New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency @angular/core to v10 [SECURITY] #708

Open

renovate wants to merge 1 commit into master from renovate/npm-angular-core-vulnerability

Contributor

renovate bot commented Aug 6, 2024 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@angular/core (source)	`7.2.16` -> `10.2.5`

GitHub Vulnerability Alerts

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

Release Notes

angular/angular (@angular/core)

`v10.2.5`

`v10.2.4`

`v10.2.3`

`v10.2.2`

`v10.2.1`

`v10.2.0`

`v10.1.6`

`v10.1.5`

`v10.1.4`

`v10.1.3`

`v10.1.2`

`v10.1.1`

`v10.1.0`

`v10.0.14`

`v10.0.13`

`v10.0.12`

`v10.0.11`

`v10.0.10`

`v10.0.9`

`v10.0.8`

`v10.0.7`

`v10.0.6`

`v10.0.5`

`v10.0.4`

`v10.0.3`

`v10.0.2`

`v10.0.1`

`v10.0.0`

`v9.1.13`

`v9.1.12`

`v9.1.11`

`v9.1.10`

`v9.1.9`

`v9.1.8`

`v9.1.7`

`v9.1.6`

`v9.1.5`

`v9.1.4`

`v9.1.3`

`v9.1.2`

`v9.1.1`

`v9.1.0`

`v9.0.7`

`v9.0.6`

`v9.0.5`

`v9.0.4`

`v9.0.3`

`v9.0.2`

`v9.0.1`

`v9.0.0`

`v8.2.14`

`v8.2.13`

`v8.2.12`

`v8.2.11`

`v8.2.10`

`v8.2.9`

`v8.2.8`

`v8.2.7`

`v8.2.6`

`v8.2.5`

`v8.2.4`

`v8.2.3`

`v8.2.2`

`v8.2.1`

`v8.2.0`

`v8.1.3`

`v8.1.2`

`v8.1.1`

`v8.1.0`

`v8.0.3`

`v8.0.2`

`v8.0.1`

`v8.0.0`

Breaking Changes

router

Providers available to the routed components always
come from the injector heirarchy of the routes and never inherit from
the RouterOutlet. This means that providers available only to the
component that defines the RouterOutlet will no longer be available to
route components in any circumstances. This was already the case
whenever routes defined providers, either through lazy loading an
NgModule or through explicit providers on the route config.

compiler

Commit	Type	Description
f824911510	fix	For `FatalDiagnosticError`, hide the `message` field without affecting the emit (#55160)

compiler-cli

Commit	Type	Description
c04ffb1fa6	fix	use switch statements to narrow Angular switch blocks (#55168)

core

Commit	Type	Description
666d646575	feat	Add event delegation library to queue up events and replay them when the application is ready (#55121)
146306a141	feat	add support for i18n hydration (#54823)
840c375255	fix	do not save point-in-time `setTimeout` and `rAF` references (#55124)
231e0a3528	fix	handle `ChainedInjector`s in injector debug utils (#55144)
a5fa279b6e	fix	prevent i18n hydration from cleaning projected nodes (#54823)
f44a5e4604	fix	support content projection and VCRs in i18n (#54823)
914e4530b0	fix	test cleanup should not throw if Zone is not present (#55096)
a99cb7ce5b	fix	zoneless scheduler should check if Zone is defined before accessing it (#55118)

forms

Commit	Type	Description
1c736dc3b2	feat	Unified Control State Change Events (#54579)

language-service

Commit	Type	Description
a48afe0d94	fix	avoid generating TS syntactic diagnostics for templates (#55091)

migrations

Commit	Type	Description
0c20c4075a	fix	avoid conflicts with some greek letters in control flow migration (#55113)

platform-browser

Commit	Type	Description
45ae7a6b60	feat	add withI18nSupport() in developer preview (#55130)

router

Commit	Type	Description
87f3f27f90	feat	Allow resolvers to return `RedirectCommand` (#54556)
3839cfbb18	fix	Routed components never inherit `RouterOutlet` `EnvironmentInjector` (#54265)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          Update dependency @angular/core to v10 [SECURITY]

4d1e9f1

renovate bot added the dependencies label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels