Update webpack-subresource-integrity library to the latest version

[Michael-Ziluck]

Could you please update "webpack-subresource-integrity" library version in order to fix security vulnerability:

All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.

Vulnerable versions: < 1.5.1
Patched version: 1.5.1

References
waysact/webpack-subresource-integrity#131

This was also requested in #19188 by @ashkue but was closed due to inactivity.

[alan-agius4]

@Michael-Ziluck, can you please indicate which Angular CLI version is effected?. I am not seeing any dependency on version 1.5.0 which is the version that the vulnerability was introduced based on GHSA-4fc4-chg7-h8gh

[clydin]

#19188 was actually locked due to inactivity after it was closed by the original author.

Per the advisory (GHSA-4fc4-chg7-h8gh), only version 1.5.0 is affected. No current stable version of the Angular CLI uses version 1.5.0 of the webpack-subresource-integrity package. The latest version of 9.x uses version 1.4.0, 10.x uses version 1.4.1, and 11.x uses version 1.5.1.

[pavelsource]

@clydin is right, I closed my issue after I found out that changes were already applied and were ready for the next release.

[alan-agius4]

Closing as per above.

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}