search

utopikkad / my-Todo-List

my fist try on angular 2+
0 stars 0 forks source link

Update dependency @angular/core to v11 [SECURITY] - autoclosed #267

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@angular/core 7.2.16 -> 11.0.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

Release Notes

angular/angular ### [`v11.0.5`](https://togithub.com/angular/angular/blob/HEAD/CHANGELOG.md#​1105-2020-12-16) [Compare Source](https://togithub.com/angular/angular/compare/11.0.4...11.0.5) ##### Bug Fixes - **compiler:** handle strings inside bindings that contain binding characters ([#​39826](https://togithub.com/angular/angular/issues/39826)) ([f5aab2b](https://togithub.com/angular/angular/commit/f5aab2b)), closes [#​39601](https://togithub.com/angular/angular/issues/39601) - **core:** fix possible XSS attack in development through SSR. ([#​40136](https://togithub.com/angular/angular/issues/40136)) ([0aa220b](https://togithub.com/angular/angular/commit/0aa220b)) - **core:** set `ngDevMode` to `false` when calling `enableProdMode()` ([#​40124](https://togithub.com/angular/angular/issues/40124)) ([922f492](https://togithub.com/angular/angular/commit/922f492)) - **upgrade:** fix HMR for hybrid applications ([#​40045](https://togithub.com/angular/angular/issues/40045)) ([c4c7509](https://togithub.com/angular/angular/commit/c4c7509)), closes [#​39935](https://togithub.com/angular/angular/issues/39935) ### [`v11.0.4`](https://togithub.com/angular/angular/blob/HEAD/CHANGELOG.md#​1104-2020-12-09) [Compare Source](https://togithub.com/angular/angular/compare/11.0.3...11.0.4) ##### Bug Fixes - **animations:** implement getPosition in browser animation builder ([#​39983](https://togithub.com/angular/angular/issues/39983)) ([5a765f0](https://togithub.com/angular/angular/commit/5a765f0)) - **compiler-cli:** correct incremental behavior even with broken imports ([#​39967](https://togithub.com/angular/angular/issues/39967)) ([adeeb84](https://togithub.com/angular/angular/commit/adeeb84)) - **compiler-cli:** remove the concept of an errored trait ([#​39967](https://togithub.com/angular/angular/issues/39967)) ([0aa35ec](https://togithub.com/angular/angular/commit/0aa35ec)) - **compiler-cli:** track poisoned scopes with a flag ([#​39967](https://togithub.com/angular/angular/issues/39967)) ([178cc51](https://togithub.com/angular/angular/commit/178cc51)) - **core:** remove application from the testability registry when the root view is removed ([#​39876](https://togithub.com/angular/angular/issues/39876)) ([3680ad1](https://togithub.com/angular/angular/commit/3680ad1)), closes [#​22106](https://togithub.com/angular/angular/issues/22106) - **core:** unsubscribe from the `onError` when the root view is removed ([#​39940](https://togithub.com/angular/angular/issues/39940)) ([35309bb](https://togithub.com/angular/angular/commit/35309bb)) - **language-service:** do not return external template that does not exist ([#​39898](https://togithub.com/angular/angular/issues/39898)) ([6b6fcd7](https://togithub.com/angular/angular/commit/6b6fcd7)) - **language-service:** do not treat file URIs as general URLs ([#​39917](https://togithub.com/angular/angular/issues/39917)) ([829988b](https://togithub.com/angular/angular/commit/829988b)) - **service-worker:** handle error with ErrorHandler ([#​39990](https://togithub.com/angular/angular/issues/39990)) ([588dbd3](https://togithub.com/angular/angular/commit/588dbd3)), closes [#​39913](https://togithub.com/angular/angular/issues/39913) - **upgrade:** avoid memory leak when removing downgraded components ([#​39965](https://togithub.com/angular/angular/issues/39965)) ([97310d3](https://togithub.com/angular/angular/commit/97310d3)), closes [#​26209](https://togithub.com/angular/angular/issues/26209) [#​39911](https://togithub.com/angular/angular/issues/39911) [#​39921](https://togithub.com/angular/angular/issues/39921) ##### Performance Improvements - **animations:** use `ngDevMode` to tree-shake warning ([#​39964](https://togithub.com/angular/angular/issues/39964)) ([72aad32](https://togithub.com/angular/angular/commit/72aad32)) - **common:** use `ngDevMode` to tree-shake warnings ([#​39964](https://togithub.com/angular/angular/issues/39964)) ([bf3de9b](https://togithub.com/angular/angular/commit/bf3de9b)) - **core:** use `ngDevMode` to tree-shake `checkNoChanges` ([#​39964](https://togithub.com/angular/angular/issues/39964)) ([2fbb684](https://togithub.com/angular/angular/commit/2fbb684)) - **core:** use `ngDevMode` to tree-shake warnings ([#​39959](https://togithub.com/angular/angular/issues/39959)) ([1e3534f](https://togithub.com/angular/angular/commit/1e3534f)) - **forms:** use `ngDevMode` to tree-shake `_ngModelWarning` ([#​39964](https://togithub.com/angular/angular/issues/39964)) ([735556d](https://togithub.com/angular/angular/commit/735556d)) ### [`v11.0.3`](https://togithub.com/angular/angular/blob/HEAD/CHANGELOG.md#​1103-2020-12-02) [Compare Source](https://togithub.com/angular/angular/compare/11.0.2...11.0.3) ##### Bug Fixes - **animations:** getAnimationStyle causes exceptions in older browsers ([#​29709](https://togithub.com/angular/angular/issues/29709)) ([cb1d77a](https://togithub.com/angular/angular/commit/cb1d77a)) - **animations:** replace copy of query selector node-list from "spread" to "for" ([#​39646](https://togithub.com/angular/angular/issues/39646)) ([e95cd2a](https://togithub.com/angular/angular/commit/e95cd2a)), closes [#​38551](https://togithub.com/angular/angular/issues/38551) - **common:** Prefer to use pageXOffset / pageYOffset instance of scrollX / scrollY ([#​28262](https://togithub.com/angular/angular/issues/28262)) ([5692607](https://togithub.com/angular/angular/commit/5692607)) - **compiler:** ensure that placeholders have the correct sourceSpan ([#​39717](https://togithub.com/angular/angular/issues/39717)) ([8ec7156](https://togithub.com/angular/angular/commit/8ec7156)), closes [#​39671](https://togithub.com/angular/angular/issues/39671) - **compiler:** report better error on interpolation in an expression ([#​30300](https://togithub.com/angular/angular/issues/30300)) ([6dc74fd](https://togithub.com/angular/angular/commit/6dc74fd)) - **compiler-cli:** report error when a reference target is missing instead of crashing ([#​39805](https://togithub.com/angular/angular/issues/39805)) ([8634611](https://togithub.com/angular/angular/commit/8634611)), closes [#​38618](https://togithub.com/angular/angular/issues/38618) [#​39744](https://togithub.com/angular/angular/issues/39744) - **core:** Ensure OnPush ancestors are marked dirty when events occur ([#​39833](https://togithub.com/angular/angular/issues/39833)) ([01c1bfd](https://togithub.com/angular/angular/commit/01c1bfd)), closes [#​39832](https://togithub.com/angular/angular/issues/39832) - **core:** meta addTag() adds incorrect attribute for httpEquiv ([#​32531](https://togithub.com/angular/angular/issues/32531)) ([3114b0a](https://togithub.com/angular/angular/commit/3114b0a)) - **core:** migration error if program contains files outside the project ([#​39790](https://togithub.com/angular/angular/issues/39790)) ([7dcc212](https://togithub.com/angular/angular/commit/7dcc212)), closes [#​39778](https://togithub.com/angular/angular/issues/39778) - **core:** not invoking object's toString when rendering to the DOM ([#​39843](https://togithub.com/angular/angular/issues/39843)) ([75e22ab](https://togithub.com/angular/angular/commit/75e22ab)), closes [#​38839](https://togithub.com/angular/angular/issues/38839) - **core:** remove duplicated noop function ([#​39761](https://togithub.com/angular/angular/issues/39761)) ([26a1337](https://togithub.com/angular/angular/commit/26a1337)) - **core:** support `Attribute` DI decorator in `deps` section of a token ([#​37085](https://togithub.com/angular/angular/issues/37085)) ([aaa3111](https://togithub.com/angular/angular/commit/aaa3111)), closes [#​36479](https://togithub.com/angular/angular/issues/36479) - **router:** correctly handle string command in outlets ([#​39728](https://togithub.com/angular/angular/issues/39728)) ([50c19a2](https://togithub.com/angular/angular/commit/50c19a2)), closes [#​18928](https://togithub.com/angular/angular/issues/18928) - **router:** remove duplicated getOutlet function ([#​39764](https://togithub.com/angular/angular/issues/39764)) ([df231ad](https://togithub.com/angular/angular/commit/df231ad)) - **service-worker:** correctly handle failed cache-busted request ([#​39786](https://togithub.com/angular/angular/issues/39786)) ([7bf73d7](https://togithub.com/angular/angular/commit/7bf73d7)), closes [#​39775](https://togithub.com/angular/angular/issues/39775) [#​39775](https://togithub.com/angular/angular/issues/39775) ##### DEPRECATIONS - **forms:** Mark the {\[key: string]: any} type for the options property of the FormBuilder.group method as deprecated. Using AbstractControlOptions gives the same functionality and is type-safe. ### [`v11.0.2`](https://togithub.com/angular/angular/blob/HEAD/CHANGELOG.md#​1102-2020-11-19) [Compare Source](https://togithub.com/angular/angular/compare/11.0.1...11.0.2) ##### Bug Fixes - **router:** migration incorrectly replacing deprecated key ([#​39763](https://togithub.com/angular/angular/issues/39763)) ([0237845](https://togithub.com/angular/angular/commit/0237845)), closes [#​38762](https://togithub.com/angular/angular/issues/38762) [#​39755](https://togithub.com/angular/angular/issues/39755) ### [`v11.0.1`](https://togithub.com/angular/angular/blob/HEAD/CHANGELOG.md#​1101-2020-11-18) [Compare Source](https://togithub.com/angular/angular/compare/11.0.0...11.0.1) ##### Bug Fixes - **compiler-cli:** incorrectly type checking calls to implicit template variables ([#​39686](https://togithub.com/angular/angular/issues/39686)) ([e05cfdd](https://togithub.com/angular/angular/commit/e05cfdd)), closes [#​39634](https://togithub.com/angular/angular/issues/39634) \* **compiler-cli:** setComponentScope should only list used components/pipes ([#​39662](https://togithub.com/angular/angular/issues/39662)) ([8d317df](https://togithub.com/angular/angular/commit/8d317df)) \* **core:** handle !important in style property value ([#​39603](https://togithub.com/angular/angular/issues/39603)) ([978f081](https://togithub.com/angular/angular/commit/978f081)), closes [#​35323](https://togithub.com/angular/angular/issues/35323) \* **core:** not inserting ViewContainerRef nodes when inside root of a component ([#​39599](https://togithub.com/angular/angular/issues/39599)) ([20db90a](https://togithub.com/angular/angular/commit/20db90a)), closes [#​39556](https://togithub.com/angular/angular/issues/39556) \* **core:** remove deprecated wtfZoneSpec from NgZone ([#​37864](https://togithub.com/angular/angular/issues/37864)) ([e02bea8](https://togithub.com/angular/angular/commit/e02bea8)), closes [#​33949](https://togithub.com/angular/angular/issues/33949) - **forms:** more precise control cleanup ([#​39623](https://togithub.com/angular/angular/issues/39623)) ([050cea9](https://togithub.com/angular/angular/commit/050cea9)) - **http:** queue jsonp Githubissues.
  • Githubissues is a development platform for aggregating issues.