build: update cross-repo angular dependencies (21.2.x)#32966
Open
angular-robot wants to merge 1 commit intoangular:21.2.xfrom
Open
build: update cross-repo angular dependencies (21.2.x)#32966angular-robot wants to merge 1 commit intoangular:21.2.xfrom
angular-robot wants to merge 1 commit intoangular:21.2.xfrom
Conversation
angular-robot
added
action: merge
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates various Angular dependencies from version 21.2.7 to 21.2.8 across the project and updates the pnpm lockfile accordingly. Additionally, a deprecation note was added to the basic-ftp package in the lockfile. I have identified a high-severity issue: the basic-ftp package should be upgraded to version 5.2.1 to address the security vulnerability, rather than simply documenting the deprecation.
| basic-ftp@5.2.0: | ||
| resolution: {integrity: sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==} | ||
| engines: {node: '>=10.0.0'} | ||
| deprecated: Security vulnerability fixed in 5.2.1, please upgrade |
There was a problem hiding this comment.
The deprecation message for basic-ftp@5.2.0 is helpful, but it is better to upgrade the dependency to 5.2.1 to resolve the security vulnerability rather than just noting it in the lockfile.
angular-robot
force-pushed
the
ng-renovate/21.2.x-cross-repo-angular-dependencies
branch
from
4aa7144 to
b573c64
Compare
angular-robot
changed the title
See associated pull request for more information.
angular-robot
force-pushed
the
ng-renovate/21.2.x-cross-repo-angular-dependencies
branch
from
b573c64 to
06d2631
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
21.2.7→21.2.821.2.5→21.2.621.2.7→21.2.821.2.7→21.2.821.2.7→21.2.821.2.7→21.2.821.2.7→21.2.821.2.7→21.2.821.2.5→21.2.61c95e84→51c559e21.2.7→21.2.821.2.7→21.2.821.2.7→21.2.821.2.7→21.2.8ba726e7→30bd8306c36180→346e8fe🔡 If you wish to disable git hash updates, add
":disableDigestUpdates"to the extends array in your config.Release Notes
angular/angular (@angular/animations)
v21.2.8Compare Source
compiler
compiler-cli
core
language-service
angular/components (@angular/cdk)
v21.2.6Compare Source
material