From 3475e0281da3298f288a5f8836155c0b8c971372 Mon Sep 17 00:00:00 2001 From: Charles Lyding <19598772+clydin@users.noreply.github.com> Date: Fri, 23 Jun 2023 11:10:36 -0400 Subject: [PATCH] fix(@angular/cli): update direct `semver` dependencies to 7.5.3 All direct usages of the `semver` package have been updated to address https://github.com/advisories/GHSA-c2qf-rxjj-qqgw. The `semver` package is only used as a development dependency and not included in built application code within generated projects. This update does not affect any transitive usages of `semver` and any such usages would need to be handled by relevant upstream packages. --- package.json | 4 ++-- packages/angular/cli/package.json | 2 +- .../angular_devkit/build_angular/package.json | 2 +- yarn.lock | 22 +++++++------------ 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/package.json b/package.json index 19afecddc959..95c3c04d0ac5 100644 --- a/package.json +++ b/package.json @@ -109,7 +109,7 @@ "@types/picomatch": "^2.3.0", "@types/progress": "^2.0.3", "@types/resolve": "^1.17.1", - "@types/semver": "^7.3.12", + "@types/semver": "^7.5.0", "@types/shelljs": "^0.8.11", "@types/tar": "^6.1.2", "@types/text-table": "^0.2.1", @@ -189,7 +189,7 @@ "sass": "1.63.2", "sass-loader": "13.3.1", "sauce-connect-proxy": "https://saucelabs.com/downloads/sc-4.8.1-linux.tar.gz", - "semver": "7.5.1", + "semver": "7.5.3", "shelljs": "^0.8.5", "source-map": "0.7.4", "source-map-loader": "4.0.1", diff --git a/packages/angular/cli/package.json b/packages/angular/cli/package.json index 1dda0ab4ccf6..7d5928b8e547 100644 --- a/packages/angular/cli/package.json +++ b/packages/angular/cli/package.json @@ -37,7 +37,7 @@ "ora": "5.4.1", "pacote": "15.2.0", "resolve": "1.22.2", - "semver": "7.5.1", + "semver": "7.5.3", "symbol-observable": "4.0.0", "yargs": "17.7.2" }, diff --git a/packages/angular_devkit/build_angular/package.json b/packages/angular_devkit/build_angular/package.json index 372e11393002..eb1a1fe1fe51 100644 --- a/packages/angular_devkit/build_angular/package.json +++ b/packages/angular_devkit/build_angular/package.json @@ -57,7 +57,7 @@ "rxjs": "7.8.1", "sass": "1.63.2", "sass-loader": "13.3.1", - "semver": "7.5.1", + "semver": "7.5.3", "source-map-loader": "4.0.1", "source-map-support": "0.5.21", "terser": "5.17.7", diff --git a/yarn.lock b/yarn.lock index bc03b547fcf7..3f43796b90bc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4015,7 +4015,7 @@ dependencies: "@types/ws" "*" -"@types/semver@^7.3.12": +"@types/semver@^7.3.12", "@types/semver@^7.5.0": version "7.5.0" resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.5.0.tgz#591c1ce3a702c45ee15f47a42ade72c2fd78978a" integrity sha512-G8hZ6XJiHnuhQKR7ZmysCeJWE08o8T0AXtk5darsCaTVsYZhhgUrq53jizaR2FvsoeCwJhlmwTjkXBY5Pn/ZHw== @@ -5843,19 +5843,6 @@ critters@0.0.16: postcss "^8.3.7" pretty-bytes "^5.3.0" -critters@0.0.18: - version "0.0.18" - resolved "https://registry.yarnpkg.com/critters/-/critters-0.0.18.tgz#37ea730ee3a1f19844e8099c3fd75b526e1bbcc9" - integrity sha512-I7t/da29EIWXgxx2RSW1md1DvenEgEuLlki6nHE5+Nc0e3eib5AuGIGbPVuI8q+erCKkSP9T/NqYfvasAy7x7A== - dependencies: - chalk "^4.1.0" - css-select "^5.1.0" - dom-serializer "^2.0.0" - domhandler "^5.0.2" - htmlparser2 "^8.0.2" - postcss "^8.4.23" - pretty-bytes "^5.3.0" - critters@0.0.19: version "0.0.19" resolved "https://registry.yarnpkg.com/critters/-/critters-0.0.19.tgz#15e3a3a0ed77ae4b69c3b2fe29c8e7e87fc77d1b" @@ -11029,6 +11016,13 @@ semver@7.5.1, semver@^7.0.0, semver@^7.1.1, semver@^7.3.5, semver@^7.3.7, semver dependencies: lru-cache "^6.0.0" +semver@7.5.3: + version "7.5.3" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.3.tgz#161ce8c2c6b4b3bdca6caadc9fa3317a4c4fe88e" + integrity sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ== + dependencies: + lru-cache "^6.0.0" + semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0: version "6.3.0" resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"