From 21cea0b42f08bf56990bdade82e2daa7c33011ed Mon Sep 17 00:00:00 2001
From: Alan Agius <alanagius@google.com>
Date: Wed, 16 Nov 2022 11:24:22 +0000
Subject: [PATCH] fix(@angular-devkit/build-angular): update `loader-utils` to
 `3.2.1`

`loader-utils` is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable.

See: https://github.com/advisories/GHSA-3rfm-jhwj-7488

Closes #24241
---
 package.json                                       | 2 +-
 packages/angular_devkit/build_angular/package.json | 2 +-
 yarn.lock                                          | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index fb1d8654b2ba..786fb683cf27 100644
--- a/package.json
+++ b/package.json
@@ -170,7 +170,7 @@
     "less-loader": "11.0.0",
     "license-checker": "^25.0.0",
     "license-webpack-plugin": "4.0.2",
-    "loader-utils": "3.2.0",
+    "loader-utils": "3.2.1",
     "magic-string": "0.26.2",
     "mini-css-extract-plugin": "2.6.1",
     "minimatch": "5.1.0",
diff --git a/packages/angular_devkit/build_angular/package.json b/packages/angular_devkit/build_angular/package.json
index dd78c668e02a..ff68b5ad8fc4 100644
--- a/packages/angular_devkit/build_angular/package.json
+++ b/packages/angular_devkit/build_angular/package.json
@@ -38,7 +38,7 @@
     "less": "4.1.3",
     "less-loader": "11.0.0",
     "license-webpack-plugin": "4.0.2",
-    "loader-utils": "3.2.0",
+    "loader-utils": "3.2.1",
     "mini-css-extract-plugin": "2.6.1",
     "minimatch": "5.1.0",
     "open": "8.4.0",
diff --git a/yarn.lock b/yarn.lock
index 5570f36cabd7..12879154c1af 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7317,6 +7317,11 @@ loader-utils@3.2.0:
   resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.2.0.tgz#bcecc51a7898bee7473d4bc6b845b23af8304d4f"
   integrity sha512-HVl9ZqccQihZ7JM85dco1MvO9G+ONvxoGa9rkhzFsneGLKSUg1gJf9bWzhRhcvm2qChhWpebQhP44qxjKIUCaQ==
 
+loader-utils@3.2.1:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.2.1.tgz#4fb104b599daafd82ef3e1a41fb9265f87e1f576"
+  integrity sha512-ZvFw1KWS3GVyYBYb7qkmRM/WwL2TQQBxgCK62rlvm4WpVQ23Nb4tYjApUlfjrEGvOs7KHEsmyUn75OHZrJMWPw==
+
 loader-utils@^2.0.0:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.2.tgz#d6e3b4fb81870721ae4e0868ab11dd638368c129"