Skip to content
This repository has been archived by the owner on Jul 28, 2023. It is now read-only.

Bump angular from 1.4.9 to 1.8.0 #756

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump angular from 1.4.9 to 1.8.0 #756

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 18, 2020
edited
Loading

Bumps angular from 1.4.9 to 1.8.0.

Changelog

Sourced from angular's changelog.

1.8.0 nested-vaccination (2020-06-01)

This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(@koto); and independently by Esben Sparre Andreasen (@esbena) while performing a Variant Analysis of CVE-2020-11022 which itself was found and reported by Masato Kinugawa (@masatokinugawa).

Bug Fixes

  • jqLite:
    • prevent possible XSS due to regex-based HTML replacement (2df43c)

Breaking Changes

jqLite due to:

  • 2df43c: prevent possible XSS due to regex-based HTML replacement

JqLite no longer turns XHTML-like strings like <div /><span /> to sibling elements <div></div><span></span> when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to: <div><span></span></div>.

This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling

angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement();

But you should adjust your code for this change and remove your use of this function as soon as possible.

Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the jQuery 3.5 upgrade guide for more details about the workarounds.

1.7.9 pollution-eradication (2019-11-19)

Bug Fixes

1.7.8 enthusiastic-oblation (2019-03-11)

... (truncated)
Commits
  • e55d352 docs(*): update changelog for 1.8.0
  • 78ab691 chore(*): prep for 1.8.0
  • 59b5651 docs(ngRepeat): missing closing backtick
  • c8b7c16 fix(jqLite): improve documentation
  • 05cf606 fix(jqLite): apply suggestions from code review
  • 2df43c0 fix(jqLite): prevent possible XSS due to regex-based HTML replacement
  • 295213d chore(*): clean up package.json and CircleCI config
  • a31c207 chore(docs-app): remove document.write() from docs index.html
  • 2518966 fix(grunt-utils): insert the core CSS styles without using innerHTML
  • 7de25c8 chore(ci): ensure that deployment files are ready for deployment
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by petebacondarwin, a new releaser for angular since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 18, 2020
@dependabot dependabot bot mentioned this pull request Jun 18, 2020
Closed
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch from 9927867 to 5c31a4b Compare July 1, 2020 14:11
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch 2 times, most recently from 317bad3 to 1b8bd24 Compare July 16, 2020 08:23
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch 3 times, most recently from 70e8a84 to a38bf20 Compare July 27, 2020 11:52
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch from a38bf20 to ca93e7d Compare August 18, 2020 08:54
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch 2 times, most recently from 13042d6 to cfa7ecf Compare September 23, 2020 14:33
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch 2 times, most recently from 87509d1 to 1c397fe Compare October 8, 2020 16:17
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch 5 times, most recently from 5a92ecc to 7078134 Compare October 20, 2020 10:43
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch from 7078134 to c3e1223 Compare October 28, 2020 09:31
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch from c3e1223 to 7aff814 Compare November 26, 2020 08:31
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch from 7aff814 to 26a29a4 Compare December 10, 2020 13:18
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch 2 times, most recently from f30a76d to e6393a3 Compare April 14, 2021 09:06
@dependabot
Bump angular from 1.4.9 to 1.8.0
ae846b4 
Bumps [angular](https://github.com/angular/angular.js) from 1.4.9 to 1.8.0.
- [Release notes](https://github.com/angular/angular.js/releases)
- [Changelog](https://github.com/angular/angular.js/blob/master/CHANGELOG.md)
- [Commits](angular/angular.js@v1.4.9...v1.8.0)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular-1.8.0 branch from e6393a3 to ae846b4 Compare April 14, 2021 09:08
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants