Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency ng-packagr to v10 [security] #239

Closed
wants to merge 1 commit into from
Closed

chore(deps): update dependency ng-packagr to v10 [security] #239

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 1, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ng-packagr ^5.7.1 -> ^10.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-7735

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Release Notes

ng-packagr/ng-packagr

v10.1.1

Compare Source

v10.1.0

Compare Source

v10.0.4

Compare Source

v10.0.3

Compare Source

v10.0.2

Compare Source

v10.0.1

Compare Source

v10.0.0

Compare Source

v9.1.5

Compare Source

Bug Fixes
  • remove tslib from peerDependencies when adding it to dependencies (593f861)

v9.1.4

Compare Source

Bug Fixes
  • auto add tslib as direct dependency (298fbc4)
9.1.3 (2020-05-06)

v9.1.3

Compare Source

Bug Fixes
  • update browserslist and autoprefixer (8293497), closes #​1611
  • update rollup-plugin-sourcemaps to version ^0.6.0 (f8c3459)

v9.1.2

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

v9.0.3

Compare Source

v9.0.2

Compare Source

v9.0.1

Compare Source

v9.0.0

Compare Source

⚠ BREAKING CHANGES
  • Remove usage of deprecated less-plugin-npm-import. In less v3 is supports node_modules resolutions by default.

Before

@​import '~module/less/linenumbers';

After

@​import 'module/less/linenumbers';
  • TypeScript versions prior to 3.6.4 are no longer supported.no longer supported.
  • tslib will be longer be added as a dependencies, but rather it will be added as a peerDependencies.

This is to be inline with the Angular framework.

Bug Fixes
  • downlevel constructor parameters transformer with tsickle (51d5498), closes #​1517
  • add assets option to schema (a5efd1c), closes #​1092
  • add link to Angular guide when showing ivy publish warning (6bee029), closes #​1453
  • add more package json sections to remove (57cc4d1)
  • analyse only non done entry points (e8db885)
  • analyse should cater for module name being the primary entry point (7b8e491)
  • circular dependency on itself error (702c3f2), closes #​1508
  • ignore .gitkeep, Thumbs.db and .DS_Store when copying files (a5b10e2)
  • ignore JSON files in tsickle processing (#​1489) (ec44059), closes #​325
  • incorrect detection of potential dependent entry-points (932bf48), closes #​1510
  • lock rollup version (75ac180), closes #​1431
  • remove redundant section in package.json (5efad3a)
  • reset glob cache on file add (0306d59)
  • skip NGCC when file system is read only (0e44793)
  • switch to a more accurate module analyse (92ca053), closes #​1523
  • update commander to version ^4.0.0 (ee41977)
  • update rollup to version 1.31.0 (f8704fd)
  • update update-notifier to version ^4.0.0 (f05cbbf)
Features
  • add support for TypeScript 3.7 (9e05fb3)
  • add support for TypeScript 3.6 (342b799)
  • add tslib as peerDepedency (5077f87)
  • update peerDependencies (7ff60f5)
Performance
  • re-populate glob cache (3323b2a)
  • remove less-plugin-npm-import (6a5ae37)

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@changeset-bot
Copy link

changeset-bot bot commented Jun 1, 2021
edited
Loading

⚠️ No Changeset found

Latest commit: 5ae635f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate bot force-pushed the renovate/npm-ng-packagr-vulnerability branch from 15e7004 to 5ae635f Compare July 1, 2021 03:52
@JounQin JounQin closed this May 13, 2022
@renovate
Copy link
Contributor Author

renovate bot commented May 13, 2022
edited
Loading

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 10.x releases. But if you manually upgrade to 10.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate bot deleted the renovate/npm-ng-packagr-vulnerability branch May 13, 2022 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
PR: unreviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JounQin @renovate-bot