Update dependency angular to v1.8.0

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
angular (source)	dependencies	minor	1.7.2 -> 1.8.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	7.5	CVE-2019-10768	#203
Medium	5.4	CVE-2020-7676	#211

---

Release Notes

angular/angular.js

v1.8.0

Compare Source

This release contains a breaking change to resolve a security issue which was discovered by
Krzysztof Kotowicz(@​koto); and independently by Esben Sparre Andreasen (@​esbena) while
performing a Variant Analysis of CVE-2020-11022
which itself was found and reported by Masato Kinugawa (@​masatokinugawa).

Bug Fixes

• jqLite:
  • prevent possible XSS due to regex-based HTML replacement
    (2df43c)

Breaking Changes

jqLite due to:

• 2df43c: prevent possible XSS due to regex-based HTML replacement

JqLite no longer turns XHTML-like strings like <div /><span /> to sibling elements <div></div><span></span>
when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to:
<div><span></span></div>.

This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string.
If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling

angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement();

But you should adjust your code for this change and remove your use of this function as soon as possible.

Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the jQuery 3.5 upgrade guide for more details about the workarounds.

v1.7.9

Compare Source

Bug Fixes

• angular.merge: do not merge proto property
  (726f49)
  (Thanks to the Snyk Security Research Team for identifyng this issue.)
• ngStyle: correctly remove old style when new style value is invalid
  (5edd25,
  #​16860,
  #​16868)

v1.7.8

Compare Source

Bug Fixes

• required: correctly validate required on non-input element surrounded by ngIf
  (a4c7bd,
  #​16830,
  #​16836)

v1.7.7

Compare Source

Bug Fixes

• ngRequired: set error correctly when inside ngRepeat and false by default
  (5ad4f5,
  #​16814,
  #​16820)

v1.7.6

Compare Source

Bug Fixes

• $compile: fix ng-prop-* with undefined values
  (772440,
  #​16797,
  #​16798)
• compile: properly handle false value for boolean attrs with jQuery
  (27486b,
  #​16778,
  #​16779)
• ngRepeat:
  • fix reference to last collection value remaining across linkages
    (cf919a)
  • fix trackBy function being invoked with incorrect scope
    (d4d103,
    #​16776,
    #​16777)
• aria/ngClick: check if element is contenteditable before blocking spacebar
  (289374,
  #​16762)
• input: prevent browsers from autofilling hidden inputs
  (7cbb10)
• Angular: add workaround for Safari / Webdriver problem
  (eb49f6)
• $browser: normalize inputted URLs
  (2f72a6,
  #​16606)
• interpolate: do not create directives for constant media URL attributes
  (90a41d,
  #​16734)
• $q: allow third-party promise libraries
  (eefaa7,
  #​16164,
  #​16471)
• urlUtils: make IPv6 URL's hostname wrapped in square brackets in IE/Edge
  (0e1bd7,
  #​16692,
  #​16715)
• ngAnimateSwap: make it compatible with ngIf on the same element
  (b27080,
  #​16616,
  #​16729)
• ngMock: make matchLatestDefinitionEnabled work
  (3cdffc,
  #​16702)
• ngStyle: skip setting empty value when new style has the property
  (d6098e,
  #​16709)

Performance Improvements

• input: prevent multiple validations on initialization
  (692622,
  #​14691,
  #​16760)

v1.7.5

Compare Source

Bug Fixes

• ngClass: do not break on invalid values
  (f3a565,
  #​16697,
  #​16699)

v1.7.4

Compare Source

Bug Fixes

• ngAria.ngClick: prevent default event on space/enter only for non-interactive elements
  (61b335,
  #​16664,
  #​16680)
• ngAnimate: remove the "prepare" classes with multiple structural animations
  (3105b2,
  #​16681,
  #​16677)
• $route: correctly extract path params if the path contains a question mark or a hash
  (2ceeb7)
• ngHref: allow numbers and other objects in interpolation
  (30084c,
  #​16652,
  #​16626)
• select: allow to select first option with value undefined
  (668a33,
  #​16653,
  #​16656)

v1.7.3

Compare Source

Bug Fixes

• $location:
  • fix infinite recursion/digest on URLs with special characters
    (e68697,
    #​16592,
    #​16611)
  • avoid unnecessary $locationChange* events due to empty hash
    (1144b1,
    #​16632,
    #​16636)
• ngMock.$httpBackend:
  • pass failed HTTP expectations to $exceptionHandler
    (4adbf8,
    #​16644)
  • correctly ignore query params in {expect,when}Route
    (be417f,
    #​14173,
    #​16589)
• Angular: add workaround for Safari / Webdriver problem
  (0a1db2,
  #​16645)
• $animate: avoid memory leak with $animate.enabled(element, enabled)
  (4bd424,
  #​16649)
• $compile:
  • use correct parent element when requiring on html element
    (05ac70,
    #​16535,
    #​16647)
  • work around Firefox DocumentFragment bug
    (10973c,
    #​16607,
    #​16615)
• ngEventDirs:
  • pass error in handler to $exceptionHandler when event was triggered in a digest
    (688211)
  • don't wrap the event handler in $apply if already in $digest
    (535ee3,
    #​14673,
    #​14674)
• angular.element: do not break on cleanData() if _data() returns undefined
  (7cf4a2,
  #​16641,
  #​16642)
• ngAria: do not scroll when pressing spacebar on custom buttons
  (3a517c,
  #​14665,
  #​16604)

New Features

• $compile: add support for arbitrary DOM property and event bindings
  (a5914c,
  #​16428,
  #​16235,
  #​16614)
• ngMock: add $flushPendingTasks() and $verifyNoPendingTasks()
  (6f7674,
  #​14336)
• core: implement more granular pending task tracking
  (17b139)
• $animate: add option data to event callbacks
  (fc64e6,
  #​12697,
  #​13059)
• form.FormController: add $getControls()
  (c9d1e6,
  #​16601,
  #​14749,
  #​14517,
  #​13202)
• ngModelOptions: add timeStripZeroSeconds and timeSecondsFormat
  (b68221,
  #​10721,
  #​16510,
  #​16584)

Performance Improvements

• ngAnimate: avoid repeated calls to addClass/removeClass when animation has no duration
  (093635,
  #​14165,
  #​14166,
  #​16613)

---

• If you want to rebase/retry this PR, click this checkbox.