Skip to content

Commit

Permalink
fix(@angular-devkit/build-angular): update terser-webpack-plugin to 3…
Browse files Browse the repository at this point in the history 
….0.3

Fixes security issue serialize-javascript prior to 3.1.0 allows remote attackers

Closes #17912
  • Loading branch information
@alan-agius4
alan-agius4 committed Jun 12, 2020
1 parent 0083b48 commit 955904c
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 57 deletions.
2 changes: 1 addition & 1 deletion packages/angular_devkit/build_angular/package.json
View file
Expand Up @@ -60,7 +60,7 @@
"stylus-loader": "3.0.2",
"tree-kill": "1.2.2",
"terser": "4.6.10",
"terser-webpack-plugin": "2.3.5",
"terser-webpack-plugin": "3.0.3",
"webpack": "4.42.0",
"webpack-dev-middleware": "3.7.2",
"webpack-dev-server": "3.11.0",
Expand Down
7 changes: 3 additions & 4 deletions packages/angular_devkit/build_angular/src/angular-cli-files/models/webpack-configs/common.ts
View file
Expand Up @@ -434,14 +434,14 @@ export function getCommonConfig(wco: WebpackConfigOptions): Configuration {
mangle: allowMangle && buildOptions.platform !== 'server' && !differentialLoadingMode,
};

const globalScriptsNames = globalScriptsByBundleName.map(s => s.bundleName);
extraMinimizers.push(
new TerserPlugin({
sourceMap: scriptsSourceMap,
parallel: maxWorkers,
cache: !cachingDisabled && findCachePath('terser-webpack'),
extractComments: false,
chunkFilter: (chunk: compilation.Chunk) =>
!globalScriptsByBundleName.some(s => s.bundleName === chunk.name),
exclude: globalScriptsNames,
terserOptions,
}),
// Script bundles are fully optimized here in one step since they are never downleveled.
Expand All @@ -451,8 +451,7 @@ export function getCommonConfig(wco: WebpackConfigOptions): Configuration {
parallel: maxWorkers,
cache: !cachingDisabled && findCachePath('terser-webpack'),
extractComments: false,
chunkFilter: (chunk: compilation.Chunk) =>
globalScriptsByBundleName.some(s => s.bundleName === chunk.name),
include: globalScriptsNames,
terserOptions: {
...terserOptions,
compress: allowMinify && {
Expand Down
81 changes: 29 additions & 52 deletions yarn.lock
View file
Expand Up @@ -2792,30 +2792,6 @@ cacache@^12.0.0, cacache@^12.0.2:
unique-filename "^1.1.1"
y18n "^4.0.0"

cacache@^13.0.1:
version "13.0.1"
resolved "https://registry.yarnpkg.com/cacache/-/cacache-13.0.1.tgz#a8000c21697089082f85287a1aec6e382024a71c"
integrity sha512-5ZvAxd05HDDU+y9BVvcqYu2LLXmPnQ0hW62h32g4xBTgL/MppR4/04NHfj/ycM2y6lmTnbw6HVi+1eN0Psba6w==
dependencies:
chownr "^1.1.2"
figgy-pudding "^3.5.1"
fs-minipass "^2.0.0"
glob "^7.1.4"
graceful-fs "^4.2.2"
infer-owner "^1.0.4"
lru-cache "^5.1.1"
minipass "^3.0.0"
minipass-collect "^1.0.2"
minipass-flush "^1.0.5"
minipass-pipeline "^1.2.2"
mkdirp "^0.5.1"
move-concurrently "^1.0.1"
p-map "^3.0.0"
promise-inflight "^1.0.1"
rimraf "^2.7.1"
ssri "^7.0.0"
unique-filename "^1.1.1"

cacache@^15.0.4:
version "15.0.4"
resolved "https://registry.yarnpkg.com/cacache/-/cacache-15.0.4.tgz#b2c23cf4ac4f5ead004fb15a0efb0a20340741f1"
Expand Down Expand Up @@ -4986,7 +4962,7 @@ finalhandler@1.1.2, finalhandler@~1.1.2:
statuses "~1.5.0"
unpipe "~1.0.0"

find-cache-dir@3.3.1, find-cache-dir@^3.2.0, find-cache-dir@^3.3.1:
find-cache-dir@3.3.1, find-cache-dir@^3.3.1:
version "3.3.1"
resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-3.3.1.tgz#89b33fad4a4670daa94f855f7fbe31d6d84fe880"
integrity sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==
Expand Down Expand Up @@ -5483,7 +5459,7 @@ got@^9.6.0:
to-readable-stream "^1.0.0"
url-parse-lax "^3.0.0"

graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.2:
graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0:
version "4.2.3"
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.3.tgz#4a12ff1b60376ef09862c2093edd908328be8423"
integrity sha512-a30VEBm4PEdx1dRB7MFK7BejejvCvBronbLjht+sHuGYj8PHs7M/5Z+rt5lw551vZ7yfTCj4Vuyy3mSJytDWRQ==
Expand Down Expand Up @@ -6653,10 +6629,10 @@ jest-worker@25.1.0:
merge-stream "^2.0.0"
supports-color "^7.0.0"

jest-worker@^25.1.0:
version "25.2.6"
resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-25.2.6.tgz#d1292625326794ce187c38f51109faced3846c58"
integrity sha512-FJn9XDUSxcOR4cwDzRfL1z56rUofNTFs539FGASpd50RHdb6EVkhxQqktodW2mI49l+W3H+tFJDotCHUQF6dmA==
jest-worker@^26.0.0:
version "26.0.0"
resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-26.0.0.tgz#4920c7714f0a96c6412464718d0c58a3df3fb066"
integrity sha512-pPaYa2+JnwmiZjK9x7p9BoZht+47ecFCDFA/CJxspHzeDvQcfVBLWzCiWyo+EGrSiQMWZtCFo9iSvMZnAAo8vw==
dependencies:
merge-stream "^2.0.0"
supports-color "^7.0.0"
Expand Down Expand Up @@ -8516,7 +8492,7 @@ p-limit@^1.1.0:
dependencies:
p-try "^1.0.0"

p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.2.2, p-limit@^2.3.0:
p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.3.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1"
integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==
Expand Down Expand Up @@ -10300,7 +10276,7 @@ schema-utils@^2.5.0, schema-utils@^2.6.1, schema-utils@^2.6.4, schema-utils@^2.6
ajv "^6.12.0"
ajv-keywords "^3.4.1"

schema-utils@^2.7.0:
schema-utils@^2.6.6, schema-utils@^2.7.0:
version "2.7.0"
resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-2.7.0.tgz#17151f76d8eae67fbbf77960c33c676ad9f4efc7"
integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==
Expand Down Expand Up @@ -10900,14 +10876,6 @@ ssri@^6.0.0, ssri@^6.0.1:
dependencies:
figgy-pudding "^3.5.1"

ssri@^7.0.0:
version "7.1.0"
resolved "https://registry.yarnpkg.com/ssri/-/ssri-7.1.0.tgz#92c241bf6de82365b5c7fb4bd76e975522e1294d"
integrity sha512-77/WrDZUWocK0mvA5NTRQyveUf+wsrIc6vyrxpS8tVvYBcX215QbafrJR3KtkpskIzoFLqqNuuYQvxaMjXJ/0g==
dependencies:
figgy-pudding "^3.5.1"
minipass "^3.1.1"

ssri@^8.0.0:
version "8.0.0"
resolved "https://registry.yarnpkg.com/ssri/-/ssri-8.0.0.tgz#79ca74e21f8ceaeddfcb4b90143c458b8d988808"
Expand Down Expand Up @@ -11314,19 +11282,19 @@ term-size@^2.1.0:
resolved "https://registry.yarnpkg.com/term-size/-/term-size-2.2.0.tgz#1f16adedfe9bdc18800e1776821734086fcc6753"
integrity sha512-a6sumDlzyHVJWb8+YofY4TW112G6p2FCPEAFk+59gIYHv3XHRhm9ltVQ9kli4hNWeQBwSpe8cRN25x0ROunMOw==

terser-webpack-plugin@2.3.5:
version "2.3.5"
resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-2.3.5.tgz#5ad971acce5c517440ba873ea4f09687de2f4a81"
integrity sha512-WlWksUoq+E4+JlJ+h+U+QUzXpcsMSSNXkDy9lBVkSqDn1w23Gg29L/ary9GeJVYCGiNJJX7LnVc4bwL1N3/g1w==
terser-webpack-plugin@3.0.3:
version "3.0.3"
resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-3.0.3.tgz#23bda2687b197f878a743373b9411d917adc2e45"
integrity sha512-bZFnotuIKq5Rqzrs+qIwFzGdKdffV9epG5vDSEbYzvKAhPeR5RbbrQysfPgbIIMhNAQtZD2hGwBfSKUXjXZZZw==
dependencies:
cacache "^13.0.1"
find-cache-dir "^3.2.0"
jest-worker "^25.1.0"
p-limit "^2.2.2"
schema-utils "^2.6.4"
serialize-javascript "^2.1.2"
cacache "^15.0.4"
find-cache-dir "^3.3.1"
jest-worker "^26.0.0"
p-limit "^2.3.0"
schema-utils "^2.6.6"
serialize-javascript "^3.1.0"
source-map "^0.6.1"
terser "^4.4.3"
terser "^4.6.13"
webpack-sources "^1.4.3"

terser-webpack-plugin@^1.4.3:
Expand All @@ -11344,7 +11312,7 @@ terser-webpack-plugin@^1.4.3:
webpack-sources "^1.4.0"
worker-farm "^1.7.0"

terser@4.6.10, terser@^4.1.2, terser@^4.3.8, terser@^4.4.3:
terser@4.6.10, terser@^4.1.2, terser@^4.3.8:
version "4.6.10"
resolved "https://registry.yarnpkg.com/terser/-/terser-4.6.10.tgz#90f5bd069ff456ddbc9503b18e52f9c493d3b7c2"
integrity sha512-qbF/3UOo11Hggsbsqm2hPa6+L4w7bkr+09FNseEe8xrcVD3APGLFqE+Oz1ZKAxjYnFsj80rLOfgAtJ0LNJjtTA==
Expand All @@ -11353,6 +11321,15 @@ terser@4.6.10, terser@^4.1.2, terser@^4.3.8, terser@^4.4.3:
source-map "~0.6.1"
source-map-support "~0.5.12"

terser@^4.6.13:
version "4.7.0"
resolved "https://registry.yarnpkg.com/terser/-/terser-4.7.0.tgz#15852cf1a08e3256a80428e865a2fa893ffba006"
integrity sha512-Lfb0RiZcjRDXCC3OSHJpEkxJ9Qeqs6mp2v4jf2MHfy8vGERmVDuvjXdd/EnP5Deme5F2yBRBymKmKHCBg2echw==
dependencies:
commander "^2.20.0"
source-map "~0.6.1"
source-map-support "~0.5.12"

test-exclude@^5.2.2:
version "5.2.3"
resolved "https://registry.yarnpkg.com/test-exclude/-/test-exclude-5.2.3.tgz#c3d3e1e311eb7ee405e092dac10aefd09091eac0"
Expand Down

0 comments on commit 955904c

Please sign in to comment.