fix(deps): update dependency @angular/core to v12 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@angular/core (source)	11.2.14 -> 12.0.0

GitHub Vulnerability Alerts

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

---

Release Notes

angular/angular (@​angular/core)

v12.0.0

Compare Source

12.0.0 (2021-05-12)

Bug Fixes

• animations: ensure consistent transition namespace ordering (#​19854) (01cc995)
• animations: update supported range of node versions to only include LTS versions (#​41822) (e918250)
• animations: cleanup DOM elements when the root view is removed (#​41059) (c49b280)
• animations: allow animations on elements in the shadow DOM (#​40134) (dad42c8), closes #​25672
• animations: cleanup DOM elements when the root view is removed (#​41001) (a31da48)
• bazel: update supported range of node versions to only include LTS versions (#​41822) (8503246)
• bazel: update build tooling for latest changes in rules_nodejs (#​40710) (696f7bc)
• bazel: update integration test to use rules_nodejs@3.1.0 (#​40710) (34de89a)
• bazel: update type castings for JSON.parse usage (#​40710) (2c90391)
• benchpress: update type castings for JSON.parse usage (#​40710) (e721a5d)
• common: add right ContentType for boolean values with HttpClient request body(#​38924) (#​41885) (922a602)
• common: update supported range of node versions to only include LTS versions (#​41822) (f2b6fd8)
• common: viewport scroller not finding elements inside the shadow DOM (#​41644) (c0f5ba3), closes #​41470
• common: temporarily re-export and deprecate XhrFactory (#​41393) (7dfa446)
• common: cleanup location change listeners when the root view is removed (#​40867) (38524c4), closes #​31546
• common: allow number or boolean as http params (#​40663) (91cdc11), closes #​23856
• common: avoid mutating context object in NgTemplateOutlet (#​40360) (d3705b3), closes #​24515
• compiler: preserve @​page rules in encapsulated styles (#​41915) (3e365ba), closes #​26269
• compiler: strip scoped selectors from @font-face rules (#​41815) (2a11cda), closes #​41751
• compiler: update supported range of node versions to only include LTS versions (#​41822) (bae8126)
• compiler: non-literal inline templates incorrectly processed in partial compilation (#​41583) (ab257b3)
• compiler: not generating update instructions for ng-template inside alternate namespaces (#​41669) (2bcbbda), closes #​41308
• compiler: avoid parsing EmptyExpr with a backwards span (#​41581) (e1a2930)
• compiler: handle case-sensitive CSS custom properties (#​41380) (e112e32), closes #​41364
• compiler: include used components during JIT compilation of partial component declaration (#​41353) (ff9470b), closes #​41104 #​41318
• compiler: support multiple :host-context() selectors (#​40494) (07b7af3), closes #​19199
• compiler: update type castings for JSON.parse usage (#​40710) (f728490)
• compiler-cli: use '' for the source map URL of indirect templates (#​41973) (7a4d980), closes #​40854
• compiler-cli: expose the linker as a Babel plugin (#​41918) (8fdac8f)
• compiler-cli: prefer non-aliased exports in reference emitters (#​41866) (75bb931), closes #​41443 #​41277
• compiler-cli: allow linker to process minified booleans (#​41747) (1fb6724), closes #​41655
• compiler-cli: match string indexed partial declarations (#​41747) (f885750), closes #​41655
• compiler-cli: update supported range of node versions to only include LTS versions (#​41822) (5b463f4)
• compiler-cli: autocomplete literal types in templates. (#​41456) (#​41645) (8b2b5ef)
• compiler-cli: do not error with prepocessing if component has no inline styles (#​41602) (a5fe8b9)
• compiler-cli: ensure the compiler tracks ts.Programs correctly (#​41291) (deacc74)
• compiler-cli: prevent eliding default imports in incremental recompilations (#​41557) (7f16515), closes #​41377
• compiler-cli: resolve rootDirs to absolute (#​41359) (3e0fda9), closes #​36290
• compiler-cli: add useInlining option to type check config (#​41043) (09aefd2), closes #​40963
• compiler-cli: readConfiguration existing options should override options in tsconfig (#​40694) (b7c4d07)
• compiler-cli: extend angularCompilerOptions in tsconfig from node (#​40694) (5eb1954), closes #​36715
• compiler-cli: update ngcc integration tests for latest changes in rules_nodejs (#​40710) (d7f5755)
• compiler-cli: update type castings for JSON.parse usage (#​40710) (b75d7cb)
• core: do not retain dynamically compiled components and modules (#​42003) (1449c5c), closes #​19997
• core: invoke profiler around ngOnDestroy lifecycle hooks (#​41969) (e9ddc57)
• core: AsyncPipe now compatible with RxJS 7 (#​41590) (9759bca)
• core: handle multiple i18n attributes with expression bindings (#​41882) (73c6c64), closes #​41869
• core: update supported range of node versions to only include LTS versions (#​41822) (f9c1f08)
• core: detect synthesized constructors that have been downleveled using TS 4.2 (#​41305) (274dc15), closes #​41298
• core: Switch emitDistinctChangesOnlyDefaultValue to true (#​41121) (7096246)
• core: remove duplicated EMPTY_OBJ constant (#​41066) (bf158e7)
• core: remove duplicated EMPTY_ARRAY constant (#​40991) (e12d9de)
• core: allow EmbeddedViewRef context to be updated (#​40360) (a3e1719), closes #​24515
• core: make DefaultIterableDiffer keep the order of duplicates (#​23941) (a826926), closes #​23815
• core: NgZone coaleascing options should trigger onStable correctly (#​40540) (22f9e45)
• elements: update supported range of node versions to only include LTS versions (#​41822) (4f5d094)
• elements: update type castings for JSON.parse usage (#​40710) (efd4149)
• forms: update supported range of node versions to only include LTS versions (#​41822) (dc975ba)
• http: complete the request on timeout (#​39807) (61a0b6d), closes #​26453
• http: emit error on XMLHttpRequest abort event (#​40767) (3897265), closes #​22324
• language-service: update supported range of node versions to only include LTS versions (#​41822) (9b6198c)
• language-service: use script versions for incremental compilations (#​41475) (78236bf)
• language-service: Only provide Angular property completions in templates (#​41278) (0226a11)
• language-service: Add plugin option to force strictTemplates (#​41062) (e9e7c33)
• language-service: use single entry point for Ivy and View Engine (#​40967) (e986a97)
• localize: relax error to warning for missing target (#​41944) (35ceed2), closes #​21690
• localize: update supported range of node versions to only include LTS versions (#​41822) (658ed1f)
• localize: update type castings for JSON.parse usage (#​40710) (4b469c9)
• ngcc: detect synthesized constructors that have been downleveled using TS 4.2 (#​41305) (8d3da56), closes #​41298
• platform-browser: prevent memory leak of style nodes if shadow DOM encapsulation is used (#​42005) (d555555), closes #​36655
• platform-browser: update supported range of node versions to only include LTS versions (#​41822) (ea05cfd)
• platform-browser: configure XhrFactory to use BrowserXhr (#​41313) (e0028e5), closes #​41311
• platform-browser: update type castings for JSON.parse usage (#​40710) (7ecfd2d)
• platform-browser-dynamic: update supported range of node versions to only include LTS versions (#​41822) (bc45029)
• platform-server: update supported range of node versions to only include LTS versions (#​41822) (4b9d4fa)
• router: update supported range of node versions to only include LTS versions (#​41822) (0067edd)
• router: Only retrieve stored route when reuse strategy indicates it should reattach (#​30263) (a4ff071), closes #​23162
• router: recursively merge empty path matches (#​41584) (1179dc8), closes #​41481
• router: fragment can be null (#​37336) (b555160), closes #​23894 #​34197
• router: update type castings for JSON.parse usage (#​40710) (350dada)
• service-worker: update supported range of node versions to only include LTS versions (#​41822) (6b823d7)
• service-worker: update type castings for JSON.parse usage (#​40710) (4f7ff96)
• upgrade: preserve $interval.flush when ngMocks is being used (#​30229) (87dc851)
• upgrade: update supported range of node versions to only include LTS versions (#​41822) (10c4523)

Build System

• ng_package no longer generate minified UMDs (#​41425) (5a8bc1b)

Features

• animations: update supported range of node versions (#​41544) (547363a)
• animations: add support for disabling animations through BrowserAnimationsModule.withConfig (#​40731) (29d8a0a)
• bazel: update supported range of node versions (#​41544) (d583d92)
• common: update supported range of node versions (#​41544) (e0250e5)
• common: add historyGo method to Location service (#​38890) (e05a6f3)
• common: support ICU standard "stand alone day of week" with DatePipe (#​40766) (c56ecab), closes #​26922
• common: implement appendAll() method on HttpParams (#​20930) (575a2d1), closes #​20798
• compiler: support nullish coalescing in templates (#​41437) (ec27bd4), closes #​36528
• compiler: update supported range of node versions (#​41544) (75cc813)
• compiler: emit @​PURE or @​pureOrBreakMyCode annotations in the generated code (#​41096) (9c21028)
• compiler-cli: mark ability to use partial compilation mode as stable (#​41518) (6ba67c6), closes #​41496
• compiler-cli: update supported range of node versions (#​41544) (b7bd238)
• compiler-cli: support transforming component style resources (#​41307) (1de04b1)
• compiler-cli: support producing Closure-specific PURE annotations (#​41021) (fbc9df1)
• core: introduce getDirectiveMetadata global debugging utility (#​41525) (a07f303)
• core: update supported range of node versions (#​41544) (e66a5fb)
• core: support forwardRef in providedIn of Injectable declaration (#​41426) (f7c294e), closes #​41205
• core: add migration for XhrFactory import (#​41313) (95ff5ec)
• core: drop support for TypeScript 4.0 and 4.1 (#​41158) (fa04894)
• core: support TypeScript 4.2 (#​41158) (59ef409)
• core: manually annotate de-sugarred core tree-shakable providers with @​pureOrBreakMyCode (#​41096) (03d47d5)
• core: more precise type for APP_INITIALIZER token (#​40986) (ca721c2), closes #​40729
• core: drop support for zone.js 0.10.x (#​40823) (aaf9b31), closes angular/angular-cli#20034
• core: support APP_INITIALIZER work with observable (#​33222) (ca17ac5), closes #​15088
• elements: update supported range of node versions (#​41544) (12fc08b)
• forms: update supported range of node versions (#​41544) (a0006a6)
• forms: add emitEvent option for AbstractControl-based class methods (#​31031) (4ec045e), closes #​29662
• forms: introduce min and max validators (#​39063) (8fb83ea), closes #​16352
• http: introduce HttpContext request context (#​25751) (1644d64)
• http: expose a list of human-readable http status codes (#​23548) (6fe3a1d), closes #​23543
• language-service: implement signature help (#​41581) (c7f9516)
• language-service: update supported range of node versions (#​41544) (86621be)
• language-service: add perf tracing to LanguageService (#​41319) (90f85da)
• language-service: add command for getting components for a template file (#​40655) (5cde4ad)
• language-service: Add diagnostics to suggest turning on strict mode (#​40423) (ecae75f)
• language-service: Implement getRenameInfo (#​40439) (4e8198d)
• language-service: initial implementation for findRenameLocations (#​40140) (9a5ac47)
• language-service: view template typecheck block (#​39974) (d482f5c)
• localize: update supported range of node versions (#​41544) (590d4dd)
• localize: add scripts to migrate away from legacy message IDs (#​41026) (1735430)
• ngcc: support __read helper as used by TypeScript 4.2 (#​41201) (66e9970)
• ngcc: support __spreadArray helper as used by TypeScript 4.2 (#​41201) (7b1214e) #​40394
• platform-browser: update supported range of node versions (#​41544) (ef0d1c3)
• platform-browser-dynamic: update supported range of node versions (#​41544) (b714f7b)
• platform-server: update supported range of node versions (#​41544) (c901b4d)
• platform-server: allow shimming the global env sooner (#​40559) (43ecf8a), closes #​24551 #​39950 #​39950
• router: update supported range of node versions (#​41544) (c30b171)
• router: add migration for ActivatedRouteSnapshot.fragment (#​41092) (190fa07), closes #​37336
• router: Add more fine-tuned control in routerLinkActiveOptions (#​40303) (6c05c80), closes #​13205
• router: Allow for custom router outlet implementations (#​40827) (a82fddf)
• service-worker: update supported range of node versions (#​41544) (fc597f1)
• upgrade: update supported range of node versions (#​41544) (beafa22)

Performance Improvements

• common: remove unused methods from DomAdapter (#​41102) (3c66b10)
• compiler: reduce amount of generated code for safe accesses and nullish coalescing (#​41563) (9a3b82f), closes #​41437 #​41491
• compiler-cli: allow incremental compilation in the presence of redirected source files (#​41448) (ffea31f)
• compiler-cli: cache results of absoluteFromSourceFile (#​41475) (fab1a64)
• core: minor improvements to listener instructions (#​41807) (9346d61)
• core: avoid storing LView in ngContext (#​41358) (990067a), closes #​41047
• core: optimize getDirectives (#​41525) (f7e391a)

BREAKING CHANGES

• Minified UMD bundles are no longer included in the distributed NPM packages.
• animations: DOM elements are now correctly removed when the root view is removed.
  If you are using SSR and use the app's HTML for rendering, you will need
  to ensure that you save the HTML to a variable before destorying the
  app.
  It is also possible that tests could be accidentally relying on the old behavior by
  trying to find an element that was not removed in a previous test. If
  this is the case, the failing tests should be updated to ensure they
  have proper setup code which initializes elements they rely on.
• common: Methods of the PlatformLocation class, namely onPopState and onHashChange,
  used to return void. Now those methods return functions that can be called
  to remove event handlers.
• common: The methods of the HttpParams class now accept string | number | boolean
  instead of string for the value of a parameter.
  If you extended this class in your application,
  you'll have to update the signatures of your methods to reflect these changes.
• compiler-cli: Linked libraries no longer generate legacy i18n message ids. Any downstream
  application that provides translations for these messages, will need to
  migrate their message ids using the localize-migrate command line tool.
• core: Angular no longer maintains support for node v10
• core: Previously the ng.getDirectives function threw an error in case a
  given DOM node had no Angular context associated with it (for example
  if a function was called for a DOM element outside of an Angular app).
  This behavior was inconsistent with other debugging utilities under ng
  namespace, which handled this situation without raising an exception.
  Now calling the ng.getDirectives function for such DOM nodes would
  result in an empty array returned from that function.
• core: Switching default of emitDistinctChangesOnlyDefaultValue
  which changes the default behavior and may cause some applications which
  rely on the incorrect behavior to fail.

emitDistinctChangesOnly flag has also been deprecated and will be
removed in a future major release.

The previous implementation would fire changes QueryList.changes.subscribe
whenever the QueryList was recomputed. This resulted in an artificially
high number of change notifications, as it is possible that recomputing
QueryList results in the same list. When the QueryList gets recomputed
is an implementation detail, and it should not be the thing that determines
how often change event should fire.

Unfortunately, fixing the behavior outright caused too many existing
applications to fail. For this reason, Angular considers this fix a
breaking fix and has introduced a flag in @ContentChildren and
@ViewChildren, that controls the behavior.

export class QueryCompWithStrictChangeEmitParent {
  @​ContentChildren('foo', {
    // This option is the new default with this change.
    emitDistinctChangesOnly: true,
  })
  foos!: QueryList<any>;
}

For backward compatibility before v12
emitDistinctChangesOnlyDefaultValue was set to false. This change
changes the default to true.

• core: The type of the APP_INITIALIZER token has been changed to more accurately
  reflect the types of return values that are handled by Angular. Previously,
  each initializer callback was typed to return any, this is now
  Promise<unknown> | Observable<unknown> | void. In the unlikely event that
  your application uses the Injector.get or TestBed.inject API to inject
  the APP_INITIALIZER token, you may need to update the code to account for
  the stricter type.

Additionally, TypeScript may report the TS2742 error if the APP_INITIALIZER
token is used in an expression of which its inferred type has to be emitted
into a .d.ts file. To workaround this, an explicit type annotation is needed,
which would typically be Provider or Provider[].

• core: Minimum supported zone.js version is 0.11.4

• forms: The emitEvent option was added to the following FormArray and FormGroup methods:

• FormGroup.addControl

• FormGroup.removeControl

• FormGroup.setControl

• FormArray.push

• FormArray.insert

• FormArray.removeAt

• FormArray.setControl

• FormArray.clear

If your app has custom classes that extend FormArray or FormGroup classes and override the
above-mentioned methods, you may need to update your implementation to take the new options into
account and make sure that overrides are compatible from a types perspective.

• forms: Previously min and max attributes defined on the <input type="number">
  were ignored by Forms module. Now presence of these attributes would
  trigger min/max validation logic (in case formControl, formControlName
  or ngModel directives are also present on a given input) and
  corresponding form control status would reflect that.
• platform-browser: XhrFactory has been moved from @angular/common/http to @angular/common.

Before

import {XhrFactory} from '@​angular/common/http';

After

import {XhrFactory} from '@​angular/common';

• router: Strict null checks will report on fragment potentially being null.
  Migration path: add null check.
• router: The type of the RouterLinkActive.routerLinkActiveOptions input was
  expanded to allow more fine-tuned control. Code that previously read
  this property may need to be updated to account for the new type.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: ngx-socketio2-workspace@0.0.0
npm ERR! Found: zone.js@0.10.3
npm ERR! node_modules/zone.js
npm ERR!   zone.js@"0.10.3" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer zone.js@"~0.11.4" from @angular/core@12.0.0
npm ERR! node_modules/@angular/core
npm ERR!   @angular/core@"12.0.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-09-25T14_41_14_718Z-debug-0.log