Update dependency @angular/core [SECURITY]#238
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
Author
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
370131a to
7f5f42c
Compare
7f5f42c to
9c4f389
Compare
9c4f389 to
19aa17a
Compare
19aa17a to
96ebef0
Compare
96ebef0 to
cff2224
Compare
cff2224 to
47fd0bb
Compare
47fd0bb to
24cc291
Compare
24cc291 to
dc25b4a
Compare
dc25b4a to
cda8af7
Compare
cda8af7 to
01c2bd4
Compare
01c2bd4 to
b68a96b
Compare
b68a96b to
218673a
Compare
21f85cd to
f22e465
Compare
f22e465 to
b8eb10f
Compare
b8eb10f to
6eae2b2
Compare
6eae2b2 to
6647a16
Compare
6647a16 to
00f2d50
Compare
00f2d50 to
e610596
Compare
e610596 to
23bd843
Compare
23bd843 to
e59dddc
Compare
e59dddc to
6923a9b
Compare
6923a9b to
0da7714
Compare
0da7714 to
20515f5
Compare
20515f5 to
bfad0f0
Compare
bfad0f0 to
be51ed9
Compare
be51ed9 to
97b8743
Compare
97b8743 to
16d581f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^6.0.0-rc.0 || ^6.0.0→^6.0.0-rc.0 || ^6.0.0 || ^22.0.07.2.12→10.2.5Angular vulnerable to Cross-site Scripting
CVE-2021-4231 / GHSA-c75v-2vq8-878f
More information
Details
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
angular/angular (@angular/core)
v22.0.5Compare Source
common
compiler-cli
core
router
v22.0.4Compare Source
migrations
v22.0.3Compare Source
compiler
compiler-cli
core
http
service-worker
upgrade
v22.0.2Compare Source
common
compiler
core
http
migrations
v22.0.1Compare Source
Deprecations
platform-server
@angular/platform-serveris deprecated. Use standardfetchAPIs instead.(cherry picked from commit
8446e46)common
compiler
href/xlink:hrefattributes of any element of the MathML namespacecompiler-cli
core
forms
tickadditionalProperties: falseon generated WebMCP formhttp
reportUploadProgressandreportDownloadProgresson post/patch requestslanguage-service
platform-server
router
service-worker
v22.0.0Compare Source
Blog post "Announcing Angular v22".
Breaking Changes
compiler
nullishCoalescingNotNullableandoptionalChainNotNullablediagnostics on exisiting projects.You might want to disable those 2 diagnotiscs in your
tsconfigtemporarily.invariables will throw in template expressions.compiler-cli
core
anyanymore. Make sure the element you pass is not nullable.changeDetectionproperty are nowOnPushby default. SpecifychangeDetection: ChangeDetectionStrategy.Eagerto keep the previous behavior.ChangeDetectorRef.checkNoChangeswas removed. In tests usefixture.detectChanges()instead.createNgModuleRefwas removed, usecreateNgModuleinsteadComponentFactoryResolverandComponentFactoryare no longer available. Pass the component class directly to APIs that previously required a factory, such asViewContainerRef.createComponentor use the standalonecreateComponentFunction.ComponentFactoryResolverandComponentFactoryare no longer available. Pass the component class directly to APIs that previously required a factory, such asViewContainerRef.createComponentor use the standalonecreateComponentfunction.forms
minandmaxvalidation rules no longer supportstring values. Bound values must be numbers or null.
http
HttpXhrBackendwithprovideHttpClient(withXhr)if you want to keep supporting upload progress reports.platform-browser
host. However other DOM on the page may still be affected by those styles if not leveragingViewEncapsulation.Emulatedor if those styles are used by elements outside of Angular, potentially causing other DOM to appear unstyled.router
The return type for
TitleStrategy.getResolvedTitleForRoutewas previously 'any' while the actual return type could only be either
stringor
undefined. The return type now reflects the possible values correctly.Code that reads the value may need to be adjusted.
(cherry picked from commit
ad37f52)The
currentSnapshotparameter inCanMatchFnand thecanMatchmethod of theCanMatchinterface is now required. While this was already the behavior of the Router at runtime, existing class implementations ofCanMatchmust now include the third argument to satisfy the interface.paramsInheritanceStrategy now defaults to 'always'
The default value of paramsInheritanceStrategy has been changed from 'emptyOnly' to 'always'. This means that route parameters are inherited from all parent routes by default. To restore the previous behavior, set paramsInheritanceStrategy to 'emptyOnly' in your router configuration.
provideRoutes()has been removed. UseprovideRouter()orROUTESas multi token if necessary.upgrade
getAngularLib/setAngularLibhave been removed usegetAngularJSGlobal/setAngularJSGlobalinstead.Deprecations
http
withFetchis now deprecated, it can be safely removed.reportProgressoption is deprecated please usereportUploadProgress&reportDownloadProgressinstead.compiler
undefineddata-attributescompiler-cli
core
IdleRequestOptionssupport toIdleServiceprovideWebMcpToolsinjectAsynchelper functionprovideHttpClientto keep using theHttpXhrBackendimplementation.ChangeDetectionStrategy.Eagerwhere applicableApplicationRefwith configdeclareWebMcpToolsupport@ServicedecoratorcheckNoChangesfrom the public API.createNgModuleRefforms
reloadValidationto Signal Forms to manually trigger async validationto`FormRootto be used without submission options (#67727)SignalFormsConfigto a readonly APItouchedmodel into an input andtouchoutputsetValuein reactive formsConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.