Skip to content

fix(deps): update dependency @angular/core to v10 [security] #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency @angular/core to v10 [security] #27

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@angular/core (source) ^9.1.0^10.0.0 age confidence

GitHub Vulnerability Alerts

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

Release Notes

angular/angular (@​angular/core)

v10.2.5

Compare Source

v10.2.4

Compare Source

v10.2.3

Compare Source

v10.2.2

Compare Source

v10.2.1

Compare Source

v10.2.0

Compare Source

v10.1.6

Compare Source

v10.1.5

Compare Source

v10.1.4

Compare Source

v10.1.3

Compare Source

v10.1.2

Compare Source

v10.1.1

Compare Source

v10.1.0

Compare Source

v10.0.14

Compare Source

v10.0.13

Compare Source

v10.0.12

Compare Source

v10.0.11

Compare Source

v10.0.10

Compare Source

v10.0.9

Compare Source

v10.0.8

Compare Source

v10.0.7

Compare Source

v10.0.6

Compare Source

v10.0.5

Compare Source

v10.0.4

Compare Source

v10.0.3

Compare Source

v10.0.2

Compare Source

v10.0.1

Compare Source

v10.0.0

Compare Source

v9.1.13

Compare Source

v9.1.12

Compare Source

v9.1.11

Compare Source

v9.1.10

Compare Source

v9.1.9

Compare Source

v9.1.8

Compare Source

benchpress
Commit Type Description
f0990c67e6 fix Ensure future-proof correct initialization order (#​60025)
common
Commit Type Description
1fbaeab37d fix make types for HttpClient more readable (#​59901)
core
Commit Type Description
c611c8d212 fix capture stack for HMR errors (#​60067)
language-service
Commit Type Description
4c9d09c643 fix provide correct rename info for elements (#​60088)

v9.1.7

Compare Source

common
Commit Type Description
e9f10eb4c9 fix clean up urlChanges subscribers when root scope is destroyed (#​59703)
compiler-cli
Commit Type Description
16fc074689 fix avoid crash in isolated transform operations (#​59869)
forms
Commit Type Description
ec1e4c3d94 fix Fix typing on FormRecord. (#​59993)

v9.1.6

Compare Source

compiler
Commit Type Description
01f669a274 fix handle tracking expressions requiring temporary variables (#​58520)
compiler-cli
Commit Type Description
dcfb9f1959 fix handle deferred blocks with shared dependencies correctly (#​59926)
core
Commit Type Description
cab7a9b69c fix invalidate HMR component if replacement throws an error (#​59854)
migrations
Commit Type Description
710759ddcc fix account for let declarations in control flow migration (#​59861)
46f36a58bf fix count used dependencies inside existing control flow (#​59861)

v9.1.5

Compare Source

compiler-cli
Commit Type Description
d7b5c597ffc fix gracefully fall back if const enum cannot be passed through (#​59815)
53a4668b58b fix handle const enums used inside HMR data (#​59815)
976125e0b4c fix handle enum members without initializers in partial evaluator (#​59815)

v9.1.4

Compare Source

core
Commit Type Description
544b9ee7ca0 fix check whether application is destroyed before printing hydration stats (#​59716)
d6e78c072dc fix ensure type is preserved during HMR (#​59700)
c2436702df9 fix fixes test timer-based test flakiness in CI (#​59674)
elements
Commit Type Description
44180645992 fix not setting initial value on signal-based input (#​59773)
platform-browser
Commit Type Description
1828a840620 fix prepend baseHref to sourceMappingURL in CSS content (#​59730)
1c84cbca30e fix Update pseudoevent created by createMouseSpecialEvent to populate _originalEvent property (#​59690)
12256574626 fix Update pseudoevent created by createMouseSpecialEvent to populate _originalEvent property (#​59690)
3f4d5f636aa fix Update pseudoevent created by createMouseSpecialEvent to populate _originalEvent property (#​59690)
router
Commit Type Description
e3da35ec749 fix prevent error handling when injector is destroyed (#​59457)
service-worker
Commit Type Description
522acbf3d7e fix add missing rxjs peer dependency (#​59747)

v9.1.3

Compare Source

compiler
Commit Type Description
ecfb74d287 fix handle :host-context with comma-separated child selector (#​59276)
compiler-cli
Commit Type Description
53160e504d fix extract parenthesized dependencies during HMR (#​59644)
39690969af fix handle conditional expressions when extracting dependencies (#​59637)
78af7a5059 fix handle new expressions when extracting dependencies (#​59637)
core
Commit Type Description
408af24ff3 fix capture self-referencing component during HMR (#​59644)
d7575c201c fix replace metadata in place during HMR (#​59644)
26f6d4c485 fix skip component ID collision warning during SSR (#​59625)
migrations
Commit Type Description
a62c84bc18 fix avoid applying the same replacements twice when cleaning up unused imports (#​59656)
platform-browser
Commit Type Description
b2b3816cb1 fix clear renderer cache during HMR when using async animations (#​59644)

v9.1.2

Compare Source

compiler
Commit Type Description
8dcd889987 fix update @ng/component URL to be relative (#​59620)
compiler-cli
Commit Type Description
95a05bb202 fix disable tree shaking during HMR (#​59595)
core
Commit Type Description
a4eb74c79c fix animation sometimes renderer not being destroyed during HMR (#​59574)
906413aba3 fix change Resource to use explicit undefined in its typings (#​59024)
4eb541837c fix cleanup _ejsa when app is destroyed (#​59492)
5497102769 fix cleanup stash listener when app is destroyed (#​59598)
266a8f2f2e fix handle shadow DOM encapsulated component with HMR (#​59597)
6f7716268a fix HMR not matching component that injects ViewContainerRef (#​59596)
d12a186d53 fix treat exceptions in equal as part of computation (#​55818)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Contributor Author

renovate bot commented Aug 6, 2024
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @angular/animations@9.1.1
npm error Found: @angular/core@10.2.5
npm error node_modules/@angular/core
npm error   @angular/core@"^10.0.0" from the root project
npm error   peer @angular/core@">=8.0.0" from @ngx-translate/core@12.1.2
npm error   node_modules/@ngx-translate/core
npm error     @ngx-translate/core@"^12.0.0" from the root project
npm error   2 more (angulartics2, jest-preset-angular)
npm error
npm error Could not resolve dependency:
npm error peer @angular/core@"9.1.1" from @angular/animations@9.1.1
npm error node_modules/@angular/animations
npm error   @angular/animations@"^9.1.0" from the root project
npm error   peerOptional @angular/animations@"9.1.1" from @angular/platform-browser@9.1.1
npm error   node_modules/@angular/platform-browser
npm error     @angular/platform-browser@"^9.1.0" from the root project
npm error     3 more (@angular/forms, @angular/platform-browser-dynamic, @angular/router)
npm error
npm error Conflicting peer dependency: @angular/core@9.1.1
npm error node_modules/@angular/core
npm error   peer @angular/core@"9.1.1" from @angular/animations@9.1.1
npm error   node_modules/@angular/animations
npm error     @angular/animations@"^9.1.0" from the root project
npm error     peerOptional @angular/animations@"9.1.1" from @angular/platform-browser@9.1.1
npm error     node_modules/@angular/platform-browser
npm error       @angular/platform-browser@"^9.1.0" from the root project
npm error       3 more (@angular/forms, @angular/platform-browser-dynamic, @angular/router)
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-01-19T17_54_48_707Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-01-19T17_54_48_707Z-debug-0.log

@vercel
Copy link

vercel bot commented Aug 6, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
outlet ❌ Failed (Inspect) Jul 3, 2025 1:33am

@dmnktoe dmnktoe removed their assignment Jun 13, 2025
@renovate renovate bot force-pushed the renovate/npm-angular-core-vulnerability branch from ad33154 to 6e231ec Compare July 3, 2025 01:17
@coderabbitai
Copy link

coderabbitai bot commented Jul 3, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies npm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dmnktoe