Skip to content

chore(deps): update dependency @angular/core to v10 [security] #306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency @angular/core to v10 [security] #306

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 26, 2025
edited
Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@angular/core (source) ^8.2.14 -> ^10.0.0 age confidence

GitHub Vulnerability Alerts

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

Release Notes

angular/angular (@​angular/core)

v10.2.5

Compare Source

v10.2.4

Compare Source

v10.2.3

Compare Source

v10.2.2

Compare Source

v10.2.1

Compare Source

v10.2.0

Compare Source

v10.1.6

Compare Source

v10.1.5

Compare Source

v10.1.4

Compare Source

v10.1.3

Compare Source

v10.1.2

Compare Source

v10.1.1

Compare Source

v10.1.0

Compare Source

v10.0.14

Compare Source

v10.0.13

Compare Source

v10.0.12

Compare Source

v10.0.11

Compare Source

v10.0.10

Compare Source

v10.0.9

Compare Source

v10.0.8

Compare Source

v10.0.7

Compare Source

v10.0.6

Compare Source

v10.0.5

Compare Source

v10.0.4

Compare Source

v10.0.3

Compare Source

v10.0.2

Compare Source

v10.0.1

Compare Source

v10.0.0

Compare Source

v9.1.13

Compare Source

v9.1.12

Compare Source

v9.1.11

Compare Source

v9.1.10

Compare Source

v9.1.9

Compare Source

v9.1.8

Compare Source

benchpress
Commit Type Description
f0990c67e6 fix Ensure future-proof correct initialization order (#​60025)
common
Commit Type Description
1fbaeab37d fix make types for HttpClient more readable (#​59901)
core
Commit Type Description
c611c8d212 fix capture stack for HMR errors (#​60067)
language-service
Commit Type Description
4c9d09c643 fix provide correct rename info for elements (#​60088)

v9.1.7

Compare Source

common
Commit Type Description
e9f10eb4c9 fix clean up urlChanges subscribers when root scope is destroyed (#​59703)
compiler-cli
Commit Type Description
16fc074689 fix avoid crash in isolated transform operations (#​59869)
forms
Commit Type Description
ec1e4c3d94 fix Fix typing on FormRecord. (#​59993)

v9.1.6

Compare Source

compiler
Commit Type Description
01f669a274 fix handle tracking expressions requiring temporary variables (#​58520)
compiler-cli
Commit Type Description
dcfb9f1959 fix handle deferred blocks with shared dependencies correctly (#​59926)
core
Commit Type Description
cab7a9b69c fix invalidate HMR component if replacement throws an error (#​59854)
migrations
Commit Type Description
710759ddcc fix account for let declarations in control flow migration (#​59861)
46f36a58bf fix count used dependencies inside existing control flow (#​59861)

v9.1.5

Compare Source

compiler-cli
Commit Type Description
d7b5c597ffc fix gracefully fall back if const enum cannot be passed through (#​59815)
53a4668b58b fix handle const enums used inside HMR data (#​59815)
976125e0b4c fix handle enum members without initializers in partial evaluator (#​59815)

v9.1.4

Compare Source

core
Commit Type Description
544b9ee7ca0 fix check whether application is destroyed before printing hydration stats (#​59716)
d6e78c072dc fix ensure type is preserved during HMR (#​59700)
c2436702df9 fix fixes test timer-based test flakiness in CI (#​59674)
elements
Commit Type Description
44180645992 fix not setting initial value on signal-based input (#​59773)
platform-browser
Commit Type Description
1828a840620 fix prepend baseHref to sourceMappingURL in CSS content (#​59730)
1c84cbca30e fix Update pseudoevent created by createMouseSpecialEvent to populate _originalEvent property (#​59690)
12256574626 fix Update pseudoevent created by createMouseSpecialEvent to populate _originalEvent property (#​59690)
3f4d5f636aa fix Update pseudoevent created by createMouseSpecialEvent to populate _originalEvent property (#​59690)
router
Commit Type Description
e3da35ec749 fix prevent error handling when injector is destroyed (#​59457)
service-worker
Commit Type Description
522acbf3d7e fix add missing rxjs peer dependency (#​59747)

v9.1.3

Compare Source

compiler
Commit Type Description
ecfb74d287 fix handle :host-context with comma-separated child selector (#​59276)
compiler-cli
Commit Type Description
53160e504d fix extract parenthesized dependencies during HMR (#​59644)
39690969af fix handle conditional expressions when extracting dependencies (#​59637)
78af7a5059 fix handle new expressions when extracting dependencies (#​59637)
core
Commit Type Description
408af24ff3 fix capture self-referencing component during HMR (#​59644)
d7575c201c fix replace metadata in place during HMR (#​59644)
26f6d4c485 fix skip component ID collision warning during SSR (#​59625)
migrations
Commit Type Description
a62c84bc18 fix avoid applying the same replacements twice when cleaning up unused imports (#​59656)
platform-browser
Commit Type Description
b2b3816cb1 fix clear renderer cache during HMR when using async animations (#​59644)

v9.1.2

Compare Source

compiler
Commit Type Description
8dcd889987 fix update @ng/component URL to be relative (#​59620)
compiler-cli
Commit Type Description
95a05bb202 fix disable tree shaking during HMR (#​59595)
core
Commit Type Description
a4eb74c79c fix animation sometimes renderer not being destroyed during HMR (#​59574)
906413aba3 fix change Resource to use explicit undefined in its typings (#​59024)
4eb541837c fix cleanup _ejsa when app is destroyed (#​59492)
5497102769 fix cleanup stash listener when app is destroyed (#​59598)
266a8f2f2e fix handle shadow DOM encapsulated component with HMR (#​59597)
6f7716268a fix HMR not matching component that injects ViewContainerRef (#​59596)
d12a186d53 fix treat exceptions in equal as part of computation (#​55818)

v9.1.1

Compare Source

core
Commit Type Description
357795cb96 fix run HMR replacement in the zone (#​59562)
platform-browser
Commit Type Description
eb0b1851f4 fix roll back HMR fix (#​59557)

v9.1.0

Compare Source

common
Commit Type Description
e4c50b3bea feat expose component instance in NgComponentOutlet (#​58698)
compiler
Commit Type Description
ceadd28ea1 fix allow $any in two-way bindings (#​59362)
aed49ddaaa fix use chunk origin in template HMR request URL (#​59459)
compiler-cli
Commit Type Description
c5c20e9d86 fix check event side of two-way bindings (#​59002)
core
Commit Type Description
d010e11b73 feat add event listener options to renderer (#​59092)
57f3550219 feat add utility for resolving defer block information to ng global (#​59184)
22f191f763 feat extend the set of profiler events (#​59183)
e894a5daea feat set kind field on template and effect nodes (#​58865)
bd1f1294ae feat support TypeScript 5.7 (#​58609)
9870b643bf fix Defer afterRender until after first CD (#​58250)
a5fc962094 fix Don't run effects in check no changes pass (#​58250)
migrations
Commit Type Description
d298d25426 feat add schematic to clean up unused imports (#​59353)
14fb8ce4c0 fix resolve text replacement issue (#​59452)
platform-browser
Commit Type Description
8c5db3cfb7 fix avoid circular DI error in async renderer (#​59256)
router
Commit Type Description
52a6710f54 fix complete router events on dispose (#​59327)

v9.0.7

Compare Source

compiler-cli
Commit Type Description
2b4b7c3ebf fix handle more node types when extracting dependencies (#​59445)
core
Commit Type Description
f893d07232 fix destroy renderer when replacing styles during HMR (#​59514)
migrations
Commit Type Description
eb2fcd1896 fix incorrect stats when migrating queries with best effort mode (#​59463)

v9.0.6

Compare Source

compiler-cli
Commit Type Description
06a55e9817 fix account for more expression types when determining HMR dependencies (#​59323)
17fb20f85d fix preserve defer block dependencies during HMR when class metadata is disabled (#​59313)
core
Commit Type Description
07afce81b8 fix Ensure that a destroyed effect never run. (#​59415)
platform-browser
Commit Type Description
dbb8980d03 fix avoid circular DI error in async renderer (#​59271)
6d00efde95 fix styles not replaced during HMR when using animations renderer (#​59393)
router
Commit Type Description
144bccb687 fix avoid component ID collisions with user code (#​59300)

v9.0.5

Compare Source

core
Commit Type Description
3793218e77 fix avoid triggering on timer and on idle on the server (#​59177)
cfc96ed82c fix Fix nested timer serialization (#​59173)
platform-server
Commit Type Description
9085a8fbd8 fix Warn user when transfer state happens more than once (#​58935)

v9.0.4

Compare Source

compiler-cli
Commit Type Description
7e612171709 fix consider pre-release versions when detecting feature support (#​59061)
cd764a31152 fix error in unused standalone imports diagnostic (#​59064)
core
Commit Type Description
34ded10fa60 fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#​59073)
platform-browser
Commit Type Description
ae0802d63c5 fix collect external component styles from server rendering (#​59031)

v9.0.3

Compare Source

v9.0.2

Compare Source

compiler-cli
Commit Type Description
9f99196d23 fix account for multiple generated namespace imports in HMR (#​58924)
core
Commit Type Description
4792db9a6d fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#​58929)
migrations
Commit Type Description
7b5bacc228 fix class content being deleted in some edge cases (#​58959)
d1cbdd6acb fix correctly strip away parameters surrounded by comments in inject migration (#​58959)
e17ff71c31 fix don't migrate classes with parameters that can't be injected (#​58959)
7c5f990001 fix inject migration aggressively removing imports (#​58959)
4392ccedf9 fix inject migration dropping code if everything except super is removed (#​58959)
9cbebc6dda fix preserve type literals and tuples in inject migrations (#​58959)
platform-server
Commit Type Description
f3c388ecda fix remove peer dependency on animations (#​58997)

v9.0.1

Compare Source

compiler-cli
Commit Type Description
fb1fa8b0fc fix more accurate diagnostics for host binding parser errors (#​58870)
core
Commit Type Description
502ee0e722 fix correctly clear template HMR internal renderer cache (#​58724)
99715104a1 fix correctly perform lazy routes migration for components with additional decorators (#​58796)
118803035f fix Ensure _tick is always run within the TracingSnapshot. (#​58881)
08b9452f01 fix Ensure resource sets an error (#​58855)
[84f45ea3ff](https://redirect.github.com/angular/angular/commit/84f45ea3ffe02003350c6c19fdafd

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@changeset-bot
Copy link

changeset-bot bot commented Mar 26, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 7e40618

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link

vercel bot commented Mar 26, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
ngrx ❌ Failed (Inspect) Aug 10, 2025 0:39am

@renovate renovate bot changed the title chore(deps): update dependency @angular/core [security] chore(deps): update dependency @angular/core to v10 [security] Mar 26, 2025
@renovate renovate bot force-pushed the renovate/npm-angular-core-vulnerability branch from fae2ade to 7e40618 Compare August 10, 2025 12:37
@coderabbitai
Copy link

coderabbitai bot commented Aug 10, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant