[Snyk] Security upgrade @angular-eslint/builder from 13.2.1 to 14.0.1

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/portal/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @angular-eslint/builder

The new version differs by 62 commits.

• d22e28e chore: publish v14.0.1
• cc00a21 fix(builder): update to latest @ nrwl/devkit (Suggest to change "中文" to "简体中文" in language selection option. goharbor/harbor#1082)
• 8d36232 fix: remaining references to master (now main) (The Cancel button on new user added successfully dialog can be removed. goharbor/harbor#1083)
• 9b348c0 chore: add v14 release notes
• 676699f chore: publish v14.0.0
• 2a388e9 feat!: update to Angular v14 (Enhancement: Option to turn-off "My Projects" goharbor/harbor#1004)
• 6921945 chore: update dependency prettier to v2.7.1 (Fixes #1002 goharbor/harbor#1046)
• 1d3cc65 chore: update dependency lerna to v5.1.4 (Setup alternate non-interactive output formats for install.sh, minor install doc edits goharbor/harbor#1042)
• 64e96d2 chore: update dependency @ nrwl/nx-cloud to v14.1.2 (Set form autocomplete to off goharbor/harbor#1043)
• 5af6889 chore: update dependency @ types/node to v16.11.41 (update docs goharbor/harbor#1049)
• 234b028 chore: update dependency verdaccio to v5.13.1 (It's not allowed to switch auth mode  goharbor/harbor#1047)
• 117af38 chore: update dependency @ actions/core to v1.9.0 (Harbor launches slowly when registry has too many repositories goharbor/harbor#1052)
• 2aac249 chore: update dependency lint-staged to v13.0.2 (Add a flag to restrict project creation goharbor/harbor#1054)
• 9f29813 chore: update dependency typescript to v4.7.4 (command line hash generator to help with update password hash goharbor/harbor#1060)
• 02856cb feat: update typescript-eslint packages to v5.29.0 (Certificate issue with Harbor and docker daemon goharbor/harbor#1063)
• 6130377 feat: update dependency eslint to v8.18.0 (move from SHA1 to a decent hash algorithm goharbor/harbor#1061)
• c52a1d9 chore: added missing " to the readme (Fixes #1045 goharbor/harbor#1053)
• 9e8c340 feat: update typescript-eslint packages to v5.28.0 (Remove the installation package after the intallation of Harbor is successful. goharbor/harbor#1045)
• 6552d6c chore: publish v13.5.0
• 4bdea75 chore: add env-cmd devDep for releases
• f19bb30 feat(eslint-plugin-template): [button-has-type] add rule (user_test.go TestUsersUpdatePassword doesn't verify the new password. goharbor/harbor#928)
• 0bda2bb chore: publish v13.4.0
• 99e8d4a feat: update typescript-eslint packages to v5.27.1 (some configuration files under make/config/ should be ignored goharbor/harbor#1022)
• d095381 chore: pin dependency husky to 8.0.1 (modify prepare for genrate all common/config files from template goharbor/harbor#1039)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[secure-code-warrior-for-github]

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

[sourcery-ai]

PR Type: Enhancement

PR Summary: This PR addresses a security vulnerability by upgrading the @angular-eslint/builder package from version 13.2.1 to 14.0.1. The upgrade aims to fix a high severity Regular Expression Denial of Service (ReDoS) vulnerability.

Decision: Comment

📝 Type: 'Enhancement' - not supported yet.

• Sourcery currently only approves 'Typo fix' PRs.

✅ Issue addressed: this change correctly addresses the issue or implements the desired feature.

No details provided.

✅ Small diff: the diff is small enough to approve with confidence.

No details provided.

General suggestions:

• Ensure that the upgraded version of @angular-eslint/builder is fully compatible with the other @angular-eslint packages to prevent any potential integration issues.
• Verify that the breaking changes introduced by the upgrade do not affect the current project setup and coding standards enforced by the ESLint configuration.

Thanks for using Sourcery. We offer it for free for open source projects and would be very grateful if you could help us grow. If you like it, would you consider sharing Sourcery on your favourite social media? ✨

Share Sourcery

• X
• Mastodon
• LinkedIn
• Facebook

---

Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

[guardrails]

⚠️ We detected 9 security issues in this pull request:

Vulnerable Libraries (9)

Severity	Details
High	pkg:npm/@angular/[email protected] (t) upgrade to: > 13.3.11
High	pkg:npm/@angular/[email protected] (t) upgrade to: > 13.3.8
N/A	pkg:npm/[email protected] (t) upgrade to: 15.10.1
Medium	pkg:npm/[email protected] (t) upgrade to: > 8.17.0
Medium	pkg:npm/[email protected] (t) upgrade to: > 14.1.0
High	pkg:npm/[email protected] (t) upgrade to: > 4.18.1
Critical	pkg:npm/[email protected] (t) upgrade to: > 6.4.0
High	pkg:npm/@angular/[email protected] (t) upgrade to: > 13.3.11
High	pkg:npm/@angular-eslint/[email protected] (t) upgrade to: > 13.2.1

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[secure-code-warrior-for-github]

Micro-Learning Topic: Vulnerable library (Detected by phrase)

Matched on "Vulnerable Libraries"

What is this? (2min video)

Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.

Try a challenge in Secure Code Warrior

[github-actions]

This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days.

[github-actions]

This PR was closed because it has been stalled for 30 days with no activity. If this PR is still relevant, please re-open a new PR against main.

[github-actions]

This PR was closed because it has been stalled for 30 days with no activity. If this PR is still relevant, please re-open a new PR against main.