Skip to content

build(deps): Bump webpack-subresource-integrity and @angular-devkit/build-angular in /owasp-top10-2021-apps/a3/streaming/app/frontend #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): Bump webpack-subresource-integrity and @angular-devkit/build-angular in /owasp-top10-2021-apps/a3/streaming/app/frontend #5

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 20, 2025

Bumps webpack-subresource-integrity to 5.1.0 and updates ancestor dependency @angular-devkit/build-angular. These dependencies need to be updated together.

Updates webpack-subresource-integrity from 1.4.1 to 5.1.0

Release notes

Sourced from webpack-subresource-integrity's releases.

v5.1.0

  • Allow deferred loading of hashes. Specifying the new option hashLoading: "lazy" will cause integrity hashes for any given asset to be defined in its direct parents in the chunk graph. This can lead to duplication of hashes across assets, but can significantly reduce the size of entry chunk(s) when there are a large number of async chunks. (#171)

v5.0.0

No changes compared to v5.0.0-rc.1.

Changes compared to v1.5.2:

BREAKING CHANGES

(See migrating from v1 to v5.)

  • Drop compatibility with Webpack < 5.12.0.
  • Drop compatibility with Node < 10.
  • Drop compatibility with html-webpack-plugin < 5.0.0-beta.1.
  • Drop default export, new named export SubresourceIntegrityPlugin.
  • When integrity for an asset cannot be determined this now emits an error. Previously, a warning was emitted.
  • Option enabled now defaults to "auto", which enables the plugin in all Webpack modes except for development. Previously, the plugin was disabled by default in all modes.

Other Changes

  • Compatibility with html-webpack-plugin 5 and new Webpack 5 asset processing pipeline.
  • Option hashFuncNames now has a default: ["sha384"].
  • All code has been rewritten in TypeScript. We now include TypeScript type definitions inside the package.
  • No longer imports webpack (#150)
  • Warn when using dangerous filename hashes (#162)

v5.0.0-rc.1

  • Warn when using dangerous filename hashes (#162)
  • Minor non-functional changes

v5.0.0-alpha.5

  • Fix handling of chunks with multiple files (#154)
  • Fix stats factory when using real content hash

v5.0.0-alpha.4

  • Fix real content hash generation (#152)

v5.0.0-alpha.3

  • Do not import webpack (#150)

    Adds compatibility with Next.js 10.0.6. Please note that installing this plugin in Next.js is not enough to gain integrity since top-level assets will remain unprotected.

v5.0.0-alpha.2

  • Fix error when a processed tag has no attributes (#147)

v5.0.0-alpha.1

BREAKING CHANGES

  • Drop compatibility with Webpack < 5.12.0.
  • Drop compatibility with Node < 10.

... (truncated)

Commits
  • ad9265e Bump to version 5.1.0
  • d049da4 Lazy hashes follow-up
  • fc7cf19 Add lazyHashes option to define integrity hashes only in direct parents of ...
  • 3d93750 Use npm badge from default tag
  • 40ec3ce Bump to version 5.0.0
  • e5ccea1 Cache puppeteer download
  • b20961f Add daily compatibility CI run
  • f92330d Update test instructions
  • 61cca07 Update homepage link
  • 299be93 Clean up badges
  • Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 0.1001.6 to 19.2.4

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v19.2.4

19.2.4 (2025-03-19)

@​schematics/angular

Commit Description
fix - 0a4e96bda replace @angular/platform-browser-dynamic with @angular/platform-browser

@​angular/build

Commit Description
fix - b0b643e46 ensure errors for missing component resources
fix - 2cd763e89 ensure relative karma stack traces for test failures

v19.2.3

19.2.3 (2025-03-13)

@​angular/build

Commit Description
fix - 5a739820b update babel packages

v19.2.2

19.2.2 (2025-03-12)

@​angular/cli

Commit Description
fix - 0ee24e29b record analytics for nested schematics

@​angular/build

Commit Description
fix - 4575265f0 exclude all entrypoints of a library from prebundling
fix - 83fcffbb7 handle postcss compilation errors gracefully
fix - 78297ee47 provide extract-i18n does not respect
fix - b18b9c8f2 remove duplicate prebundling warning

@​angular/ssr

Commit Description
fix - e6e8ce960 prevent stream draining if write does not return a boolean

v19.2.1

19.2.1 (2025-03-05)

@​schematics/angular

Commit Description
fix - 4c35b5721 prevent accidental deletion of main.ts during application builder migration
fix - d7f9cb578 prevent error when tsconfig file is missing in application builder migration

@​angular-devkit/architect

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

19.2.4 (2025-03-19)

@​schematics/angular

Commit Type Description
0a4e96bda fix replace @angular/platform-browser-dynamic with @angular/platform-browser

@​angular/build

Commit Type Description
b0b643e46 fix ensure errors for missing component resources
2cd763e89 fix ensure relative karma stack traces for test failures

17.3.13 (2025-03-13)

@​angular-devkit/build-angular

Commit Type Description
22901df02 fix update babel packages

19.2.3 (2025-03-13)

@​angular/build

Commit Type Description
5a739820b fix update babel packages

18.2.15 (2025-03-13)

@​angular-devkit/build-angular

Commit Type Description
255c8a50d fix update babel packages

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): Bump webpack-subresource-integrity and @angular-devkit/b…
518ac6d 
…uild-angular

Bumps [webpack-subresource-integrity](https://github.com/waysact/webpack-subresource-integrity) to 5.1.0 and updates ancestor dependency [@angular-devkit/build-angular](https://github.com/angular/angular-cli). These dependencies need to be updated together.


Updates `webpack-subresource-integrity` from 1.4.1 to 5.1.0
- [Release notes](https://github.com/waysact/webpack-subresource-integrity/releases)
- [Changelog](https://github.com/waysact/webpack-subresource-integrity/blob/main/CHANGELOG.md)
- [Commits](waysact/webpack-subresource-integrity@v1.4.1...v5.1.0)

Updates `@angular-devkit/build-angular` from 0.1001.6 to 19.2.4
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular-cli/commits/19.2.4)

---
updated-dependencies:
- dependency-name: webpack-subresource-integrity
  dependency-type: indirect
- dependency-name: "@angular-devkit/build-angular"
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant