Skip to content

Commit b541219

Browse files
committed
fix(@angular-devkit/build-angular): update terser to address CVE-2022-25858
While this vulnerability cannot be exploited through the Angular CLI as we don't expect it to be run on production servers. We update terser to remove the unnecessary vulnerability noise. Closes angular#23593 (cherry picked from commit 3d0b6fe)
1 parent 7e33d1e commit b541219

File tree

3 files changed

+66
-3
lines changed

3 files changed

+66
-3
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,7 @@
221221
"symbol-observable": "4.0.0",
222222
"tar": "^6.1.6",
223223
"temp": "^0.9.0",
224-
"terser": "5.7.1",
224+
"terser": "5.14.2",
225225
"terser-webpack-plugin": "5.1.4",
226226
"text-table": "0.2.0",
227227
"tree-kill": "1.2.2",

packages/angular_devkit/build_angular/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@
6565
"style-loader": "3.2.1",
6666
"stylus": "0.54.8",
6767
"stylus-loader": "6.1.0",
68-
"terser": "5.7.1",
68+
"terser": "5.14.2",
6969
"terser-webpack-plugin": "5.1.4",
7070
"text-table": "0.2.0",
7171
"tree-kill": "1.2.2",

yarn.lock

Lines changed: 64 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1259,11 +1259,51 @@
12591259
resolved "https://registry.yarnpkg.com/@istanbuljs/schema/-/schema-0.1.3.tgz#e45e384e4b8ec16bce2fd903af78450f6bf7ec98"
12601260
integrity sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==
12611261

1262+
"@jridgewell/gen-mapping@^0.3.0":
1263+
version "0.3.2"
1264+
resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz#c1aedc61e853f2bb9f5dfe6d4442d3b565b253b9"
1265+
integrity sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==
1266+
dependencies:
1267+
"@jridgewell/set-array" "^1.0.1"
1268+
"@jridgewell/sourcemap-codec" "^1.4.10"
1269+
"@jridgewell/trace-mapping" "^0.3.9"
1270+
12621271
"@jridgewell/[email protected]":
12631272
version "1.0.0"
12641273
resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-1.0.0.tgz#3fdf5798f0b49e90155896f6291df186eac06c83"
12651274
integrity sha512-9oLAnygRMi8Q5QkYEU4XWK04B+nuoXoxjRvRxgjuChkLZFBja0YPSgdZ7dZtwhncLBcQe/I/E+fLuk5qxcYVJA==
12661275

1276+
"@jridgewell/resolve-uri@^3.0.3":
1277+
version "3.1.0"
1278+
resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78"
1279+
integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==
1280+
1281+
"@jridgewell/set-array@^1.0.1":
1282+
version "1.1.2"
1283+
resolved "https://registry.yarnpkg.com/@jridgewell/set-array/-/set-array-1.1.2.tgz#7c6cf998d6d20b914c0a55a91ae928ff25965e72"
1284+
integrity sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==
1285+
1286+
"@jridgewell/source-map@^0.3.2":
1287+
version "0.3.2"
1288+
resolved "https://registry.yarnpkg.com/@jridgewell/source-map/-/source-map-0.3.2.tgz#f45351aaed4527a298512ec72f81040c998580fb"
1289+
integrity sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==
1290+
dependencies:
1291+
"@jridgewell/gen-mapping" "^0.3.0"
1292+
"@jridgewell/trace-mapping" "^0.3.9"
1293+
1294+
"@jridgewell/sourcemap-codec@^1.4.10":
1295+
version "1.4.14"
1296+
resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24"
1297+
integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==
1298+
1299+
"@jridgewell/trace-mapping@^0.3.9":
1300+
version "0.3.14"
1301+
resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz#b231a081d8f66796e475ad588a1ef473112701ed"
1302+
integrity sha512-bJWEfQ9lPTvm3SneWwRFVLzrh6nhjwqw7TUFFBEMzwvg7t7PCDenf2lDwqo4NQXzdpgBXyFgDWnQA+2vkruksQ==
1303+
dependencies:
1304+
"@jridgewell/resolve-uri" "^3.0.3"
1305+
"@jridgewell/sourcemap-codec" "^1.4.10"
1306+
12671307
"@jsdevtools/[email protected]":
12681308
version "3.0.5"
12691309
resolved "https://registry.yarnpkg.com/@jsdevtools/coverage-istanbul-loader/-/coverage-istanbul-loader-3.0.5.tgz#2a4bc65d0271df8d4435982db4af35d81754ee26"
@@ -2609,6 +2649,11 @@ acorn@^8.4.1:
26092649
resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.4.1.tgz#56c36251fc7cabc7096adc18f05afe814321a28c"
26102650
integrity sha512-asabaBSkEKosYKMITunzX177CXxQ4Q8BSSzMTKD+FefUhipQC70gfW5SiUDhYQ3vk8G+81HqQk7Fv9OXwwn9KA==
26112651

2652+
acorn@^8.5.0:
2653+
version "8.7.1"
2654+
resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.7.1.tgz#0197122c843d1bf6d0a5e83220a788f278f63c30"
2655+
integrity sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==
2656+
26122657
adjust-sourcemap-loader@^4.0.0:
26132658
version "4.0.0"
26142659
resolved "https://registry.yarnpkg.com/adjust-sourcemap-loader/-/adjust-sourcemap-loader-4.0.0.tgz#fc4a0fd080f7d10471f30a7320f25560ade28c99"
@@ -10791,6 +10836,14 @@ source-map-support@~0.4.0:
1079110836
dependencies:
1079210837
source-map "^0.5.6"
1079310838

10839+
source-map-support@~0.5.20:
10840+
version "0.5.21"
10841+
resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f"
10842+
integrity sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==
10843+
dependencies:
10844+
buffer-from "^1.0.0"
10845+
source-map "^0.6.0"
10846+
1079410847
source-map-url@^0.4.0:
1079510848
version "0.4.1"
1079610849
resolved "https://registry.yarnpkg.com/source-map-url/-/source-map-url-0.4.1.tgz#0af66605a745a5a2f91cf1bbf8a7afbc283dec56"
@@ -11302,7 +11355,17 @@ [email protected], terser-webpack-plugin@^5.1.3:
1130211355
source-map "^0.6.1"
1130311356
terser "^5.7.0"
1130411357

11305-
[email protected], terser@^5.7.0:
11358+
11359+
version "5.14.2"
11360+
resolved "https://registry.yarnpkg.com/terser/-/terser-5.14.2.tgz#9ac9f22b06994d736174f4091aa368db896f1c10"
11361+
integrity sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA==
11362+
dependencies:
11363+
"@jridgewell/source-map" "^0.3.2"
11364+
acorn "^8.5.0"
11365+
commander "^2.20.0"
11366+
source-map-support "~0.5.20"
11367+
11368+
terser@^5.7.0:
1130611369
version "5.7.1"
1130711370
resolved "https://registry.yarnpkg.com/terser/-/terser-5.7.1.tgz#2dc7a61009b66bb638305cb2a824763b116bf784"
1130811371
integrity sha512-b3e+d5JbHAe/JSjwsC3Zn55wsBIM7AsHLjKxT31kGCldgbpFePaFo+PiddtO6uwRZWRw7sPXmAN8dTW61xmnSg==

0 commit comments

Comments
 (0)