Skip to content

fix(@angular-devkit/build-angular): update terser to address CVE-2022-25858 #23604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 20, 2022
Merged

fix(@angular-devkit/build-angular): update terser to address CVE-2022-25858 #23604

merged 1 commit into from
Jul 20, 2022

Conversation

@alan-agius4
Copy link
Collaborator

@alan-agius4 alan-agius4 commented Jul 20, 2022

While this vulnerability cannot be exploited through the Angular CLI as we don't expect it to be run on production servers. We update terser to remove the unnecessary vulnerability noise.

Closes #23593

@alan-agius4
fix(@angular-devkit/build-angular): update terser to address CVE-2022…
3d0b6fe 
…-25858

While this vulnerability cannot be exploited through the Angular CLI as we don't expect it to be run on production servers. We update terser to remove the unnecessary vulnerability noise.

Closes angular#23593
@alan-agius4 alan-agius4 added target: lts This PR is targeting a version currently in long-term support action: review The PR is still awaiting reviews from at least one requested reviewer labels Jul 20, 2022
@alan-agius4 alan-agius4 requested a review from clydin July 20, 2022 08:14
@alan-agius4 alan-agius4 linked an issue Jul 20, 2022 that may be closed by this pull request
13.3.8 build_angular uses vulnerable terser 5.11.0: CVE-2022-25858 #23593
Closed
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Jul 20, 2022
@clydin clydin merged commit 0d62716 into angular:13.3.x Jul 20, 2022
@alan-agius4 alan-agius4 deleted the terser-error branch July 20, 2022 15:19
@alan-agius4 alan-agius4 mentioned this pull request Jul 20, 2022
Closed
@angular-automatic-lock-bot
Copy link

angular-automatic-lock-bot bot commented Aug 20, 2022

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Aug 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@clydin clydin clydin approved these changes

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

13.3.8 build_angular uses vulnerable terser 5.11.0: CVE-2022-25858

2 participants

@alan-agius4 @clydin