5	Cross-site Scripting (XSS) npm:angular:20180202	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: fork-ts-checker-webpack-plugin

The new version differs by 74 commits.

5ba6839 Release 5.0.0 (EP-2174 #445)
d056616 feat: remove "incremental: true" from ts default options (Ei vaadita projektikuvausta #444)
188d44d feat: add issue.scope option (EP-2118-aikataulu #442)
b865f1d fix: always pass compilation to issues hook (Lisätty projekti kuvaus #443)
e812f18 feat: overwrite other fields in tsconfig.json (Lisätty action.yml #440)
2b72fd0 fix: properly disconnect rpc client to be able to reconnect (Update eperusteet.spec #439)
c4796b2 fix: include files that are outside project context (EP-2193 #437)
1f7ae0d docs: update bug-report template by merging master into alpha branch
aa8f74d feat: rename tsconfig option to configFile for consistency (EP-2141 #436)
944e0c9 feat: improve overall typescript performance (EP-2172 #435)
a430979 feat: add `context` option for typescript reporter (EP-2156 #430)
503a948 fix: support webpack multi-compiler (EP-2110 #431)
9b3b9dd feat: add "mode" for typescript reporter (EP-2053 #429)
2ba396d fix: respect eslint extensions in incremental check
8a10ca9 docs: add babel-loader example
be9cd64 docs: add ts-loader example
b5d5977 docs: add vscode-tasks example
e59a8d2 chore: fix github actions release job
37b8944 feat: export `version` const for external tools (EP-2143 #428)
5552f62 docs: update bug template to use eslint, not tslint
5665dac feat: change start hook to AsyncSeriesWaterfallHook (EP-1871 #425)
8687c63 feat: support @ vue/compiler-sfc in the vue extension (Lisätty generoitu apikuvaus openapi-generaattorille #423)
f277444 fix: remove references to external typings (EP-2113 #422)
cfcc0fe fix: properly handle import modules with .vue suffix ([Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.9.3 to 2.10.0 #420)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Cross-site Scripting (XSS)
🦉 Denial of Service (DoS)

…t-app/yo/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANGULAR-534884 - https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 - https://snyk.io/vuln/SNYK-JS-ANGULAR-572020 - https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970 - https://snyk.io/vuln/npm:angular:20171018 - https://snyk.io/vuln/npm:angular:20180202

oplekal closed this Jan 29, 2024

timopaasila deleted the snyk-fix-7be5c190d5e7adf19855bc1bd8dcb494 branch March 22, 2024 07:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 6 vulnerabilities #1357

[Snyk] Fix for 6 vulnerabilities #1357

snyk-io bot commented Dec 19, 2023

[Snyk] Fix for 6 vulnerabilities #1357

[Snyk] Fix for 6 vulnerabilities #1357

Conversation

snyk-io bot commented Dec 19, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: