New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency ng-packagr to v10 [security] #29

Open

renovate wants to merge 1 commit into master from renovate/npm-ng-packagr-vulnerability

renovate bot commented May 29, 2023 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ng-packagr	`^4.4.0` -> `^10.0.0`

GitHub Vulnerability Alerts

CVE-2020-7735

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Release Notes

ng-packagr/ng-packagr (ng-packagr)

`v10.1.1`

`v10.1.0`

`v10.0.4`

`v10.0.3`

`v10.0.2`

`v10.0.1`

`v10.0.0`

`v9.1.5`

Bug Fixes

remove tslib from peerDependencies when adding it to dependencies (593f861)

`v9.1.4`

Bug Fixes

auto add tslib as direct dependency (298fbc4)

9.1.3 (2020-05-06)

`v9.1.3`

Bug Fixes

update browserslist and autoprefixer (8293497), closes #1611
update rollup-plugin-sourcemaps to version ^0.6.0 (f8c3459)

`v9.1.2`

`v9.1.1`

`v9.1.0`

`v9.0.3`

`v9.0.2`

`v9.0.1`

`v9.0.0`

Features

add sass option (c85df4f)

Bug Fixes

overhaul the stylesheet pipeline (e2dc6e1), closes #1873 #2918 #2660 #2654

`v5.7.1`

`v5.7.0`

`v5.6.1`

`v5.6.0`

`v5.5.1`

`v5.5.0`: 5.5.0

Bug Fixes

disable treeshaking when generating bundles (34b26fc)
update commander to version ^3.0.0 (dcd4853)

Features

disable Ivy in default tsconfig (f50dd2f)
show error when trying to publish ivy packages (c3122d6)

`v5.4.3`

`v5.4.2`

`v5.4.1`

`v5.4.0`

`v5.3.0`

`v5.2.0`

Bug Fixes

only copy README.md from entry-points (23c718d), closes #2564

15.1.2 (2023-02-09)

Bug Fixes

remove trailing slash from dest (426a081), closes #2558
support of Safari TP versions (fa80ee0)
update browserslist config to include last 2 Chrome versions (1519c8d), closes angular/angular#48669

15.1.1 (2023-01-12)

Performance

create a single stylesheet renderer worker instance (6718f6e), closes #2530

`v5.1.0`

Features

add support for dynamic import (7226bb1), closes #2508

Performance

move stylesheet processing into a worker pool (9eaa398)

Bug Fixes

include cssUrl and styleIncludePaths in the CSS cache key (6bb7a4a), closes #2523

`v5.0.1`

`v5.0.0`

⚠ BREAKING CHANGES

ng-packagr no longer supports Node.js versions 14.[15-19].x and 16.[10-12].x. Current supported versions of Node.js are 14.20.x, 16.13.x and 18.10.x.
TypeScript versions older than 4.8.2 are no longer supported.
Deprecated support for Stylus has been removed. The Stylus package has never reached a stable version and it's usage in the ng-packagr is minimal. It's recommended to migrate to another CSS preprocessor that the ng-packagr supports.

Features

add support for tailwindcss (fdc0707), closes #1943
add support for Node.js version 18 (e70e3a3)
drop support for TypeScript 4.6 and 4.7 (56d9a85)
switch to sass modern API (b1ebee3)

Bug Fixes

grammatical update error message (6d7d2a9)
remove support for Stylus (2f92ab8)
emit TypeScript declaration diagnostics (844ea6c), closes #2405
exclude scanning node_modules when trying to locate README.md (b54159b), closes #2418
exclude scanning nested node_modules when locating README.md (4e4c00b), closes #2459
show actionable error when component resource is not found (5dcba25)

`v4.7.1`

`v4.7.0`

`v4.6.0`

`v4.5.0`

`v4.4.5`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          chore(deps): update dependency ng-packagr to v10 [security]

d777ab3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet