@brickhouse-tech/angular-lts 1.9.0 → 1.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/angular.js +36634 -0
- package/angular.min.js +6 -0
- package/angular.min.js.map +1 -0
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -12,7 +12,7 @@ This fork provides **free, open-source security patches** as a drop-in replaceme
|
|
|
12
12
|
|
|
13
13
|
## What's Included
|
|
14
14
|
|
|
15
|
-
- ✅ **
|
|
15
|
+
- ✅ **11 CVE/vulnerability fixes** (2 HIGH, 9 MEDIUM) — see table below
|
|
16
16
|
- ✅ **Drop-in replacement** — same API, same behavior, just patched
|
|
17
17
|
- ✅ **CI via GitHub Actions** — tested on Node 20
|
|
18
18
|
- ✅ **OIDC npm publishing** with provenance
|
|
@@ -30,9 +30,9 @@ This fork provides **free, open-source security patches** as a drop-in replaceme
|
|
|
30
30
|
| SNYK-JS-ANGULAR-3373046 / CVE-2020-7212 | Medium | ReDoS in URL input validation | ✅ Fixed |
|
|
31
31
|
| SNYK-JS-ANGULAR-3373045 | Medium | ReDoS in `$resource` service | ✅ Fixed |
|
|
32
32
|
| CVE-2020-7676 | Medium | Prototype pollution via `merge`/`copy` | ✅ Fixed |
|
|
33
|
-
| SNYK-JS-ANGULAR-2949781 | Medium | XSS via `<textarea>` (IE-specific) |
|
|
34
|
-
| SNYK-JS-ANGULAR-2772735 | Medium | ReDoS in
|
|
35
|
-
| CVE-2022-25869 | Medium | `$sanitize` bypass via `<style>` (IE/Edge) |
|
|
33
|
+
| SNYK-JS-ANGULAR-2949781 | Medium | XSS via `<textarea>` (IE-specific) | ✅ Fixed |
|
|
34
|
+
| SNYK-JS-ANGULAR-2772735 | Medium | ReDoS in date format regex | ✅ Fixed |
|
|
35
|
+
| CVE-2022-25869 | Medium | `$sanitize` bypass via `<style>` (IE/Edge) | ✅ Fixed |
|
|
36
36
|
|
|
37
37
|
## Installation
|
|
38
38
|
|