fix(@angular/cli): update direct semver dependencies to 7.5.3

All direct usages of the `semver` package have been updated to address GHSA-c2qf-rxjj-qqgw. The `semver` package is only used as a development dependency and not included in built application code within generated projects. This update does not affect any transitive usages of `semver` and any such usages would need to be handled by relevant upstream packages.
angular · Jun 23, 2023 · 3475e02 · 3475e02
1 parent 8108b8c
commit 3475e02
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 18 deletions.
diff --git a/package.json b/package.json
@@ -109,7 +109,7 @@
     "@types/picomatch": "^2.3.0",
     "@types/progress": "^2.0.3",
     "@types/resolve": "^1.17.1",
-    "@types/semver": "^7.3.12",
+    "@types/semver": "^7.5.0",
     "@types/shelljs": "^0.8.11",
     "@types/tar": "^6.1.2",
     "@types/text-table": "^0.2.1",
@@ -189,7 +189,7 @@
     "sass": "1.63.2",
     "sass-loader": "13.3.1",
     "sauce-connect-proxy": "https://saucelabs.com/downloads/sc-4.8.1-linux.tar.gz",
-    "semver": "7.5.1",
+    "semver": "7.5.3",
     "shelljs": "^0.8.5",
     "source-map": "0.7.4",
     "source-map-loader": "4.0.1",

diff --git a/packages/angular/cli/package.json b/packages/angular/cli/package.json
@@ -37,7 +37,7 @@
     "ora": "5.4.1",
     "pacote": "15.2.0",
     "resolve": "1.22.2",
-    "semver": "7.5.1",
+    "semver": "7.5.3",
     "symbol-observable": "4.0.0",
     "yargs": "17.7.2"
   },

diff --git a/packages/angular_devkit/build_angular/package.json b/packages/angular_devkit/build_angular/package.json
@@ -57,7 +57,7 @@
     "rxjs": "7.8.1",
     "sass": "1.63.2",
     "sass-loader": "13.3.1",
-    "semver": "7.5.1",
+    "semver": "7.5.3",
     "source-map-loader": "4.0.1",
     "source-map-support": "0.5.21",
     "terser": "5.17.7",

diff --git a/yarn.lock b/yarn.lock
@@ -4015,7 +4015,7 @@
   dependencies:
     "@types/ws" "*"
 
-"@types/semver@^7.3.12":
+"@types/semver@^7.3.12", "@types/semver@^7.5.0":
   version "7.5.0"
   resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.5.0.tgz#591c1ce3a702c45ee15f47a42ade72c2fd78978a"
   integrity sha512-G8hZ6XJiHnuhQKR7ZmysCeJWE08o8T0AXtk5darsCaTVsYZhhgUrq53jizaR2FvsoeCwJhlmwTjkXBY5Pn/ZHw==
@@ -5843,19 +5843,6 @@ [email protected]:
     postcss "^8.3.7"
     pretty-bytes "^5.3.0"
 
-[email protected]:
-  version "0.0.18"
-  resolved "https://registry.yarnpkg.com/critters/-/critters-0.0.18.tgz#37ea730ee3a1f19844e8099c3fd75b526e1bbcc9"
-  integrity sha512-I7t/da29EIWXgxx2RSW1md1DvenEgEuLlki6nHE5+Nc0e3eib5AuGIGbPVuI8q+erCKkSP9T/NqYfvasAy7x7A==
-  dependencies:
-    chalk "^4.1.0"
-    css-select "^5.1.0"
-    dom-serializer "^2.0.0"
-    domhandler "^5.0.2"
-    htmlparser2 "^8.0.2"
-    postcss "^8.4.23"
-    pretty-bytes "^5.3.0"
-
 [email protected]:
   version "0.0.19"
   resolved "https://registry.yarnpkg.com/critters/-/critters-0.0.19.tgz#15e3a3a0ed77ae4b69c3b2fe29c8e7e87fc77d1b"
@@ -11029,6 +11016,13 @@ [email protected], semver@^7.0.0, semver@^7.1.1, semver@^7.3.5, semver@^7.3.7, semver
   dependencies:
     lru-cache "^6.0.0"
 
+[email protected]:
+  version "7.5.3"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.3.tgz#161ce8c2c6b4b3bdca6caadc9fa3317a4c4fe88e"
+  integrity sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==
+  dependencies:
+    lru-cache "^6.0.0"
+
 semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0:
   version "6.3.0"
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"