From 56a0059bb4f09e716f526c944d8e8853523feb0d Mon Sep 17 00:00:00 2001 From: Gregory DEPUILLE Date: Tue, 26 Mar 2024 13:18:45 +0100 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities (#115) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555 Co-authored-by: snyk-bot --- package.json | 2 +- yarn.lock | 119 +++++++++++++++++++++++++++++---------------------- 2 files changed, 70 insertions(+), 51 deletions(-) diff --git a/package.json b/package.json index e30eda7..6a2e1e2 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ "zone.js": "~0.13.3" }, "devDependencies": { - "@angular-devkit/build-angular": "^16.2.5", + "@angular-devkit/build-angular": "^16.2.13", "@angular-devkit/core": "^16.2.2", "@angular-eslint/builder": "^16.1.2", "@angular-eslint/eslint-plugin": "^16.1.2", diff --git a/yarn.lock b/yarn.lock index 5cc479e..852b765 100644 --- a/yarn.lock +++ b/yarn.lock @@ -23,6 +23,14 @@ "@jridgewell/gen-mapping" "^0.1.0" "@jridgewell/trace-mapping" "^0.3.9" +"@angular-devkit/architect@0.1602.13": + version "0.1602.13" + resolved "https://registry.yarnpkg.com/@angular-devkit/architect/-/architect-0.1602.13.tgz#0d5d0d2c0e42bea2c6bb2dc1d04b12e3b7726ce5" + integrity sha512-ejrOYoXgbhDYjdaW4B2SyWeb6AqR8vqqzMyvCq2JX7fo08IhLnVu1fcl0fwr161l37TuzgPNWrHSciOzzmZDkw== + dependencies: + "@angular-devkit/core" "16.2.13" + rxjs "7.8.1" + "@angular-devkit/architect@0.1602.2": version "0.1602.2" resolved "https://registry.yarnpkg.com/@angular-devkit/architect/-/architect-0.1602.2.tgz#03e9f562d559f88e6ec315f81ed9c363e69194dd" @@ -31,23 +39,15 @@ "@angular-devkit/core" "16.2.2" rxjs "7.8.1" -"@angular-devkit/architect@0.1602.5": - version "0.1602.5" - resolved "https://registry.yarnpkg.com/@angular-devkit/architect/-/architect-0.1602.5.tgz#43d6697d83e141d6fe3b1dae6e2e15b33c762942" - integrity sha512-lbFA2nrF0A1Rs6AU9yYeSHflsiorqL4tSwL7wMtQWMNawRjORiY7IwETyL0PmnlKsbbPlTGnWBhMfeGyBOowEw== - dependencies: - "@angular-devkit/core" "16.2.5" - rxjs "7.8.1" - -"@angular-devkit/build-angular@^16.2.5": - version "16.2.5" - resolved "https://registry.yarnpkg.com/@angular-devkit/build-angular/-/build-angular-16.2.5.tgz#0dcb03adb1894cdb1d5205a3bc2540cb2e130d58" - integrity sha512-ZHyMhhSZkulJiDyTvONJV2OwbxTdjbrJGfkUhv4k4f4HfV8ADUXlhanGjuqykxWG2CmDIsV09j/5b1lg2fYqww== +"@angular-devkit/build-angular@^16.2.13": + version "16.2.13" + resolved "https://registry.yarnpkg.com/@angular-devkit/build-angular/-/build-angular-16.2.13.tgz#9bb5a466e8e78ea7d560d74bc430e759d7a9ef59" + integrity sha512-2G8gnBpBKcu+/jJH5DJZyMgn2RwDFPgiNSkcLKFg5DdqVFVT3CCoZAobfpAEMndrysfMmoUPGuAmsgCfdczQjg== dependencies: "@ampproject/remapping" "2.2.1" - "@angular-devkit/architect" "0.1602.5" - "@angular-devkit/build-webpack" "0.1602.5" - "@angular-devkit/core" "16.2.5" + "@angular-devkit/architect" "0.1602.13" + "@angular-devkit/build-webpack" "0.1602.13" + "@angular-devkit/core" "16.2.13" "@babel/core" "7.22.9" "@babel/generator" "7.22.9" "@babel/helper-annotate-as-pure" "7.22.5" @@ -59,7 +59,7 @@ "@babel/runtime" "7.22.6" "@babel/template" "7.22.5" "@discoveryjs/json-ext" "0.5.7" - "@ngtools/webpack" "16.2.5" + "@ngtools/webpack" "16.2.13" "@vitejs/plugin-basic-ssl" "1.0.1" ansi-colors "4.1.3" autoprefixer "10.4.14" @@ -102,27 +102,27 @@ text-table "0.2.0" tree-kill "1.2.2" tslib "2.6.1" - vite "4.4.7" + vite "4.5.2" webpack "5.88.2" - webpack-dev-middleware "6.1.1" + webpack-dev-middleware "6.1.2" webpack-dev-server "4.15.1" webpack-merge "5.9.0" webpack-subresource-integrity "5.1.0" optionalDependencies: esbuild "0.18.17" -"@angular-devkit/build-webpack@0.1602.5": - version "0.1602.5" - resolved "https://registry.yarnpkg.com/@angular-devkit/build-webpack/-/build-webpack-0.1602.5.tgz#76f76dc2e7d1e4aa1f77abc6e88b4c443a907a04" - integrity sha512-cpdhZdi1I3/gu3wcwQyIstrbE0kpoa5vvHu9MFzQ9a/DZV0aAev2d1e9rgOwSRUTCB83LV8+eBY99jqmF54U/g== +"@angular-devkit/build-webpack@0.1602.13": + version "0.1602.13" + resolved "https://registry.yarnpkg.com/@angular-devkit/build-webpack/-/build-webpack-0.1602.13.tgz#6b9053532ce1cbcfbd8a334e70dfc569ec2b2faf" + integrity sha512-H7CqnC0kvWR0Q45ZXsCO3M9lGd4dOajEmkCVmq7vVptU3nJRbCqJ0ZScj9bH5YSlcdO0jPbOdcTELWyEZ3BMFQ== dependencies: - "@angular-devkit/architect" "0.1602.5" + "@angular-devkit/architect" "0.1602.13" rxjs "7.8.1" -"@angular-devkit/core@16.2.2", "@angular-devkit/core@^16.2.2": - version "16.2.2" - resolved "https://registry.yarnpkg.com/@angular-devkit/core/-/core-16.2.2.tgz#de9e8572cf5cc3d81106cc0aec21a51ee8e5a093" - integrity sha512-6H4FsvP3rLJaGiWpIhCFPS7ZeNoM4sSrnFtRhhecu6s7MidzE4aqzuGdzJpzLammw1KL+DuTlN0gpLtM1Bvcwg== +"@angular-devkit/core@16.2.13": + version "16.2.13" + resolved "https://registry.yarnpkg.com/@angular-devkit/core/-/core-16.2.13.tgz#9f81c1465f8ba0d5303844e2dc3eb663f807dc1b" + integrity sha512-6jTlYOIeYsOF/Vw/hBNusjoCmKJBByoyGS1Fu2Yav8ltxYK04aDtI73l9JJB/5Cpzhc4YELrMqBMH7in5Vowaw== dependencies: ajv "8.12.0" ajv-formats "2.1.1" @@ -131,10 +131,10 @@ rxjs "7.8.1" source-map "0.7.4" -"@angular-devkit/core@16.2.5": - version "16.2.5" - resolved "https://registry.yarnpkg.com/@angular-devkit/core/-/core-16.2.5.tgz#b95206886f1148633dae0db30eec6405e3f6bc77" - integrity sha512-d7xzdvv3aZiNgMtFERR3TxUAdKjzWiWUN94jjBeovITP32yFDz02DzXwUGMFIA3/YhZ/sAEEOKVF3pBXLJ6P4g== +"@angular-devkit/core@16.2.2", "@angular-devkit/core@^16.2.2": + version "16.2.2" + resolved "https://registry.yarnpkg.com/@angular-devkit/core/-/core-16.2.2.tgz#de9e8572cf5cc3d81106cc0aec21a51ee8e5a093" + integrity sha512-6H4FsvP3rLJaGiWpIhCFPS7ZeNoM4sSrnFtRhhecu6s7MidzE4aqzuGdzJpzLammw1KL+DuTlN0gpLtM1Bvcwg== dependencies: ajv "8.12.0" ajv-formats "2.1.1" @@ -1992,10 +1992,10 @@ dependencies: tslib "^2.0.0" -"@ngtools/webpack@16.2.5": - version "16.2.5" - resolved "https://registry.yarnpkg.com/@ngtools/webpack/-/webpack-16.2.5.tgz#2835f9648bdbf87315c45e6d97fe6fd587e37ef8" - integrity sha512-wq1dbbOUwrY/zkpZltcgmyEFANbJon79E5s4ueT3IT4NyiYh1uJeWa2vmB0kof7VP5Xhm/jutkJk336z67oLPg== +"@ngtools/webpack@16.2.13": + version "16.2.13" + resolved "https://registry.yarnpkg.com/@ngtools/webpack/-/webpack-16.2.13.tgz#b0841be543379c3b413ce68c74a963ae90414851" + integrity sha512-P5OiVp9MeMwVxihtC9NB4mx1Zlbup2DLMAWYAl8/kcFdRrRW+1YDQn93tlFToQDHGpPxkqW7cnFUPnA+QwQMYA== "@nodelib/fs.scandir@2.1.5": version "2.1.5" @@ -5947,6 +5947,11 @@ nanoid@^3.3.6: resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c" integrity sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA== +nanoid@^3.3.7: + version "3.3.7" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8" + integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g== + natural-compare@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" @@ -6612,7 +6617,7 @@ postcss-value-parser@^4.1.0, postcss-value-parser@^4.2.0: resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514" integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== -postcss@8.4.31, postcss@^8.2.14, postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.26: +postcss@8.4.31, postcss@^8.2.14, postcss@^8.4.21, postcss@^8.4.23: version "8.4.31" resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== @@ -6621,6 +6626,15 @@ postcss@8.4.31, postcss@^8.2.14, postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4. picocolors "^1.0.0" source-map-js "^1.0.2" +postcss@^8.4.27: + version "8.4.38" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.38.tgz#b387d533baf2054288e337066d81c6bee9db9e0e" + integrity sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A== + dependencies: + nanoid "^3.3.7" + picocolors "^1.0.0" + source-map-js "^1.2.0" + prelude-ls@^1.2.1: version "1.2.1" resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396" @@ -6967,10 +6981,10 @@ rimraf@^3.0.0, rimraf@^3.0.2: dependencies: glob "^7.1.3" -rollup@^3.25.2: - version "3.29.2" - resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.29.2.tgz#cbc76cd5b03b9f9e93be991d23a1dff9c6d5b740" - integrity sha512-CJouHoZ27v6siztc21eEQGo0kIcE5D1gVPA571ez0mMYb25LGYGKnVNXpEj5MGlepmDWGXNjDB5q7uNiPHC11A== +rollup@^3.27.1: + version "3.29.4" + resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.29.4.tgz#4d70c0f9834146df8705bfb69a9a19c9e1109981" + integrity sha512-oWzmBZwvYrU0iJHtDmhsm662rC15FRXmcjCk1xD771dFDx5jJ02ufAQQTn0etB2emNk4J9EZg/yWKpsn9BWGRw== optionalDependencies: fsevents "~2.3.2" @@ -7294,6 +7308,11 @@ socks@^2.6.2: resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.0.2.tgz#adbc361d9c62df380125e7f161f71c826f1e490c" integrity sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw== +source-map-js@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.2.0.tgz#16b809c162517b5b8c3e7dcd315a2a5c2612b2af" + integrity sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg== + source-map-loader@4.0.1: version "4.0.1" resolved "https://registry.yarnpkg.com/source-map-loader/-/source-map-loader-4.0.1.tgz#72f00d05f5d1f90f80974eda781cbd7107c125f2" @@ -7869,14 +7888,14 @@ vary@~1.1.2: resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" integrity sha1-IpnwLG3tMNSllhsLn3RSShj2NPw= -vite@4.4.7: - version "4.4.7" - resolved "https://registry.yarnpkg.com/vite/-/vite-4.4.7.tgz#71b8a37abaf8d50561aca084dbb77fa342824154" - integrity sha512-6pYf9QJ1mHylfVh39HpuSfMPojPSKVxZvnclX1K1FyZ1PXDOcLBibdq5t1qxJSnL63ca8Wf4zts6mD8u8oc9Fw== +vite@4.5.2: + version "4.5.2" + resolved "https://registry.yarnpkg.com/vite/-/vite-4.5.2.tgz#d6ea8610e099851dad8c7371599969e0f8b97e82" + integrity sha512-tBCZBNSBbHQkaGyhGCDUGqeo2ph8Fstyp6FMSvTtsXeZSPpSMGlviAOav2hxVTqFcx8Hj/twtWKsMJXNY0xI8w== dependencies: esbuild "^0.18.10" - postcss "^8.4.26" - rollup "^3.25.2" + postcss "^8.4.27" + rollup "^3.27.1" optionalDependencies: fsevents "~2.3.2" @@ -7926,10 +7945,10 @@ webidl-conversions@^6.1.0: resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-6.1.0.tgz#9111b4d7ea80acd40f5270d666621afa78b69514" integrity sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w== -webpack-dev-middleware@6.1.1: - version "6.1.1" - resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-6.1.1.tgz#6bbc257ec83ae15522de7a62f995630efde7cc3d" - integrity sha512-y51HrHaFeeWir0YO4f0g+9GwZawuigzcAdRNon6jErXy/SqV/+O6eaVAzDqE6t3e3NpGeR5CS+cCDaTC+V3yEQ== +webpack-dev-middleware@6.1.2: + version "6.1.2" + resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-6.1.2.tgz#0463232e59b7d7330fa154121528d484d36eb973" + integrity sha512-Wu+EHmX326YPYUpQLKmKbTyZZJIB8/n6R09pTmB03kJmnMsVPTo9COzHZFr01txwaCAuZvfBJE4ZCHRcKs5JaQ== dependencies: colorette "^2.0.10" memfs "^3.4.12"