[Snyk] Fix for 3 vulnerabilities

[SuperITMan]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/stark-build/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @angular-builders/custom-webpack

The new version differs by 77 commits.

• 4dd0f2d ci(release): publish
• dae4a57 ci(release): publish
• b0b6a80 fix(ci): graduate flow
• 020d3c4 fix(ci): update node version in graduate workflow
• 3184a34 chore(deps): update commitlint monorepo to v17.6.5 (fix(stark-ui): ui: app-data - in 'dropdown' mode the 'detail' pane overlaps the 'summary' #1383)
• d9df15b chore(deps): update dependency cpy-cli to v4 (showcase: bug with lazy loaded demo-ui module and @ngrx/store-devtools/recompute #1175)
• d3a537c chore(deps): update dependency @ types/node to v18 (Update @angular-devkit/build-angular in group stark-packages to the latest version 🚀 #1298)
• 5717596 chore(deps): update dependency @ types/jasmine to v4.3.2 (performance: all - enable ChangeDetectionStrategy.OnPush wherever possible #1331)
• 8d74d14 chore(deps): update dependency @ types/node to v16.18.34 (feat(stark-demo): add the ngx form error to the showcase #1358)
• aa04af3 chore(deps): update dependency @ types/lodash to v4.14.195 (fix(stark-ui): reset line-height of <input/> to avoid letters to be cut off at the bottom #1382)
• 8cfc11e chore(deps): update dependency cypress to v12.13.0 (Fix/custom table actions #1376)
• 047cfa6 chore(deps): update dependency tslib to v2.5.2 (ui: dropdown - label is floating when empty multiSelect is enabled and value == [] #1370)
• 726c605 chore(deps): update dependency html-webpack-plugin to v5.5.1 (Update tsickle to the latest version 🚀 #1359)
• 358409d chore(deps): update angular-cli monorepo to v16.0.3 (fix(stark-ui): fix side navigation rendering behind header #1381)
• ca2b535 chore(deps): update angular monorepo to v16.0.3 (fix(build): fix TypeScript compilation while linking stark-ui to showcase #1375)
• 4fe16d0 chore(deps): update dependency rimraf to v5 (Greenkeeper/stark apps/core js 3.2.1 #1380)
• 13465fc chore(deps): update dependency puppeteer to v20 (Update core-js in group stark-apps to the latest version 🚀 #1378)
• c05d5f4 chore(deps): update dependency jest-junit to v16 (feat(stark-ui): table - add support for angular CDK selection model #1377)
• faeb075 chore(deps): update dependency @ lerna-lite/cli to v2 (Update gh-pages in group stark-apps to the latest version 🚀 #1372)
• efa4467 ci(release): publish
• 8f728fa chore(deps): update dependency jasmine-core to v5 (<input /> height too small #1374)
• 97d816a ci(release): publish
• aae89a1 chore(jest): update default mocks (fix(stark-ui): dropdown - fix container click + badly floating label in multiSelect #1371)
• 97e6f46 ci(release): publish

See the full diff

Package name: @angular-devkit/build-angular

The new version differs by 250 commits.

• 29f2c17 release: cut the v16.1.0 release
• f0a4ce6 build: bump versions for minor release
• 72629bd refactor: move esbuild index generator, code bundle option and execution results
• 15e0a88 refactor(@ angular-devkit/build-angular): update code base structure to facilitate future builders
• abc49bd build: update angular
• 8424ab0 fix(@ angular-devkit/build-angular): support proxy configuration array-form in esbuild builder
• a0e3ae9 docs: removed the duplicate words
• 32e2b22 refactor: removed unused import statements
• 0e25fec refactor: replaced the String wrapper object with primitive type string
• 78084aa build: update all non-major dependencies
• 1aa9fb4 docs: updated the i tag to the em tag in the html and docs
• 0fa1167 build: update all non-major dependencies
• cd7c825 fix(@ angular-devkit/build-angular): correctly handle sass imports
• ef384f3 build: update angular
• 8772b62 release: cut the v16.1.0-rc.0 release
• bc48a0d build: update all non-major dependencies
• 15c14f7 docs: release notes for the v16.0.5 release
• bc5b7d5 refactor(@ angular-devkit/build-angular): improve initial file analysis for esbuild builder
• 7155cbe fix(@ angular-devkit/build-angular): ignore folders starting with a dot in browser-esbuild watcher
• 772fe84 fix(@ angular-devkit/build-angular): ignore .git folder in browser-esbuild watcher
• e2954d2 build: update angular
• dfc052a refactor(@ schematics/angular): deprecate private standalone utilities
• b14b959 feat(@ schematics/angular): add bootstrap-agnostic utilities for writing ng-add schematics
• b36effd refactor(@ schematics/angular): add utility to find top-level identifiers

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 5882290 16.1.0
• 6c4b64d Prepare 16.1.0 (#7415)
• 566c422 Bump file-entry-cache from 7.0.2 to 8.0.0 (#7427)
• 42bf8f8 Bump meow from 12.1.1 to 13.0.0 (#7426)
• cb509a0 Fix `function-url-quotes` false positives for SCSS variable and `@` character (#7416)
• e222352 Document benefits from TypeScript annotation (#7423)
• 760a6f1 Fix `selector-pseudo-class-no-unknown` false positive for `:popover-open` (#7425)
• 8ec6748 Add `ignore: ["keyframe-selectors"]` to `selector-disallowed-list` (#7417)
• 548b221 Add missing changelog for PR #7366
• 19ab06a Sort rules alphabetically in `docs/user-guide/rules.md` (#7422)
• 0e8b1fd Bump rollup from 4.8.0 to 4.9.1 (#7414)
• 0455938 Bump the csstools-parser group with 2 updates (#7411)
• e03a0f9 Update stylelint-stylistic plugin link (#7419)
• b92260f Bump @ csstools/selector-specificity from 3.0.0 to 3.0.1 (#7413)
• 368e40f Bump the eslint group with 2 updates (#7412)
• ef766cd Bump github/codeql-action from 2 to 3 (#7410)
• b34a184 Document testing options in more detail in the v16 migration guide (#7407)
• 7620c2c Fix `declaration-property-value-no-unknown` and other false positives for multiline SCSS interpolation (#7406)
• d03def6 Add lightness-notation (#7366)
• da7ce21 16.0.2
• 303b3c9 Prepare 16.0.2 (#7386)
• fbc6adf Bump rollup from 4.6.1 to 4.8.0 (#7394)
• d4b12aa Bump np from 8.0.4 to 9.2.0 (#7391)
• 0ec3df4 Bump the typescript group with 1 update (#7390)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Regular Expression Denial of Service (ReDoS)

[sonarcloud]

Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud