npm - @brickhouse-tech/angular-lts - Versions diffs - 1.8.4-0 → 1.9.0-pre.0 - Mend

@brickhouse-tech/angular-lts 1.8.4-0 → 1.9.0-pre.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -1,109 +1,81 @@
-AngularJS [![CircleCI](https://circleci.com/gh/angular/angular.js/tree/master.svg?style=shield)](https://circleci.com/gh/angular/workflows/angular.js/tree/master)
-=========
-AngularJS lets you write client-side web applications as if you had a smarter browser.  It lets you
-use good old HTML (or HAML, Jade/Pug and friends!) as your template language and lets you extend HTML’s
-syntax to express your application’s components clearly and succinctly.  It automatically
-synchronizes data from your UI (view) with your JavaScript objects (model) through 2-way data
-binding. To help you structure your application better and make it easy to test, AngularJS teaches
-the browser how to do dependency injection and inversion of control.
-It also helps with server-side communication, taming async callbacks with promises and deferred objects,
-and it makes client-side navigation and deep linking with hashbang urls or HTML5 pushState a
-piece of cake. Best of all? It makes development fun!
---------------------
-**AngularJS support has officially ended as of January 2022.
-[See what ending support means](https://docs.angularjs.org/misc/version-support-status)
-and [read the end of life announcement](https://goo.gle/angularjs-end-of-life).**
-**Visit [angular.io](https://angular.io) for the actively supported Angular.**
---------------------
-* Web site: https://angularjs.org
-* Tutorial: https://docs.angularjs.org/tutorial
-* API Docs: https://docs.angularjs.org/api
-* Developer Guide: https://docs.angularjs.org/guide
-* Contribution guidelines: [CONTRIBUTING.md](CONTRIBUTING.md)
-* Core Development: [DEVELOPERS.md](DEVELOPERS.md)
-* Dashboard: https://dashboard.angularjs.org
-Documentation
---------------------
-Go to https://docs.angularjs.org
-Contribute
---------------------
-We've set up a separate document for our
-[contribution guidelines](https://github.com/angular/angular.js/blob/master/CONTRIBUTING.md).
-Develop
---------------------
-We've set up a separate document for
-[developers](https://github.com/angular/angular.js/blob/master/DEVELOPERS.md).
-[![Analytics](https://ga-beacon.appspot.com/UA-8594346-11/angular.js/README.md?pixel)](https://github.com/igrigorik/ga-beacon)
-What to use AngularJS for and when to use it
----------
-AngularJS is the next generation framework where each component is designed to work with every other
-component in an interconnected way like a well-oiled machine. AngularJS is JavaScript MVC made easy
-and done right. (Well it is not really MVC, read on, to understand what this means.)
-#### MVC, no, MV* done the right way!
-[MVC](https://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller), short for
-Model-View-Controller, is a design pattern, i.e. how the code should be organized and how the
-different parts of an application separated for proper readability and debugging. Model is the data
-and the database. View is the user interface and what the user sees. Controller is the main link
-between Model and View. These are the three pillars of major programming frameworks present on the
-market today. On the other hand AngularJS works on MV*, short for Model-View-_Whatever_. The
-_Whatever_ is AngularJS's way of telling that you may create any kind of linking between the Model
-and the View here.
-Unlike other frameworks in any programming language, where MVC, the three separate components, each
-one has to be written and then connected by the programmer, AngularJS helps the programmer by asking
-him/her to just create these and everything else will be taken care of by AngularJS.
-#### Interconnection with HTML at the root level
-AngularJS uses HTML to define the user's interface. AngularJS also enables the programmer to write
-new HTML tags (AngularJS Directives) and increase the readability and understandability of the HTML
-code. Directives are AngularJS’s way of bringing additional functionality to HTML. Directives
-achieve this by enabling us to invent our own HTML elements. This also helps in making the code DRY
-(Don't Repeat Yourself), which means once created, a new directive can be used anywhere within the
-application.
-HTML is also used to determine the wiring of the app. Special attributes in the HTML determine where
-to load the app, which components or controllers to use for each element, etc. We specify "what"
-gets loaded, but not "how". This declarative approach greatly simplifies app development in a sort
-of WYSIWYG way. Rather than spending time on how the program flows and orchestrating the various
-moving parts, we simply define what we want and AngularJS will take care of the dependencies.
-#### Data Handling made simple
-Data and Data Models in AngularJS are plain JavaScript objects and one can add and change properties
-directly on it and loop over objects and arrays at will.
-#### Two-way Data Binding
-One of AngularJS's strongest features. Two-way Data Binding means that if something changes in the
-Model, the change gets reflected in the View instantaneously, and the same happens the other way
-around. This is also referred to as Reactive Programming, i.e. suppose `a = b + c` is being
-programmed and after this, if the value of `b` and/or `c` is changed then the value of `a` will be
-automatically updated to reflect the change. AngularJS uses its "scopes" as a glue between the Model
-and View and makes these updates in one available for the other.
-#### Less Written Code and Easily Maintainable Code
-Everything in AngularJS is created to enable the programmer to end up writing less code that is
-easily maintainable and readable by any other new person on the team. Believe it or not, one can
-write a complete working two-way data binded application in less than 10 lines of code. Try and see
-for yourself!
-#### Testing Ready
-AngularJS has Dependency Injection, i.e. it takes care of providing all the necessary dependencies
-to its controllers and services whenever required. This helps in making the AngularJS code ready for
-unit testing by making use of mock dependencies created and injected. This makes AngularJS more
-modular and easily testable thus in turn helping a team create more robust applications.
+AngularJS LTS — Community Security Patches
+===========================================
+> **This is a community-maintained fork of AngularJS 1.x** providing security patches for known CVEs.
+> The original AngularJS project reached End-of-Life in January 2022 and no longer receives updates.
+## Why This Fork?
+AngularJS still has **~2 million monthly npm downloads**. Thousands of enterprise applications depend on it.
+The only alternative for security patches was expensive commercial support ($15K–$50K+/year).
+This fork provides **free, open-source security patches** as a drop-in replacement.
+## What's Included
+- ✅ **8 CVE/vulnerability fixes** (2 HIGH, 6 MEDIUM) — see table below
+- ✅ **Drop-in replacement** — same API, same behavior, just patched
+- ✅ **CI via GitHub Actions** — tested on Node 20
+- ✅ **OIDC npm publishing** with provenance
+- ✅ **MIT licensed** — same as upstream
+## Security Patches
+| CVE / Snyk ID | Severity | Type | Status |
+|---|---|---|---|
+| SNYK-JS-ANGULAR-6091113 | **HIGH** | ReDoS in `ng-srcset` directive | ✅ Fixed |
+| CVE-2022-25844 | **HIGH** | ReDoS in `angular.copy` | ✅ Fixed |
+| SNYK-JS-ANGULAR-9919773 | Medium | SVG `<image>` href sanitization bypass | ✅ Fixed |
+| SNYK-JS-ANGULAR-7924843 | Medium | `srcset` allowlist bypass | ✅ Fixed |
+| SNYK-JS-ANGULAR-7924842 | Medium | `<source>` srcset not sanitized | ✅ Fixed |
+| SNYK-JS-ANGULAR-3373046 / CVE-2020-7212 | Medium | ReDoS in URL input validation | ✅ Fixed |
+| SNYK-JS-ANGULAR-3373045 | Medium | ReDoS in `$resource` service | ✅ Fixed |
+| CVE-2020-7676 | Medium | Prototype pollution via `merge`/`copy` | ✅ Fixed |
+| SNYK-JS-ANGULAR-2949781 | Medium | XSS via `<textarea>` (IE-specific) | 🔄 Planned |
+| SNYK-JS-ANGULAR-2772735 | Medium | ReDoS in locale number formatting | 🔄 Planned |
+| CVE-2022-25869 | Medium | `$sanitize` bypass via `<style>` (IE/Edge) | 🔄 Planned |
+## Installation
+```bash
+npm install @brickhouse-tech/angular-lts
+```
+Drop-in replacement for `angular@1.8.3`. Same API, same behavior.
+## Migration from `angular`
+```diff
+- "angular": "1.8.3"
++ "@brickhouse-tech/angular-lts": "^1.8.4"
+```
+No code changes required.
+## Sponsorship
+This project is maintained by [Brickhouse Tech](https://github.com/brickhouse-tech).
+If your organization depends on AngularJS, consider sponsoring to ensure continued maintenance.
+[![Sponsor](https://img.shields.io/badge/sponsor-brickhouse--tech-blue?logo=github)](https://github.com/sponsors/brickhouse-tech)
+| Tier | Price | Benefits |
+|------|-------|----------|
+| Community | Free | Open source patches, npm package |
+| Supporter | $50/mo | Logo on README, priority issues |
+| Professional | $500/mo | 48h SLA, private Slack, migration guidance |
+| Enterprise | $5,000/mo | 4h SLA, custom patches, compliance docs |
+## Versioning
+This fork follows the upstream `1.8.x` line. Security patches are published as `1.8.4+` releases.
+Prerelease versions use the format `1.8.4-N`.
+## License
+MIT — same as the original AngularJS project. See [LICENSE](LICENSE).
+## Links
+- **npm**: [@brickhouse-tech/angular-lts](https://www.npmjs.com/package/@brickhouse-tech/angular-lts)
+- **Original project**: [angular/angular.js](https://github.com/angular/angular.js) (archived)
+- **HeroDevs NES** (commercial alternative): [herodevs.com](https://www.herodevs.com/support/angularjs-nes)

package/index.js CHANGED Viewed

@@ -1,2 +1,3 @@
+'use strict';
 require('./angular');
-module.exports = angular;
+module.exports = angular; // eslint-disable-line no-undef

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@brickhouse-tech/angular-lts",
-  "version": "1.8.4-0",
+  "version": "1.9.0-pre.0",
   "license": "MIT",
   "branchVersion": "^1.8.0",
   "branchPattern": "1.8.*",
@@ -10,7 +10,7 @@
     "url": "https://github.com/brickhouse-tech/angular.js.git"
   },
   "engines": {
-    "node": ">=12.14.1"
+    "node": ">=20"
   },
   "main": "index.js",
   "files": [
@@ -24,9 +24,10 @@
     "README.md"
   ],
   "scripts": {
-    "build": "yarn install --frozen-lockfile --non-interactive && yarn grunt package && cp build/angular.js build/angular.min.js build/angular.min.js.map . 2>/dev/null || true",
+    "build": "npx grunt package && cp build/angular.js build/angular.min.js build/angular.min.js.map . 2>/dev/null || true",
     "prepublishOnly": "echo 'Run npm run build first if dist files are missing'",
-    "commit": "git-cz",
+    "lint": "npx grunt eslint",
+    "test": "npx grunt test:promises-aplus",
     "test-i18n": "jasmine-node i18n/spec",
     "test-i18n-ucd": "jasmine-node i18n/ucd/spec"
   },
@@ -34,20 +35,13 @@
     "angular-benchpress": "0.x.x",
     "benchmark": "1.x.x",
     "bootstrap": "3.1.1",
-    "browserstacktunnel-wrapper": "2.0.4",
     "canonical-path": "0.0.2",
-    "changez": "^2.1.1",
-    "changez-angular": "^2.1.2",
     "cheerio": "^0.17.0",
-    "commitizen": "^4.2.4",
-    "commitplease": "^2.7.10",
     "cross-spawn": "^4.0.0",
-    "cz-conventional-changelog": "1.1.4",
     "dgeni": "^0.4.9",
     "dgeni-packages": "^0.26.5",
     "eslint-plugin-promise": "^3.6.0",
     "event-stream": "~3.1.0",
-    "firebase-tools": "^9.3.0",
     "glob": "^6.0.1",
     "google-code-prettify": "1.0.1",
     "grunt": "^1.4.1",
@@ -76,15 +70,10 @@
     "jquery-2.1": "npm:jquery@2.1.4",
     "jquery-2.2": "npm:jquery@2.2.4",
     "karma": "4.4.1",
-    "karma-browserstack-launcher": "1.5.1",
     "karma-chrome-launcher": "3.1.0",
-    "karma-edge-launcher": "0.4.2",
     "karma-firefox-launcher": "1.2.0",
-    "karma-ie-launcher": "1.0.0",
     "karma-jasmine": "^1.1.2",
     "karma-junit-reporter": "2.0.1",
-    "karma-safari-launcher": "1.0.0",
-    "karma-sauce-launcher": "2.0.2",
     "karma-script-launcher": "1.0.0",
     "karma-spec-reporter": "0.0.32",
     "load-grunt-tasks": "^3.5.0",
@@ -96,14 +85,11 @@
     "npm-run": "^4.1.0",
     "open-sans-fontface": "^1.4.0",
     "promises-aplus-tests": "~2.1.0",
-    "protractor": "^7.0.0",
     "q": "~1.0.0",
     "q-io": "^1.10.9",
     "qq": "^0.3.5",
     "rewire": "~2.1.0",
-    "sauce-connect": "https://saucelabs.com/downloads/sc-4.6.2-linux.tar.gz",
     "sax": "^1.1.1",
-    "selenium-webdriver": "^4.0.0-alpha.1",
     "semver": "^5.4.1",
     "serve-favicon": "^2.3.0",
     "serve-index": "^1.8.0",
@@ -113,20 +99,8 @@
     "stringmap": "^0.2.2"
   },
   "dependencies": {},
-  "resolutions": {
-    "//1": "`natives@1.1.0` does not work with Node.js 10.x on Windows 10",
-    "//2": "(E.g. see https://github.com/gulpjs/gulp/issues/2162 and https://github.com/nodejs/node/issues/25132.)",
+  "overrides": {
     "natives": "1.1.6",
-    "//3": "`graceful-fs` needs to be pinned to support gulp 3, on Node v12+",
     "graceful-fs": "^4.2.3"
-  },
-  "commitplease": {
-    "style": "angular",
-    "nohook": true
-  },
-  "config": {
-    "commitizen": {
-      "path": "node_modules/cz-conventional-changelog"
-    }
   }
 }