chore(deps): update dependency @angular/core to v10 [security] #531

renovate · 2024-05-17T12:51:05Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@angular/core (source)	`8.2.14` -> `10.2.5`

Review

Updates have been tested and work
If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

GitHub Vulnerability Alerts

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

Release Notes

angular/angular (@angular/core)

Configuration

📅 Schedule: Branch creation - "" in timezone America/Montreal, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate · 2024-05-17T12:51:06Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: utils/angular-output-target/package-lock.json

npm WARN ignoring workspace config at /tmp/renovate/repos/github/cds-snc/gcds-components/utils/angular-output-target/.npmrc 
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @stencil/angular-output-target@0.8.4
npm ERR! Found: @angular/core@8.2.14
npm ERR! utils/angular-output-target/node_modules/@angular/core
npm ERR!   peer @angular/core@"8.2.14" from @angular/common@8.2.14
npm ERR!   utils/angular-output-target/node_modules/@angular/common
npm ERR!     peer @angular/common@"8.2.14" from @angular/forms@8.2.14
npm ERR!     utils/angular-output-target/node_modules/@angular/forms
npm ERR!       dev @angular/forms@"8.2.14" from @stencil/angular-output-target@0.8.4
npm ERR!       utils/angular-output-target
npm ERR!         @stencil/angular-output-target@0.8.4
npm ERR!         node_modules/@stencil/angular-output-target
npm ERR!     peer @angular/common@"8.2.14" from @angular/platform-browser@8.2.14
npm ERR!     utils/angular-output-target/node_modules/@angular/platform-browser
npm ERR!       peer @angular/platform-browser@"8.2.14" from @angular/forms@8.2.14
npm ERR!       utils/angular-output-target/node_modules/@angular/forms
npm ERR!         dev @angular/forms@"8.2.14" from @stencil/angular-output-target@0.8.4
npm ERR!         utils/angular-output-target
npm ERR!   peer @angular/core@"8.2.14" from @angular/forms@8.2.14
npm ERR!   utils/angular-output-target/node_modules/@angular/forms
npm ERR!     dev @angular/forms@"8.2.14" from @stencil/angular-output-target@0.8.4
npm ERR!     utils/angular-output-target
npm ERR!       @stencil/angular-output-target@0.8.4
npm ERR!       node_modules/@stencil/angular-output-target
npm ERR!         workspace utils/angular-output-target from the root project
npm ERR!         1 more (@cdssnc/gcds-components)
npm ERR!   1 more (@angular/platform-browser)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! dev @angular/core@"10.2.5" from @stencil/angular-output-target@0.8.4
npm ERR! utils/angular-output-target
npm ERR!   @stencil/angular-output-target@0.8.4
npm ERR!   node_modules/@stencil/angular-output-target
npm ERR!     workspace utils/angular-output-target from the root project
npm ERR!     1 more (@cdssnc/gcds-components)
npm ERR! 
npm ERR! Conflicting peer dependency: zone.js@0.10.3
npm ERR! node_modules/zone.js
npm ERR!   peer zone.js@"~0.10.3" from @angular/core@10.2.5
npm ERR!   node_modules/@angular/core
npm ERR!     dev @angular/core@"10.2.5" from @stencil/angular-output-target@0.8.4
npm ERR!     utils/angular-output-target
npm ERR!       @stencil/angular-output-target@0.8.4
npm ERR!       node_modules/@stencil/angular-output-target
npm ERR!         workspace utils/angular-output-target from the root project
npm ERR!         1 more (@cdssnc/gcds-components)
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-05-17T12_50_49_931Z-debug-0.log

renovate · 2024-05-17T15:36:37Z

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

ethanWallace · 2024-05-22T18:26:58Z

Manually updated the conflicting packages to v16.2.12. Just need a secondary review and I will merge the fix

daine

Let's get this out there, approved!

* chore(deps): update dependency prettier to v2.8.8 (#532) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: Add sleep to CDN publish of angular, react and vue packages (#530) * chore: GCDS Components Release v0.22.0 (#526) * chore: GCDS Components Release * chore: update lerna and changelog * Fix typo --------- Co-authored-by: sre-read-write[bot] <92993749+sre-read-write[bot]@users.noreply.github.com> Co-authored-by: Ethan Wallace <ethan.wallace.91@gmail.com> * fix: Remove built in wrapper for React SSR react components * refactor: update input component to increase input width calculation (#536) refactor: update input component to increase input width calculation + remove max-length * chore(docs): Update and rename CONTRIBUTING.md to CONTRIBUTION GUIDELINES.md (#538) * Update and rename CONTRIBUTING.md to CONTRIBUTION GUIDELINES.md Updating contribution guidelines content in both English and French * Rename CONTRIBUTION GUIDELINES.md to CONTRIBUTING * Rename CONTRIBUTING to CONTRIBUTING.md * fix: misaligned of FR theme and topic menu button (bug) (#541) fix: misaligned of FR theme and topic menu button * docs: add fr translation for issue templates (contribution, feature request and bug report) (#533) * docs: add fr translation for issue templates (contribution) * chore: update translated template for bug reports * docs: update formatting * chore: add feature request issue template french translations * removing extra quotation mark Co-authored-by: Élise Cossette <45772213+EliseKa@users.noreply.github.com> * removing extra quotation mark Co-authored-by: Élise Cossette <45772213+EliseKa@users.noreply.github.com> --------- Co-authored-by: Élise Cossette <45772213+EliseKa@users.noreply.github.com> * chore(deps): update all non-major github action dependencies (#542) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency prettier to v2.8.8 (#543) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix: change angular output install and build to be based off gcds-components package * chore: GCDS Components Release v0.22.1 (#537) * chore: GCDS Components Release * Update CHANGELOG.md * chore: update lerna version + changelog --------- Co-authored-by: sre-read-write[bot] <92993749+sre-read-write[bot]@users.noreply.github.com> Co-authored-by: Melanie Boeckmann <melanie.bockmann@gmail.com> * chore: synced file(s) with cds-snc/site-reliability-engineering (#545) * chore: synced local '.github/workflows/s3-backup.yml' with remote 'tools/sre_file_sync/s3-backup.yml' * chore: synced local '.github/workflows/export_github_data.yml' with remote 'tools/sre_file_sync/export_github_data.yml' * chore: synced local '.github/workflows/ossf-scorecard.yml' with remote 'tools/sre_file_sync/ossf-scorecard.yml' --------- Co-authored-by: sre-read-write[bot] <92993749+sre-read-write[bot]@users.noreply.github.com> * chore(storybook): card property typos in Storybook (#544) fix: card property typos in Storybook * Update tsx version in react-ssr package * chore(storybook): add custom copy code button to storybook code preview (#540) * chore(storybook): add custom copy code button to storybook code preview * wip * damn you button haha * add min-width to copy button * revert button copy after 1.5 seconds * ci: easier way to run storybook from root (#547) * chore(deps): update dependency @angular/core to v10 [security] (#531) * chore(deps): update dependency @angular/core to v10 [security] * chore: Update angular dependencies --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ethan Wallace <ethan.wallace.91@gmail.com> * Change native props rendering * chore(storybook): Stop copy buttons rendering more than once (#550) chore(storybook): Stop copy buttons rendering more than once in storybook * Add React.HTMLAttributes<HTMLElement> to types * Update nx dependency * Fix hydration issues with boolean attributes --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: sre-read-write[bot] <92993749+sre-read-write[bot]@users.noreply.github.com> Co-authored-by: Melanie Boeckmann <melanie.bockmann@gmail.com> Co-authored-by: Brock Higgins <47530176+brockhigg10@users.noreply.github.com> Co-authored-by: Daine Trinidad <daine.trinidad@cds-snc.ca> Co-authored-by: Élise Cossette <45772213+EliseKa@users.noreply.github.com>

chore(deps): update dependency @angular/core to v10 [security]

6a6f6db

renovate bot added Dependencies Renovate labels May 17, 2024

chore: Update angular dependencies

41f154f

ethanWallace requested review from melaniebmn and daine May 22, 2024 18:26

daine approved these changes May 27, 2024

View reviewed changes

ethanWallace merged commit a37f279 into main May 28, 2024
3 checks passed

ethanWallace deleted the renovate/npm-@angular/core-vulnerability branch May 28, 2024 19:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency @angular/core to v10 [security] #531

chore(deps): update dependency @angular/core to v10 [security] #531

renovate bot commented May 17, 2024

renovate bot commented May 17, 2024

renovate bot commented May 17, 2024

ethanWallace commented May 22, 2024 •

edited

Loading

daine left a comment

chore(deps): update dependency @angular/core to v10 [security] #531

chore(deps): update dependency @angular/core to v10 [security] #531

Conversation

renovate bot commented May 17, 2024

Review

GitHub Vulnerability Alerts

Release Notes

Configuration

renovate bot commented May 17, 2024

⚠️ Artifact update problem

File name: utils/angular-output-target/package-lock.json

renovate bot commented May 17, 2024

Edited/Blocked Notification

ethanWallace commented May 22, 2024 • edited Loading

daine left a comment

Choose a reason for hiding this comment

ethanWallace commented May 22, 2024 •

edited

Loading