fix(@angular-devkit/build-angular): update loader-utils to 3.2.1

`loader-utils` is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable. See: GHSA-3rfm-jhwj-7488 Closes #24241
angular · Nov 16, 2022 · 21cea0b · 21cea0b
1 parent 7541e04
commit 21cea0b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -170,7 +170,7 @@
     "less-loader": "11.0.0",
     "license-checker": "^25.0.0",
     "license-webpack-plugin": "4.0.2",
-    "loader-utils": "3.2.0",
+    "loader-utils": "3.2.1",
     "magic-string": "0.26.2",
     "mini-css-extract-plugin": "2.6.1",
     "minimatch": "5.1.0",

diff --git a/packages/angular_devkit/build_angular/package.json b/packages/angular_devkit/build_angular/package.json
@@ -38,7 +38,7 @@
     "less": "4.1.3",
     "less-loader": "11.0.0",
     "license-webpack-plugin": "4.0.2",
-    "loader-utils": "3.2.0",
+    "loader-utils": "3.2.1",
     "mini-css-extract-plugin": "2.6.1",
     "minimatch": "5.1.0",
     "open": "8.4.0",

diff --git a/yarn.lock b/yarn.lock
@@ -7317,6 +7317,11 @@ loader-utils@3.2.0:
   resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.2.0.tgz#bcecc51a7898bee7473d4bc6b845b23af8304d4f"
   integrity sha512-HVl9ZqccQihZ7JM85dco1MvO9G+ONvxoGa9rkhzFsneGLKSUg1gJf9bWzhRhcvm2qChhWpebQhP44qxjKIUCaQ==
 
+loader-utils@3.2.1:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.2.1.tgz#4fb104b599daafd82ef3e1a41fb9265f87e1f576"
+  integrity sha512-ZvFw1KWS3GVyYBYb7qkmRM/WwL2TQQBxgCK62rlvm4WpVQ23Nb4tYjApUlfjrEGvOs7KHEsmyUn75OHZrJMWPw==
+
 loader-utils@^2.0.0:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.2.tgz#d6e3b4fb81870721ae4e0868ab11dd638368c129"