[Snyk] Fix for 5 vulnerabilities #976
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANGULARCOMPILER-14908872 - https://snyk.io/vuln/SNYK-JS-ANGULARCORE-14908871 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-GHPAGES-3042993 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
There was a problem hiding this comment.
Pull request overview
This PR addresses 5 security vulnerabilities identified by Snyk through dependency upgrades. It updates @angular/compiler and @angular/core from version 18.2.13 to 19.2.18 (a major version upgrade) and upgrades angular-cli-ghpages from 1.0.7 to 3.0.0.
Changes:
- Upgraded @angular/compiler and @angular/core to version 19.2.18 to fix XSS vulnerabilities
- Upgraded angular-cli-ghpages to 3.0.0 to fix prototype pollution vulnerability
- Updated transitive dependencies to address additional security issues (inflight, brace-expansion)
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updates Angular compiler and core packages to v19, and angular-cli-ghpages to v3 |
| package-lock.json | Reflects dependency tree changes including upgraded Angular DevKit packages and various transitive dependencies |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@angular/compiler": "^19.2.18", | ||
| "@angular/core": "^19.2.18", |
There was a problem hiding this comment.
Upgrading @angular/compiler and @angular/core from 18.2.13 to 19.2.18 is a major version update that may introduce breaking changes. The other Angular packages in dependencies remain at version 18.x (@angular/animations, @angular/common, @angular/forms, @angular/material, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/router), creating a version mismatch. Major Angular version upgrades typically require updating all Angular packages together to maintain compatibility.
| "@angular/compiler": "^19.2.18", | |
| "@angular/core": "^19.2.18", | |
| "@angular/compiler": "^18.2.13", | |
| "@angular/core": "^18.2.13", |
Snyk has created this PR to fix 5 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-ANGULARCOMPILER-14908872
SNYK-JS-ANGULARCORE-14908871
SNYK-JS-INFLIGHT-6095116
SNYK-JS-GHPAGES-3042993
SNYK-JS-BRACEEXPANSION-9789073
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Scripting (XSS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution