Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

angular

Package Overview
Dependencies
Maintainers
1
Versions
144
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

angular - npm Package Versions

23
15

1.8.3

Diff

petebacondarwin
published 1.8.2 •

Changelog

Source

1.8.2 meteoric-mining (2020-10-21)

Bug Fixes

  • $sceDelegate: ensure that resourceUrlWhitelist() is identical to trustedResourceUrlList() (e41f01, #17090)

<a name="1.8.1"></a>

petebacondarwin
published 1.8.1 •

Changelog

Source

1.8.1 mutually-supporting (2020-09-30)

Bug Fixes

  • $sanitize: do not trigger CSP alert/report in Firefox and Chrome (2fab3d)

Refactorings

  • SanitizeUriProvider: remove usages of whitelist (76738102)
  • httpProvider: remove usages of whitelist and blacklist (c953af6b)
  • sceDelegateProvider: remove usages of whitelist and blacklist (a206e267)

Deprecation Notices

For the purposes of backward compatibility, the previous symbols are aliased to their new symbol.

<a name="1.8.0"></a>

petebacondarwin
published 1.8.0 •

Changelog

Source

1.8.0 nested-vaccination (2020-06-01)

This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(@koto); and independently by Esben Sparre Andreasen (@esbena) while performing a Variant Analysis of CVE-2020-11022 which itself was found and reported by Masato Kinugawa (@masatokinugawa).

Bug Fixes

  • jqLite:
    • prevent possible XSS due to regex-based HTML replacement (2df43c)

Breaking Changes

jqLite due to:

  • 2df43c: prevent possible XSS due to regex-based HTML replacement

JqLite no longer turns XHTML-like strings like <div /><span /> to sibling elements <div></div><span></span> when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to: <div><span></span></div>.

This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling

angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement();

But you should adjust your code for this change and remove your use of this function as soon as possible.

Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the jQuery 3.5 upgrade guide for more details about the workarounds.

<a name="1.7.9"></a>

petebacondarwin
published 1.7.9 •

Changelog

Source

1.7.9 pollution-eradication (2019-11-19)

Bug Fixes

<a name="1.7.8"></a>

petebd
published 1.7.8 •

Changelog

Source

1.7.8 enthusiastic-oblation (2019-03-11)

Bug Fixes

  • required: correctly validate required on non-input element surrounded by ngIf (a4c7bd, #16830, #16836)

<a name="1.7.7"></a>

petebd
published 1.7.7 •

Changelog

Source

1.7.7 kingly-exiting (2019-02-04)

Bug Fixes

  • ngRequired: set error correctly when inside ngRepeat and false by default (5ad4f5, #16814, #16820)

<a name="1.7.6"></a>

petebd
published 1.7.6 •

Changelog

Source

1.7.6 gravity-manipulation (2019-01-17)

Bug Fixes

  • $compile: fix ng-prop-* with undefined values (772440, #16797, #16798)
  • compile: properly handle false value for boolean attrs with jQuery (27486b, #16778, #16779)
  • ngRepeat:
    • fix reference to last collection value remaining across linkages (cf919a)
    • fix trackBy function being invoked with incorrect scope (d4d103, #16776, #16777)
  • aria/ngClick: check if element is contenteditable before blocking spacebar (289374, #16762)
  • input: prevent browsers from autofilling hidden inputs (7cbb10)
  • Angular: add workaround for Safari / Webdriver problem (eb49f6)
  • $browser: normalize inputted URLs (2f72a6, #16606)
  • interpolate: do not create directives for constant media URL attributes (90a41d, #16734)
  • $q: allow third-party promise libraries (eefaa7, #16164, #16471)
  • urlUtils: make IPv6 URL's hostname wrapped in square brackets in IE/Edge (0e1bd7, #16692, #16715)
  • ngAnimateSwap: make it compatible with ngIf on the same element (b27080, #16616, #16729)
  • ngMock: make matchLatestDefinitionEnabled work (3cdffc, #16702)
  • ngStyle: skip setting empty value when new style has the property (d6098e, #16709)

Performance Improvements

<a name="1.7.5"></a>

petebd
published 1.7.5 •

Changelog

Source

1.7.5 anti-prettification (2018-10-04)

Bug Fixes

<a name="1.7.4"></a>

petebd
published 1.7.4 •

Changelog

Source

1.7.4 interstellar-exploration (2018-09-07)

Bug Fixes

  • ngAria.ngClick: prevent default event on space/enter only for non-interactive elements (61b335, #16664, #16680)
  • ngAnimate: remove the "prepare" classes with multiple structural animations (3105b2, #16681, #16677)
  • $route: correctly extract path params if the path contains a question mark or a hash (2ceeb7)
  • ngHref: allow numbers and other objects in interpolation (30084c, #16652, #16626)
  • select: allow to select first option with value undefined (668a33, #16653, #16656)

<a name="1.7.3"></a>

23
15
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc