From 047c2b5c688b9056dbac90aeff39641c306e4ab4 Mon Sep 17 00:00:00 2001 From: Christian Torres Date: Thu, 5 Jun 2025 03:58:29 -0600 Subject: [PATCH] fix(@angular-devkit/build-angular): update dependency webpack-dev-server to v5.2.2 Security update for more information see: https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md#521-2025-03-26 --- package.json | 2 +- .../angular_devkit/build_angular/package.json | 2 +- pnpm-lock.yaml | 94 ++++++++++++++----- 3 files changed, 70 insertions(+), 28 deletions(-) diff --git a/package.json b/package.json index 4df432cf26da..862d727e4477 100644 --- a/package.json +++ b/package.json @@ -205,7 +205,7 @@ "watchpack": "2.4.2", "webpack": "5.98.0", "webpack-dev-middleware": "7.4.2", - "webpack-dev-server": "5.2.0", + "webpack-dev-server": "5.2.2", "webpack-merge": "6.0.1", "webpack-subresource-integrity": "5.1.0", "yargs": "17.7.2", diff --git a/packages/angular_devkit/build_angular/package.json b/packages/angular_devkit/build_angular/package.json index b24d03c37a09..c9ce45aae2af 100644 --- a/packages/angular_devkit/build_angular/package.json +++ b/packages/angular_devkit/build_angular/package.json @@ -58,7 +58,7 @@ "tslib": "2.8.1", "webpack": "5.98.0", "webpack-dev-middleware": "7.4.2", - "webpack-dev-server": "5.2.0", + "webpack-dev-server": "5.2.2", "webpack-merge": "6.0.1", "webpack-subresource-integrity": "5.1.0" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 75d943371bc4..af8a2a07a013 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -492,8 +492,8 @@ importers: specifier: 7.4.2 version: 7.4.2(webpack@5.98.0(esbuild@0.25.4)) webpack-dev-server: - specifier: 5.2.0 - version: 5.2.0(debug@4.4.0)(webpack@5.98.0(esbuild@0.25.4)) + specifier: 5.2.2 + version: 5.2.2(debug@4.4.0)(webpack@5.98.0(esbuild@0.25.4)) webpack-merge: specifier: 6.0.1 version: 6.0.1 @@ -912,8 +912,8 @@ importers: specifier: 7.4.2 version: 7.4.2(webpack@5.98.0(esbuild@0.25.4)) webpack-dev-server: - specifier: 5.2.0 - version: 5.2.0(debug@4.4.0)(webpack@5.98.0(esbuild@0.25.4)) + specifier: 5.2.2 + version: 5.2.2(debug@4.4.0)(webpack@5.98.0(esbuild@0.25.4)) webpack-merge: specifier: 6.0.1 version: 6.0.1 @@ -1762,6 +1762,7 @@ packages: '@bazel/typescript@5.8.1': resolution: {integrity: sha512-NAJ8WQHZL1WE1YmRoCrq/1hhG15Mvy/viWh6TkvFnBeEhNUiQUsA5GYyhU1ztnBIYW03nATO3vwhAEfO7Q0U5g==} + deprecated: No longer maintained, https://github.com/aspect-build/rules_ts is the recommended replacement hasBin: true peerDependencies: typescript: 5.8.1-rc @@ -2944,8 +2945,8 @@ packages: '@types/express@4.17.21': resolution: {integrity: sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==} - '@types/express@5.0.0': - resolution: {integrity: sha512-DvZriSMehGHL1ZNLzi6MidnsDhUZM/x2pRdDIKdwbUNqqwHxMlRdkxtn6/EPKyqKpHqTl/4nRZsRNLpZxZRpPQ==} + '@types/express@4.17.22': + resolution: {integrity: sha512-eZUmSnhRX9YRSkplpz0N+k6NljUUn5l3EWZIKZvYzhvMphEuNiyyy1viH/ejgt66JWgALwC/gtSUAeQKtSwW/w==} '@types/glob@7.2.0': resolution: {integrity: sha512-ZUxbzKl0IfJILTS6t7ip5fQQM/J3TJYubDm3nMbgubNNYS62eXeUpoLUC8/7fJNiFYHTrGPQn7hspDUzIHX3UA==} @@ -3064,6 +3065,9 @@ packages: '@types/q@0.0.32': resolution: {integrity: sha512-qYi3YV9inU/REEfxwVcGZzbS3KG/Xs90lv0Pr+lDtuVjBPGd1A+eciXzVSaRvLify132BfcvhvEjeVahrUl0Ug==} + '@types/qs@6.14.0': + resolution: {integrity: sha512-eOunJqu0K1923aExK6y8p6fsihYEn/BYuQ4g0CxAAgFc4b/ZLN4CrsRZ55srTdqoiLzU2B2evC+apEIxprEzkQ==} + '@types/qs@6.9.18': resolution: {integrity: sha512-kK7dgTYDyGqS+e2Q4aK9X3D7q234CIZ1Bv0q/7Z5IwRDoADNU81xXJK/YVyLbLTZCoIwUoDoffFeF+p/eIklAA==} @@ -3149,6 +3153,9 @@ packages: '@types/ws@8.18.0': resolution: {integrity: sha512-8svvI3hMyvN0kKCJMvTJP/x6Y/EoQbepff882wL+Sn5QsXb3etnamgrJq4isrBxSJj5L2AuXcI0+bgkoAXGUJw==} + '@types/ws@8.18.1': + resolution: {integrity: sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==} + '@types/ws@8.5.14': resolution: {integrity: sha512-bd/YFLW+URhBzMXurx7lWByOu+xzU9+kb3RboOteXYDfW+tr+JZa99OyNmPINEGB/ahzKrEuc8rcv4gnpJmxTw==} @@ -5200,8 +5207,8 @@ packages: resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==} engines: {node: '>= 14'} - http-proxy-middleware@2.0.7: - resolution: {integrity: sha512-fgVY8AV7qU7z/MmXJ/rxwbrtQH4jBQ9m7kp3llF0liB7glmFeVZFBepQb32T3y8n8k2+AEYuMPCpinYW+/CuRA==} + http-proxy-middleware@2.0.9: + resolution: {integrity: sha512-c1IyJYLYppU574+YI7R4QyX2ystMtVXZwIdzazUIPIJsHuWNd+mho2j+bKoHftndicGj9yh+xjd+l0yj7VeT1Q==} engines: {node: '>=12.0.0'} peerDependencies: '@types/express': ^4.17.13 @@ -6287,6 +6294,7 @@ packages: node-domexception@1.0.0: resolution: {integrity: sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==} engines: {node: '>=10.5.0'} + deprecated: Use your platform's native DOMException instead node-fetch-native@1.6.6: resolution: {integrity: sha512-8Mc2HhqPdlIfedsuZoc3yioPuzp6b+L5jRCRY1QzuWZh2EGJVQrGppC6V6cF0bLdbW0+O2YpqCA25aF/1lvipQ==} @@ -6932,13 +6940,14 @@ packages: puppeteer@18.2.1: resolution: {integrity: sha512-7+UhmYa7wxPh2oMRwA++k8UGVDxh3YdWFB52r9C3tM81T6BU7cuusUSxImz0GEYSOYUKk/YzIhkQ6+vc0gHbxQ==} engines: {node: '>=14.1.0'} - deprecated: < 19.4.0 is no longer supported + deprecated: < 22.8.2 is no longer supported q@1.4.1: resolution: {integrity: sha512-/CdEdaw49VZVmyIDGUQKDDT53c7qBkO6g5CefWz91Ae+l4+cRtcDYwMTXh6me4O8TMldeGHG3N2Bl84V78Ywbg==} engines: {node: '>=0.6.0', teleport: '>=0.2.0'} deprecated: |- You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other. + (For a CapTP with native promises, see @endo/eventual-send and @endo/captp) q@1.5.1: @@ -6946,6 +6955,7 @@ packages: engines: {node: '>=0.6.0', teleport: '>=0.2.0'} deprecated: |- You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other. + (For a CapTP with native promises, see @endo/eventual-send and @endo/captp) qjobs@1.2.0: @@ -7251,6 +7261,10 @@ packages: resolution: {integrity: sha512-Gf9qqc58SpCA/xdziiHz35F4GNIWYWZrEshUc/G/r5BnLph6xpKuLeoJoQuj5WfBIx/eQLf+hmVPYHaxJu7V2g==} engines: {node: '>= 10.13.0'} + schema-utils@4.3.2: + resolution: {integrity: sha512-Gn/JaSk/Mt9gYubxTtSn/QCV4em9mpAPiR1rqy/Ocu19u/G9J5WWdNoUT4SiV6mFC3y6cxyFcFwdzPM3FgxGAQ==} + engines: {node: '>= 10.13.0'} + select-hose@2.0.0: resolution: {integrity: sha512-mEugaLK+YfkijB4fx0e6kImuJdCIt2LxCRcbEYPqRGCs4F2ogyfZU5IAZRdjCP8JPq2AtdNoC/Dux63d9Kiryg==} @@ -8145,8 +8159,8 @@ packages: webpack: optional: true - webpack-dev-server@5.2.0: - resolution: {integrity: sha512-90SqqYXA2SK36KcT6o1bvwvZfJFcmoamqeJY7+boioffX9g9C0wjjJRGUrQIuh43pb0ttX7+ssavmj/WN2RHtA==} + webpack-dev-server@5.2.2: + resolution: {integrity: sha512-QcQ72gh8a+7JO63TAx/6XZf/CWhgMzu5m0QirvPfGvptOusAxG12w2+aua1Jkjr7hzaWDnJ2n6JFeexMHI+Zjg==} engines: {node: '>= 18.12.0'} hasBin: true peerDependencies: @@ -8303,6 +8317,18 @@ packages: utf-8-validate: optional: true + ws@8.18.2: + resolution: {integrity: sha512-DMricUmwGZUVr++AEAe2uiVM7UoO9MAVZMDu05UQOaUII0lp+zOzLLU4Xqh/JvTqklB1T4uELaaPBKyjE1r4fQ==} + engines: {node: '>=10.0.0'} + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: '>=5.0.2' + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + ws@8.9.0: resolution: {integrity: sha512-Ja7nszREasGaYUYCI2k4lCKIRTt+y7XuqVoHR44YpI49TtryyqbqvDMn5eqfW7e6HzTukDRIsXqzVHScqRcafg==} engines: {node: '>=10.0.0'} @@ -10587,7 +10613,7 @@ snapshots: '@types/cookies@0.9.0': dependencies: '@types/connect': 3.4.38 - '@types/express': 5.0.0 + '@types/express': 4.17.21 '@types/keygrip': 1.0.6 '@types/node': 18.19.76 @@ -10625,7 +10651,7 @@ snapshots: '@types/express-serve-static-core@5.0.6': dependencies: '@types/node': 18.19.76 - '@types/qs': 6.9.18 + '@types/qs': 6.14.0 '@types/range-parser': 1.2.7 '@types/send': 0.17.4 @@ -10636,11 +10662,11 @@ snapshots: '@types/qs': 6.9.18 '@types/serve-static': 1.15.7 - '@types/express@5.0.0': + '@types/express@4.17.22': dependencies: '@types/body-parser': 1.19.5 - '@types/express-serve-static-core': 5.0.6 - '@types/qs': 6.9.18 + '@types/express-serve-static-core': 4.19.6 + '@types/qs': 6.14.0 '@types/serve-static': 1.15.7 '@types/glob@7.2.0': @@ -10781,6 +10807,8 @@ snapshots: '@types/q@0.0.32': {} + '@types/qs@6.14.0': {} + '@types/qs@6.9.18': {} '@types/range-parser@1.2.7': {} @@ -10818,7 +10846,7 @@ snapshots: '@types/serve-index@1.9.4': dependencies: - '@types/express': 5.0.0 + '@types/express': 4.17.22 '@types/serve-static@1.15.7': dependencies: @@ -10885,6 +10913,10 @@ snapshots: dependencies: '@types/node': 18.19.76 + '@types/ws@8.18.1': + dependencies: + '@types/node': 18.19.76 + '@types/ws@8.5.14': dependencies: '@types/node': 18.19.76 @@ -13525,7 +13557,7 @@ snapshots: transitivePeerDependencies: - supports-color - http-proxy-middleware@2.0.7(@types/express@4.17.21)(debug@4.4.0): + http-proxy-middleware@2.0.9(@types/express@4.17.22)(debug@4.4.0): dependencies: '@types/http-proxy': 1.17.16 http-proxy: 1.18.1(debug@4.4.0) @@ -13533,7 +13565,7 @@ snapshots: is-plain-obj: 3.0.0 micromatch: 4.0.8 optionalDependencies: - '@types/express': 4.17.21 + '@types/express': 4.17.22 transitivePeerDependencies: - debug @@ -15319,7 +15351,7 @@ snapshots: debug: 4.4.0(supports-color@10.0.0) devtools-protocol: 0.0.1413902 typed-query-selector: 2.12.0 - ws: 8.18.1 + ws: 8.18.2 transitivePeerDependencies: - bare-buffer - bufferutil @@ -15712,6 +15744,13 @@ snapshots: ajv-formats: 2.1.1 ajv-keywords: 5.1.0(ajv@8.17.1) + schema-utils@4.3.2: + dependencies: + '@types/json-schema': 7.0.15 + ajv: 8.17.1 + ajv-formats: 2.1.1 + ajv-keywords: 5.1.0(ajv@8.17.1) + select-hose@2.0.0: {} selenium-webdriver@3.6.0: @@ -16787,15 +16826,16 @@ snapshots: optionalDependencies: webpack: 5.98.0(esbuild@0.25.4) - webpack-dev-server@5.2.0(debug@4.4.0)(webpack@5.98.0(esbuild@0.25.4)): + webpack-dev-server@5.2.2(debug@4.4.0)(webpack@5.98.0(esbuild@0.25.4)): dependencies: '@types/bonjour': 3.5.13 '@types/connect-history-api-fallback': 1.5.4 - '@types/express': 4.17.21 + '@types/express': 4.17.22 + '@types/express-serve-static-core': 4.19.6 '@types/serve-index': 1.9.4 '@types/serve-static': 1.15.7 '@types/sockjs': 0.3.36 - '@types/ws': 8.18.0 + '@types/ws': 8.18.1 ansi-html-community: 0.0.8 bonjour-service: 1.3.0 chokidar: 3.6.0 @@ -16804,18 +16844,18 @@ snapshots: connect-history-api-fallback: 2.0.0 express: 4.21.2 graceful-fs: 4.2.11 - http-proxy-middleware: 2.0.7(@types/express@4.17.21)(debug@4.4.0) + http-proxy-middleware: 2.0.9(@types/express@4.17.22)(debug@4.4.0) ipaddr.js: 2.2.0 launch-editor: 2.10.0 open: 10.1.0 p-retry: 6.2.1 - schema-utils: 4.3.0 + schema-utils: 4.3.2 selfsigned: 2.4.1 serve-index: 1.9.1 sockjs: 0.3.24 spdy: 4.0.2 webpack-dev-middleware: 7.4.2(webpack@5.98.0(esbuild@0.25.4)) - ws: 8.18.1 + ws: 8.18.2 optionalDependencies: webpack: 5.98.0(esbuild@0.25.4) transitivePeerDependencies: @@ -16980,6 +17020,8 @@ snapshots: ws@8.18.1: {} + ws@8.18.2: {} + ws@8.9.0: {} xhr2@0.2.1: {}