Skip to content

Commit 408770d

Browse files
alan-agius4filipesilva
alan-agius4
authored and
filipesilva
committedMay 15, 2020
fix(@angular-devkit/build-angular): address vulnerability in webpack-dev-server
webpack-dev-server <3.11.0 and protractor <7 contains a low severity vulnerability due to one of its dependencies (yargs-parser) See: https://npmjs.com/advisories/1500 Fixes #17642
·
v9.1.15v9.1.7
1 parent 27907dd commit 408770d

File tree

2 files changed

+88
-14
lines changed

2 files changed

+88
-14
lines changed
 

‎packages/angular_devkit/build_angular/package.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@
6363
"terser-webpack-plugin": "2.3.5",
6464
"webpack": "4.42.0",
6565
"webpack-dev-middleware": "3.7.2",
66-
"webpack-dev-server": "3.10.3",
66+
"webpack-dev-server": "3.11.0",
6767
"webpack-merge": "4.2.2",
6868
"webpack-sources": "1.4.3",
6969
"webpack-subresource-integrity": "1.4.0",
@@ -96,7 +96,7 @@
9696
"karma-jasmine": "~3.1.0",
9797
"karma-jasmine-html-reporter": "^1.4.0",
9898
"popper.js": "^1.14.1",
99-
"protractor": "~5.4.0",
99+
"protractor": "~7.0.0",
100100
"tslib": "~1.11.0",
101101
"zone.js": "^0.10.0"
102102
},

‎yarn.lock

+86-12
Original file line numberDiff line numberDiff line change
@@ -5610,6 +5610,11 @@ html-entities@^1.2.1:
56105610
resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-1.2.1.tgz#0df29351f0721163515dfb9e5543e5f6eed5162f"
56115611
integrity sha1-DfKTUfByEWNRXfueVUPl9u7VFi8=
56125612

5613+
html-entities@^1.3.1:
5614+
version "1.3.1"
5615+
resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-1.3.1.tgz#fb9a1a4b5b14c5daba82d3e34c6ae4fe701a0e44"
5616+
integrity sha512-rhE/4Z3hIhzHAUKbW8jVcCyuT5oJCXXqhN/6mXXVCpzTmvJnoH2HL/bt3EZ6p55jbFJBeAe1ZNpL5BugLujxNA==
5617+
56135618
html-escaper@^2.0.0:
56145619
version "2.0.2"
56155620
resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453"
@@ -7248,6 +7253,11 @@ loglevel@^1.6.6:
72487253
resolved "https://registry.yarnpkg.com/loglevel/-/loglevel-1.6.7.tgz#b3e034233188c68b889f5b862415306f565e2c56"
72497254
integrity sha512-cY2eLFrQSAfVPhCgH1s7JI73tMbg9YC3v3+ZHVW67sBS7UxWzNEk/ZBbSfLykBWHp33dqqtOv82gjhKEi81T/A==
72507255

7256+
loglevel@^1.6.8:
7257+
version "1.6.8"
7258+
resolved "https://registry.yarnpkg.com/loglevel/-/loglevel-1.6.8.tgz#8a25fb75d092230ecd4457270d80b54e28011171"
7259+
integrity sha512-bsU7+gc9AJ2SqpzxwU3+1fedl8zAntbtC5XYlt3s2j1hJcn2PsXSmgN8TaLG/J1/2mod4+cE/3vNL70/c1RNCA==
7260+
72517261
long@^4.0.0:
72527262
version "4.0.0"
72537263
resolved "https://registry.yarnpkg.com/long/-/long-4.0.0.tgz#9a7b71cfb7d361a194ea555241c92f7468d5bf28"
@@ -8271,7 +8281,7 @@ opn@^5.5.0:
82718281
dependencies:
82728282
is-wsl "^1.1.0"
82738283

8274-
optimist@^0.6.1, optimist@~0.6.0:
8284+
optimist@^0.6.1:
82758285
version "0.6.1"
82768286
resolved "https://registry.yarnpkg.com/optimist/-/optimist-0.6.1.tgz#da3ea74686fa21a19a111c326e90eb15a0196686"
82778287
integrity sha1-2j6nRob6IaGaERwybpDrFaAZZoY=
@@ -8805,6 +8815,15 @@ portfinder@^1.0.25:
88058815
debug "^3.1.1"
88068816
mkdirp "^0.5.1"
88078817

8818+
portfinder@^1.0.26:
8819+
version "1.0.26"
8820+
resolved "https://registry.yarnpkg.com/portfinder/-/portfinder-1.0.26.tgz#475658d56ca30bed72ac7f1378ed350bd1b64e70"
8821+
integrity sha512-Xi7mKxJHHMI3rIUrnm/jjUgwhbYMkp/XKEcZX3aG4BrumLpq3nmoQMX+ClYnDZnZ/New7IatC1no5RX0zo1vXQ==
8822+
dependencies:
8823+
async "^2.6.2"
8824+
debug "^3.1.1"
8825+
mkdirp "^0.5.1"
8826+
88088827
posix-character-classes@^0.1.0:
88098828
version "0.1.1"
88108829
resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
@@ -9252,10 +9271,10 @@ protoduck@^5.0.1:
92529271
dependencies:
92539272
genfun "^5.0.0"
92549273

9255-
protractor@~5.4.0:
9256-
version "5.4.3"
9257-
resolved "https://registry.yarnpkg.com/protractor/-/protractor-5.4.3.tgz#35f050741e404a45868618ea648745d89af31683"
9258-
integrity sha512-7pMAolv8Ah1yJIqaorDTzACtn3gk7BamVKPTeO5lqIGOrfosjPgXFx/z1dqSI+m5EeZc2GMJHPr5DYlodujDNA==
9274+
protractor@~7.0.0:
9275+
version "7.0.0"
9276+
resolved "https://registry.yarnpkg.com/protractor/-/protractor-7.0.0.tgz#c3e263608bd72e2c2dc802b11a772711a4792d03"
9277+
integrity sha512-UqkFjivi4GcvUQYzqGYNe0mLzfn5jiLmO8w9nMhQoJRLhy2grJonpga2IWhI6yJO30LibWXJJtA4MOIZD2GgZw==
92599278
dependencies:
92609279
"@types/q" "^0.0.32"
92619280
"@types/selenium-webdriver" "^3.0.0"
@@ -9265,13 +9284,13 @@ protractor@~5.4.0:
92659284
glob "^7.0.3"
92669285
jasmine "2.8.0"
92679286
jasminewd2 "^2.1.0"
9268-
optimist "~0.6.0"
92699287
q "1.4.1"
92709288
saucelabs "^1.5.0"
92719289
selenium-webdriver "3.6.0"
92729290
source-map-support "~0.4.0"
92739291
webdriver-js-extender "2.1.0"
9274-
webdriver-manager "^12.0.6"
9292+
webdriver-manager "^12.1.7"
9293+
yargs "^15.3.1"
92759294

92769295
proxy-addr@~2.0.5:
92779296
version "2.0.6"
@@ -10466,6 +10485,15 @@ sockjs@0.3.19:
1046610485
faye-websocket "^0.10.0"
1046710486
uuid "^3.0.1"
1046810487

10488+
sockjs@0.3.20:
10489+
version "0.3.20"
10490+
resolved "https://registry.yarnpkg.com/sockjs/-/sockjs-0.3.20.tgz#b26a283ec562ef8b2687b44033a4eeceac75d855"
10491+
integrity sha512-SpmVOVpdq0DJc0qArhF3E5xsxvaiqGNb73XfgBpK1y3UD5gs8DSo8aCTsuT5pX8rssdc2NDIzANwP9eCAiSdTA==
10492+
dependencies:
10493+
faye-websocket "^0.10.0"
10494+
uuid "^3.4.0"
10495+
websocket-driver "0.6.5"
10496+
1046910497
socks-proxy-agent@^4.0.0:
1047010498
version "4.0.2"
1047110499
resolved "https://registry.yarnpkg.com/socks-proxy-agent/-/socks-proxy-agent-4.0.2.tgz#3c8991f3145b2799e70e11bd5fbc8b1963116386"
@@ -10643,7 +10671,7 @@ spdy-transport@^3.0.0:
1064310671
readable-stream "^3.0.6"
1064410672
wbuf "^1.7.3"
1064510673

10646-
spdy@^4.0.1:
10674+
spdy@^4.0.1, spdy@^4.0.2:
1064710675
version "4.0.2"
1064810676
resolved "https://registry.yarnpkg.com/spdy/-/spdy-4.0.2.tgz#b74f466203a3eda452c02492b91fb9e84a27677b"
1064910677
integrity sha512-r46gZQZQV+Kl9oItvl1JZZqJKGr+oEkB08A6BzkiR7593/7IbtuncXHd2YoYeTsG4157ZssMu9KYvUHLcjcDoA==
@@ -11765,7 +11793,7 @@ uuid@7.0.2:
1176511793
resolved "https://registry.yarnpkg.com/uuid/-/uuid-7.0.2.tgz#7ff5c203467e91f5e0d85cfcbaaf7d2ebbca9be6"
1176611794
integrity sha512-vy9V/+pKG+5ZTYKf+VcphF5Oc6EFiu3W8Nv3P3zIh0EqVI80ZxOzuPfe9EHjkFNvf8+xuTHVeei4Drydlx4zjw==
1176711795

11768-
uuid@^3.0.0, uuid@^3.0.1, uuid@^3.1.0, uuid@^3.3.2:
11796+
uuid@^3.0.0, uuid@^3.0.1, uuid@^3.1.0, uuid@^3.3.2, uuid@^3.4.0:
1176911797
version "3.4.0"
1177011798
resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee"
1177111799
integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==
@@ -11947,7 +11975,7 @@ webdriver-js-extender@2.1.0:
1194711975
"@types/selenium-webdriver" "^3.0.0"
1194811976
selenium-webdriver "^3.0.1"
1194911977

11950-
webdriver-manager@^12.0.6:
11978+
webdriver-manager@^12.1.7:
1195111979
version "12.1.7"
1195211980
resolved "https://registry.yarnpkg.com/webdriver-manager/-/webdriver-manager-12.1.7.tgz#ed4eaee8f906b33c146e869b55e850553a1b1162"
1195311981
integrity sha512-XINj6b8CYuUYC93SG3xPkxlyUc3IJbD6Vvo75CVGuG9uzsefDzWQrhz0Lq8vbPxtb4d63CZdYophF8k8Or/YiA==
@@ -11980,7 +12008,46 @@ webpack-dev-middleware@3.7.2, webpack-dev-middleware@^3.7.2:
1198012008
range-parser "^1.2.1"
1198112009
webpack-log "^2.0.0"
1198212010

11983-
webpack-dev-server@3.10.3, webpack-dev-server@^3.1.4:
12011+
webpack-dev-server@3.11.0:
12012+
version "3.11.0"
12013+
resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-3.11.0.tgz#8f154a3bce1bcfd1cc618ef4e703278855e7ff8c"
12014+
integrity sha512-PUxZ+oSTxogFQgkTtFndEtJIPNmml7ExwufBZ9L2/Xyyd5PnOL5UreWe5ZT7IU25DSdykL9p1MLQzmLh2ljSeg==
12015+
dependencies:
12016+
ansi-html "0.0.7"
12017+
bonjour "^3.5.0"
12018+
chokidar "^2.1.8"
12019+
compression "^1.7.4"
12020+
connect-history-api-fallback "^1.6.0"
12021+
debug "^4.1.1"
12022+
del "^4.1.1"
12023+
express "^4.17.1"
12024+
html-entities "^1.3.1"
12025+
http-proxy-middleware "0.19.1"
12026+
import-local "^2.0.0"
12027+
internal-ip "^4.3.0"
12028+
ip "^1.1.5"
12029+
is-absolute-url "^3.0.3"
12030+
killable "^1.0.1"
12031+
loglevel "^1.6.8"
12032+
opn "^5.5.0"
12033+
p-retry "^3.0.1"
12034+
portfinder "^1.0.26"
12035+
schema-utils "^1.0.0"
12036+
selfsigned "^1.10.7"
12037+
semver "^6.3.0"
12038+
serve-index "^1.9.1"
12039+
sockjs "0.3.20"
12040+
sockjs-client "1.4.0"
12041+
spdy "^4.0.2"
12042+
strip-ansi "^3.0.1"
12043+
supports-color "^6.1.0"
12044+
url "^0.11.0"
12045+
webpack-dev-middleware "^3.7.2"
12046+
webpack-log "^2.0.0"
12047+
ws "^6.2.1"
12048+
yargs "^13.3.2"
12049+
12050+
webpack-dev-server@^3.1.4:
1198412051
version "3.10.3"
1198512052
resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-3.10.3.tgz#f35945036813e57ef582c2420ef7b470e14d3af0"
1198612053
integrity sha512-e4nWev8YzEVNdOMcNzNeCN947sWJNd43E5XvsJzbAL08kGc2frm1tQ32hTJslRS+H65LCb/AaUCYU7fjHCpDeQ==
@@ -12078,6 +12145,13 @@ webpack@4.42.0:
1207812145
watchpack "^1.6.0"
1207912146
webpack-sources "^1.4.1"
1208012147

12148+
websocket-driver@0.6.5:
12149+
version "0.6.5"
12150+
resolved "https://registry.yarnpkg.com/websocket-driver/-/websocket-driver-0.6.5.tgz#5cb2556ceb85f4373c6d8238aa691c8454e13a36"
12151+
integrity sha1-XLJVbOuF9Dc8bYI4qmkchFThOjY=
12152+
dependencies:
12153+
websocket-extensions ">=0.1.1"
12154+
1208112155
websocket-driver@>=0.5.1:
1208212156
version "0.7.3"
1208312157
resolved "https://registry.yarnpkg.com/websocket-driver/-/websocket-driver-0.7.3.tgz#a2d4e0d4f4f116f1e6297eba58b05d430100e9f9"
@@ -12421,7 +12495,7 @@ yargs@^11.0.0:
1242112495
y18n "^3.2.1"
1242212496
yargs-parser "^9.0.2"
1242312497

12424-
yargs@^13.2.4:
12498+
yargs@^13.2.4, yargs@^13.3.2:
1242512499
version "13.3.2"
1242612500
resolved "https://registry.yarnpkg.com/yargs/-/yargs-13.3.2.tgz#ad7ffefec1aa59565ac915f82dccb38a9c31a2dd"
1242712501
integrity sha512-AX3Zw5iPruN5ie6xGRIDgqkT+ZhnRlZMLMHAs8tg7nRruy2Nb+i5o9bwghAogtM08q1dpr2LVoS8KSTMYpWXUw==

0 commit comments

Comments
 (0)
Please sign in to comment.