fix(@angular-devkit/build-angular): update webpack to 5.105.0

This the below security security issues:
GHSA-8fgc-7cc6-rx7x
GHSA-38r7-794h-5758

Closes: #32465

Author: alan-agius4

goldens/public-api/angular_devkit/build_webpack/index.api.md

@@ -7,8 +7,8 @@
 import { BuilderContext } from '@angular-devkit/architect';
 import { BuilderOutput } from '@angular-devkit/architect';
 import { Observable } from 'rxjs';
-import webpack from 'webpack';
-import WebpackDevServer from 'webpack-dev-server';
+import type webpack from 'webpack';
+import type WebpackDevServer from 'webpack-dev-server';
 
 // @public (undocumented)
 export type BuildResult = BuilderOutput & {
@@ -65,7 +65,7 @@ export type WebpackDevServerFactory = typeof WebpackDevServer;
 // @public (undocumented)
 export interface WebpackFactory {
     // (undocumented)
-    (config: webpack.Configuration): Observable<webpack.Compiler> | webpack.Compiler;
+    (config: webpack.Configuration): Observable<webpack.Compiler | null> | webpack.Compiler | null;
 }
 
 // @public (undocumented)

package.json

@@ -203,7 +203,7 @@
     "verdaccio-auth-memory": "^10.0.0",
     "vite": "6.4.1",
     "watchpack": "2.4.2",
-    "webpack": "5.98.0",
+    "webpack": "5.105.0",
     "webpack-dev-middleware": "7.4.2",
     "webpack-dev-server": "5.2.2",
     "webpack-merge": "6.0.1",

packages/angular_devkit/build_angular/package.json

@@ -56,7 +56,7 @@
     "terser": "5.39.0",
     "tree-kill": "1.2.2",
     "tslib": "2.8.1",
-    "webpack": "5.98.0",
+    "webpack": "5.105.0",
     "webpack-dev-middleware": "7.4.2",
     "webpack-dev-server": "5.2.2",
     "webpack-merge": "6.0.1",

packages/angular_devkit/build_angular/src/tools/webpack/plugins/css-optimizer-plugin.ts

@@ -131,7 +131,7 @@ export class CssOptimizerPlugin {
   private optimize(
     input: string,
     name: string,
-    inputMap: object,
+    inputMap: object | null,
     target: string[] | undefined,
   ): Promise<TransformResult> {
     let sourceMapLine;

packages/angular_devkit/build_angular/src/tools/webpack/plugins/index-html-webpack-plugin.ts

@@ -60,7 +60,7 @@ export class IndexHtmlWebpackPlugin extends IndexHtmlGenerator {
             }
 
             files.push({
-              name: chunk.name,
+              name: chunk.name ?? undefined,
               file,
               extension: extname(file),
             });

packages/angular_devkit/build_angular/src/tools/webpack/plugins/karma/karma.ts

@@ -10,6 +10,7 @@
 // TODO: cleanup this file, it's copied as is from Angular CLI.
 import * as http from 'http';
 import * as path from 'path';
+import assert from 'node:assert';
 import webpack from 'webpack';
 import webpackDevMiddleware from 'webpack-dev-middleware';
 
@@ -142,6 +143,8 @@ const init: any = (config: any, emitter: any) => {
     callback?.();
   }
 
+  assert(compiler, 'Compiler cannot be undefined.');
+
   compiler.hooks.invalid.tap('karma', () => handler());
   compiler.hooks.watchRun.tapAsync('karma', (_: any, callback: () => void) => handler(callback));
   compiler.hooks.run.tapAsync('karma', (_: any, callback: () => void) => handler(callback));

packages/angular_devkit/build_angular/src/tools/webpack/plugins/remove-hash-plugin.ts

@@ -19,7 +19,7 @@ export class RemoveHashPlugin {
 
   apply(compiler: Compiler): void {
     compiler.hooks.compilation.tap('remove-hash-plugin', (compilation) => {
-      const assetPath = (path: string, data: { chunk?: { name: string } }) => {
+      const assetPath = (path: string, data: { chunk?: { name?: string | null } }) => {
         const chunkName = data.chunk?.name;
         const { chunkNames, hashFormat } = this.options;
 

packages/angular_devkit/build_angular/src/utils/process-bundle.ts

@@ -240,7 +240,8 @@ async function inlineLocalesDirect(ast: ParseResult, options: InlineOptions) {
   for (const locale of i18n.inlineLocales) {
     const content = new ReplaceSource(
       inputMap
-        ? new SourceMapSource(options.code, options.filename, inputMap)
+        ? // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          new SourceMapSource(options.code, options.filename, inputMap as any)
         : new OriginalSource(options.code, options.filename),
     );
 

packages/angular_devkit/build_webpack/src/builders/webpack-dev-server/index.ts

@@ -7,10 +7,11 @@
  */
 
 import { Builder, BuilderContext, createBuilder } from '@angular-devkit/architect';
+import assert from 'node:assert';
 import { resolve as pathResolve } from 'node:path';
 import { Observable, from, isObservable, of, switchMap } from 'rxjs';
-import webpack from 'webpack';
-import WebpackDevServer from 'webpack-dev-server';
+import type webpack from 'webpack';
+import type WebpackDevServer from 'webpack-dev-server';
 import { getEmittedFiles, getWebpackConfig } from '../../utils';
 import { BuildResult, WebpackFactory, WebpackLoggingCallback } from '../webpack';
 import { Schema as WebpackDevServerBuilderSchema } from './schema';
@@ -43,7 +44,7 @@ export function runWebpackDevServer(
         return of(result);
       }
     } else {
-      return of(webpack(c));
+      return from(import('webpack').then((mod) => mod.default(c)));
     }
   };
 
@@ -53,9 +54,9 @@ export function runWebpackDevServer(
   ) => {
     if (options.webpackDevServerFactory) {
       return new options.webpackDevServerFactory(config, webpack);
+    } else {
+      return from(import('webpack-dev-server').then((mod) => new mod.default(config, webpack)));
     }
-
-    return new WebpackDevServer(config, webpack);
   };
 
   const {
@@ -69,14 +70,21 @@ export function runWebpackDevServer(
   } = options;
 
   return createWebpack({ ...config, watch: false }).pipe(
+    switchMap(async (webpackCompiler) => {
+      return [
+        webpackCompiler,
+        options.webpackDevServerFactory ?? (await import('webpack-dev-server')).default,
+      ] as unknown as [webpack.Compiler | null, WebpackDevServerFactory];
+    }),
     switchMap(
-      (webpackCompiler) =>
+      ([webpackCompiler, webpackDevServerFactory]) =>
         new Observable<DevServerBuildOutput>((obs) => {
+          assert(webpackCompiler, 'Webpack compiler factory did not return a compiler instance.');
+
           const devServerConfig = options.devServerConfig || config.devServer || {};
           devServerConfig.host ??= 'localhost';
 
           let result: Partial<DevServerBuildOutput>;
-
           const statsOptions = typeof config.stats === 'boolean' ? undefined : config.stats;
 
           webpackCompiler.hooks.done.tap('build-webpack', (stats) => {
@@ -91,7 +99,7 @@ export function runWebpackDevServer(
             } as unknown as DevServerBuildOutput);
           });
 
-          const devServer = createWebpackDevServer(webpackCompiler, devServerConfig);
+          const devServer = new webpackDevServerFactory(devServerConfig, webpackCompiler);
           devServer.startCallback((err) => {
             if (err) {
               obs.error(err);

packages/angular_devkit/build_webpack/src/builders/webpack/index.ts

@@ -7,9 +7,10 @@
  */
 
 import { Builder, BuilderContext, BuilderOutput, createBuilder } from '@angular-devkit/architect';
+import assert from 'node:assert';
 import { resolve as pathResolve } from 'node:path';
 import { Observable, from, isObservable, of, switchMap } from 'rxjs';
-import webpack from 'webpack';
+import type webpack from 'webpack';
 import { EmittedFiles, getEmittedFiles, getWebpackConfig } from '../../utils';
 import { Schema as RealWebpackBuilderSchema } from './schema';
 
@@ -19,7 +20,7 @@ export interface WebpackLoggingCallback {
   (stats: webpack.Stats, config: webpack.Configuration): void;
 }
 export interface WebpackFactory {
-  (config: webpack.Configuration): Observable<webpack.Compiler> | webpack.Compiler;
+  (config: webpack.Configuration): Observable<webpack.Compiler | null> | webpack.Compiler | null;
 }
 
 export type BuildResult = BuilderOutput & {
@@ -56,14 +57,16 @@ export function runWebpack(
         return of(result);
       }
     } else {
-      return of(webpack(c));
+      return from(import('webpack').then((mod) => mod.default(c)));
     }
   };
 
   return createWebpack({ ...config, watch: false }).pipe(
     switchMap(
       (webpackCompiler) =>
         new Observable<BuildResult>((obs) => {
+          assert(webpackCompiler, 'Webpack compiler factory did not return a compiler instance.');
+
           const callback = (err?: Error | null, stats?: webpack.Stats) => {
             if (err) {
               return obs.error(err);
@@ -101,7 +104,7 @@ export function runWebpack(
 
               // Teardown logic. Close the watcher when unsubscribed from.
               return () => {
-                watching.close(() => {});
+                watching?.close(() => {});
                 webpackCompiler.close(() => {});
               };
             } else {