Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump micromatch, @angular-devkit/build-angular and @angular/compiler-cli in /angular #254

Closed
wants to merge 1 commit into from
Closed

build(deps): bump micromatch, @angular-devkit/build-angular and @angular/compiler-cli in /angular #254

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 31, 2024

Bumps micromatch to 4.0.8 and updates ancestor dependencies micromatch, @angular-devkit/build-angular and @angular/compiler-cli. These dependencies need to be updated together.

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.
Commits

Updates @angular-devkit/build-angular from 0.800.6 to 18.2.2

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v18.2.2

18.2.2 (2024-08-29)

@​angular-devkit/build-angular

Commit Description
fix - 504b00b93 clear context in Karma by default for single run executions
fix - 82b76086e upgrade webpack to 5.94.0

v18.2.1

18.2.1 (2024-08-21)

@​angular-devkit/schematics-cli

Commit Description
fix - 94e27c88b prevent bypassing select/checkbox prompts on validation failure

@​angular/cli

Commit Description
fix - 05a274a01 prevent bypassing select/checkbox prompts on validation failure

@​angular-devkit/build-angular

Commit Description
fix - ddeb2b2b9 remove outdated browser-esbuild option warning

@​angular/build

Commit Description
fix - 83b2699ab improve error message when an unhandled exception occurs during prerendering
fix - 0be4038a5 support reading on-disk files during i18n extraction

v18.2.0

18.2.0 (2024-08-14)

@​schematics/angular

Commit Description
feat - 4da922e4f use isolatedModules in generated project

@​angular/build

Commit Description
feat - 24aaf1e37 support import attribute based loader configuration

v18.2.0-rc.0

18.2.0-rc.0 (2024-08-07)

@​angular/build

Commit Description
fix - 182ecbd18 allow explicitly disabling TypeScript incremental mode
fix - 34908a3fc lazy load Node.js inspector for dev server

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

18.2.2 (2024-08-29)

@​angular-devkit/build-angular

Commit Type Description
504b00b93 fix clear context in Karma by default for single run executions
82b76086e fix update webpack to 5.94.0

19.0.0-next.2 (2024-08-28)

Breaking Changes

@​angular/ssr

  • The CommonEngine API now needs to be imported from @angular/ssr/node.

    Before

    import { CommonEngine } from '@angular/ssr';

    After

    import { CommonEngine } from '@angular/ssr/node';

@​schematics/angular

Commit Type Description
a381a3db1 feat add option to export component as default

@​angular/ssr

Commit Type Description
30c25bf68 feat export AngularAppEngine as public API
4b09887a9 feat move CommonEngine API to /node entry-point
d43180af5 fix add missing peer dependency on @angular/platform-server

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular-devkit/build-angular since your current version.


Updates @angular/compiler-cli from 8.2.14 to 18.2.2

Release notes

Sourced from @​angular/compiler-cli's releases.

v18.2.2

18.2.2 (2024-08-28)

core

Commit Description
fix - 106917af878 avoid leaking memory if component throws during creation (#57546)
fix - 6d3a2af146a Do not bubble capture events. (#57476)

http

Commit Description
fix - 5d2e243c76a Dynamicaly call the global fetch implementation (#57531)

router

Commit Description
fix - 804925b1149 Do not unnecessarily run matcher twice on route matching (#57530)

upgrade

Commit Description
fix - 03ec620e31a Address Trusted Types violations in @​angular/upgrade (#57454)

v18.2.1

18.2.1 (2024-08-22)

core

Commit Description
fix - 9de30a7b1c Allow zoneless scheduler to run inside fakeAsync (#56932)
fix - 286012fb89 handle hydration of components that project content conditionally (#57383)

migrations

Commit Description
fix - 0bb649b8fa account for members with doc strings and no modifiers (#57389)
fix - 3b63082384 avoid migrating route component in tests (#57317)
fix - 6b4357fae4 preserve type when using inject decorator (#57389)

v18.2.0

18.2.0 (2024-08-14)

compiler

Commit Description
feat - c8e2885136 Add extended diagnostic to warn when there are uncalled functions in event bindings (#56295) (#56295)

compiler-cli

Commit Description
feat - 98ed5b609e run JIT transform on classes with jit: true opt-out (#56892)
fix - c76b440ac0 add warning for unused let declarations (#57033)
fix - 0f0a1f2836 emitting references to ngtypecheck files (#57138)
fix - 6c2fbda694 extended diagnostic visitor not visiting template attributes (#57033)

... (truncated)

Changelog

Sourced from @​angular/compiler-cli's changelog.

18.2.2 (2024-08-28)

core

Commit Type Description
106917af878 fix avoid leaking memory if component throws during creation (#57546)
6d3a2af146a fix Do not bubble capture events. (#57476)

http

Commit Type Description
5d2e243c76a fix Dynamicaly call the global fetch implementation (#57531)

router

Commit Type Description
804925b1149 fix Do not unnecessarily run matcher twice on route matching (#57530)

upgrade

Commit Type Description
03ec620e31a fix Address Trusted Types violations in @​angular/upgrade (#57454)

18.2.1 (2024-08-22)

core

Commit Type Description
9de30a7b1c fix Allow zoneless scheduler to run inside fakeAsync (#56932)
286012fb89 fix handle hydration of components that project content conditionally (#57383)

migrations

Commit Type Description
0bb649b8fa fix account for members with doc strings and no modifiers (#57389)
3b63082384 fix avoid migrating route component in tests (#57317)
6b4357fae4 fix preserve type when using inject decorator (#57389)

19.0.0-next.1 (2024-08-22)

Breaking Changes

core

  • The autoDetect feature of ComponentFixture will now attach the fixture to the ApplicationRef. As a result, errors during automatic change detection of the fixture be reported to the ErrorHandler. This change may cause custom error handlers to observe new failures that were previously unreported.

compiler-cli

Commit Type Description
9e87593055 feat ensure template style elements are preprocessed as inline styles (#57429)

core

... (truncated)

Commits
  • 7bfe817 refactor(compiler): add i18nPreserveWhitespaceForLegacyExtraction (#56507)
  • b1ed7e2 docs(docs-infra): Add support for function/method overloads (#57379)
  • 1828d11 build: update dependency @​babel/core to v7.25.2 (#57191)
  • b16dd6d fix(compiler-cli): generate valid TS 5.6 type checking code (#57303)
  • d9d68e7 fix(compiler): reduce chance of conflicts between generated factory and local...
  • 0b1dd39 perf(compiler-cli): improve performance of interpolatedSignalNotInvoked ext...
  • e2259c7 fix(compiler-cli): support JIT transforms before other transforms modifying c...
  • d73a374 Revert "fix(compiler): reduce chance of conflicts between generated factory a...
  • e11c0c4 fix(compiler-cli): run JIT transforms on @NgModule classes with jit: true...
  • 67e0940 fix(compiler): reduce chance of conflicts between generated factory and local...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump micromatch, @angular-devkit/build-angular and @angu…
15f9c7a 
…lar/compiler-cli

Bumps [micromatch](https://github.com/micromatch/micromatch) to 4.0.8 and updates ancestor dependencies [micromatch](https://github.com/micromatch/micromatch), [@angular-devkit/build-angular](https://github.com/angular/angular-cli) and [@angular/compiler-cli](https://github.com/angular/angular/tree/HEAD/packages/compiler-cli). These dependencies need to be updated together.


Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

Updates `@angular-devkit/build-angular` from 0.800.6 to 18.2.2
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular-cli/commits/18.2.2)

Updates `@angular/compiler-cli` from 8.2.14 to 18.2.2
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/18.2.2/packages/compiler-cli)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
- dependency-name: "@angular-devkit/build-angular"
  dependency-type: direct:development
- dependency-name: "@angular/compiler-cli"
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 31, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 27, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/angular/multi-6fb17dfc1c branch September 27, 2024 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nathanfranklin