[Snyk] Fix for 14 vulnerabilities #48

neogeek · 2024-02-07T14:47:26Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
550/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-471879	No	No Known Exploit
550/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-471882	No	No Known Exploit
490/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-ANGULAR-471885	No	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-ANGULAR-534884	No	Proof of Concept
464/1000 Why? Has a fix available, CVSS 5	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-570058	No	No Known Exploit
756/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.7	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-572020	No	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	JSONP Callback Attack npm:angular:20150315	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Content Security Policy (CSP) Bypass npm:angular:20161101	No	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:angular:20171018	No	Proof of Concept
539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:angular:20180202	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: extract-text-webpack-plugin

The new version differs by 177 commits.

cc3ba94 chore(release): 3.0.2
d5a1de2 fix: refer to the `entrypoint` instead of the first `module` (`module.identifier`) (#601)
5286ab2 build(defaults): update to v1.6.0 (#652)
4cfde50 chore(release): 3.0.1
8de6558 fix: get real path from `__filename` instead of `__dirname` (`NS`)
510704f fix(index): stricter check for `shouldExtract !== wasExtracted` (#605)
6a660f3 docs(README): update install instructions (#570)
083a6c8 docs(README): add custom `[contenthash]` formats (#566)
d7a75fc chore(release): 3.0.0
7ae32d9 refactor: Apply webpack-defaults & webpack 3.x support (#540)
dd43832 fix: add missing `options.ignoreOrder` details in Error message (#539)
e81b883 chore(release): 2.1.2
8766821 fix(index): resolve schemas relative to `__dirname` (#536)
0271b39 chore(release): 2.1.1
e595417 fix: don't extract from common async chunks (#508)
a8ae003 chore(package): fix broken links && update devDependencies (#531)
c3cb091 fix(loader): rm unnecessary `this.cacheable` (caching) (#530)
eaa5236 docs: rm `RELEASE.md` (#532)
671e35e chore(package): update `webpack-sources` v0.1.0...1.0.1 (#526)
dfeb347 fix: validation schema (`schema-utils`) (#527)
d0e88d0 docs(README): add lead-in description (#517)
58dd5d3 fix: add a not null check for the content property before throwing error (#404)
6c50d8e Update README.md (#469)
c63dc04 docs(README): clarify to set allChunks option when using CommonsChunkPlugin (#476)