chore(deps): Update dependency @angular/core to v10 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@angular/core (source)	^6.0.2 -> ^10.0.0

GitHub Vulnerability Alerts

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

---

Release Notes

angular/angular (@​angular/core)

v10.2.5

Compare Source

v10.2.4

Compare Source

v10.2.3

Compare Source

v10.2.2

Compare Source

v10.2.1

Compare Source

v10.2.0

Compare Source

v10.1.6

Compare Source

v10.1.5

Compare Source

v10.1.4

Compare Source

v10.1.3

Compare Source

v10.1.2

Compare Source

v10.1.1

Compare Source

v10.1.0

Compare Source

v10.0.14

Compare Source

v10.0.13

Compare Source

v10.0.12

Compare Source

v10.0.11

Compare Source

v10.0.10

Compare Source

v10.0.9

Compare Source

v10.0.8

Compare Source

v10.0.7

Compare Source

v10.0.6

Compare Source

v10.0.5

Compare Source

v10.0.4

Compare Source

v10.0.3

Compare Source

v10.0.2

Compare Source

v10.0.1

Compare Source

v10.0.0

Compare Source

v9.1.13

Compare Source

v9.1.12

Compare Source

v9.1.11

Compare Source

v9.1.10

Compare Source

v9.1.9

Compare Source

v9.1.8

Compare Source

v9.1.7

Compare Source

v9.1.6

Compare Source

v9.1.5

Compare Source

v9.1.4

Compare Source

v9.1.3

Compare Source

v9.1.2

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

v9.0.7

Compare Source

v9.0.6

Compare Source

v9.0.5

Compare Source

v9.0.4

Compare Source

v9.0.3

Compare Source

v9.0.2

Compare Source

v9.0.1

Compare Source

v9.0.0

Compare Source

v8.2.14

Compare Source

v8.2.13

Compare Source

v8.2.12

Compare Source

v8.2.11

Compare Source

v8.2.10

Compare Source

v8.2.9

Compare Source

v8.2.8

Compare Source

v8.2.7

Compare Source

v8.2.6

Compare Source

v8.2.5

Compare Source

v8.2.4

Compare Source

v8.2.3

Compare Source

v8.2.2

Compare Source

v8.2.1

Compare Source

v8.2.0

Compare Source

v8.1.3

Compare Source

v8.1.2

Compare Source

v8.1.1

Compare Source

v8.1.0

Compare Source

v8.0.3

Compare Source

v8.0.2

Compare Source

v8.0.1

Compare Source

v8.0.0

Compare Source

v7.2.16

Compare Source

v7.2.15

Compare Source

v7.2.14

Compare Source

v7.2.13

Compare Source

v7.2.12

Compare Source

v7.2.11

Compare Source

v7.2.10

Compare Source

v7.2.9

Compare Source

v7.2.8

Compare Source

v7.2.7

Compare Source

v7.2.6

Compare Source

v7.2.5

Compare Source

v7.2.4

Compare Source

v7.2.3

Compare Source

common

Commit	Type	Description
1a526f2881	perf	AsyncPipe should not call markForCheck on subscription (#​54554)

compiler-cli

Commit	Type	Description
2aefed8763	fix	catch function instance properties in interpolated signal diagnostic (#​54325)
48aec63ee4	fix	identify aliased initializer functions (#​54480)
daf7c611b2	fix	identify aliased initializer functions (#​54609)

core

Commit	Type	Description
57123524a2	fix	collect providers from NgModules while rendering @defer block (#​52881)
79a32816dc	fix	fix typo in injectors.svg file (#​54596)

migrations

Commit	Type	Description
dbe673b027	fix	resolve infinite loop for a single line element with a long tag name and angle bracket on a new line (#​54588)

v7.2.2

Compare Source

common

Commit	Type	Description
d34e3298db	fix	image placeholder not removed in OnPush component (#​54515)

compiler

Commit	Type	Description
6447c0eecc	fix	adding the inert property to the "SCHEMA" array (#​53148)

compiler-cli

Commit	Type	Description
0a3edfb543	fix	correctly detect deferred dependencies across scoped nodes (#​54499)
790f4f7c26	fix	use correct symbol name for default imported symbols in defer blocks (#​54495)

core

Commit	Type	Description
3bd5860c74	fix	properly execute content queries for root components (#​54457)

migrations

Commit	Type	Description
bb57d34110	fix	Fix cf migration regular expression to include underscores (#​54533)

router

Commit	Type	Description
3e31f1a34e	fix	Clear internal transition when navigation finalizes (#​54261)

v7.2.1

Compare Source

v7.2.0

Compare Source

v7.1.4

Compare Source

v7.1.3

Compare Source

compiler-cli

Commit	Type	Description
bc4a6a9715	fix	do not error due to multiple components named equally (#​54273)
a997e08c6f	fix	handle default imports in defer blocks (#​53695)
63a9027720	fix	interpolatedSignalNotInvoked diagnostic for model signals (#​54338)
40e1edc977	fix	properly catch fatal diagnostics in type checking (#​54309)
9f6605d11b	fix	support jumping to definitions of signal-based inputs (#​54233)

core

Commit	Type	Description
7df133dcc2	fix	afterRender hooks should allow updating state (#​54074)
744e20641a	fix	Fix possible infinite loop with markForCheck by partially reverting #​54074 (#​54329)
0fb114274c	fix	update imports to be compatible with rxjs 6 (#​54193)

router

Commit	Type	Description
238f2a8bc9	fix	Clear internal transition when navigation finalizes (#​54261)

v7.1.2

Compare Source

v7.1.1

Compare Source

router

Commit	Type	Description
f222bee8fa	fix	revert commit that replaced last helper with native Array.at(-1) (#​54021)

v7.1.0

Compare Source

compiler

Commit	Type	Description
79ff91a813	fix	allow TS jsDocParsingMode host option to be programmatically set (#​53126)
5613051a8b	fix	allow TS jsDocParsingMode host option to be programmatically set again (#​53292)
df8a825910	fix	project empty block root node (#​53620)
478d622265	fix	project empty block root node in template pipeline (#​53620)

compiler-cli

Commit	Type	Description
abdc7e4578	feat	support type-checking for generic signal inputs (#​53521)
e620b3a724	fix	add compiler option to disable control flow content projection diagnostic (#​53311)
4c1d69e288	fix	add diagnostic for control flow that prevents content projection (#​53190)
76ceebad04	fix	do not throw fatal error if extended type check fails (#​53896)
1a6eaa0fea	fix	input transform in local compilation mode (#​53645)
56a76d73e0	fix	modify getConstructorDependencies helper to work with reflection host after the previous change (#​52215)

core

Commit	Type	Description
863be4b698	feat	expose new input API for signal-based inputs (#​53872)
94096c6ede	feat	support TypeScript 5.3 (#​52572)
69b384c0d1	fix	SignalNode reactive node incorrectly exposing unset field (#​53571)
6f79507ea7	fix	Change defer block fixture default behavior to playthrough (#​53956)
32f908ab70	fix	do not accidentally inherit input transforms when overridden (#​53571)
bdd61c768a	fix	replace assertion with more intentional error (#​52234)
0daca457bb	fix	TestBed should still use the microtask queue to schedule effects (#​53843)

router

Commit	Type	Description
5c1d441029	feat	Add info property to NavigationExtras (#​53303)
50d7916278	feat	Add router configuration to resolve navigation promise on error (#​48910)
a5a9b408e2	feat	Add transient info to RouterLink input (#​53784)
726530a9af	feat	Allow onSameUrlNavigation: 'ignore' in navigateByUrl (#​52265)

v7.0.4

Compare Source

common

Commit	Type	Description
7f1c55755d	fix	remove load on image once it fails to load (#​52990)
fafcb0d23f	fix	scan images once page is loaded (#​52991)

compiler

Commit	Type	Description
98376f2c09	fix	changed after checked error in for loops (#​52935)
291deac663	fix	generate i18n instructions for blocks (#​52958)
49dca36880	fix	nested for loops incorrectly calculating computed variables (#​52931)
f01b7183d2	fix	produce placeholder for blocks in i18n bundles (#​52958)

compiler-cli

Commit	Type	Description
f671f86ac2	fix	add diagnostic for control flow that prevents content projection (#​52726)

core

Commit	Type	Description
db1a8ebdb4	fix	cleanup loading promise when no dependencies are defined (#​53031)
31a1575334	fix	handle local refs when getDeferBlocks is invoked in tests (#​52973)

migrations

Commit	Type	Description
ac9cd6108f	fix	control flow migration fails for async pipe with unboxing of observable (#​52756) (#​52972)
13bf5b7007	fix	Fixes control flow migration if then else case (#​53006)
492ad4698a	fix	fixes migrations of nested switches in control flow (#​53010)
0fad36eff2	fix	tweaks to formatting in control flow migration (#​53058)

v7.0.3

Compare Source

animations

Commit	Type	Description
f5872c9921	fix	prevent the AsyncAnimationRenderer from calling the delegate when there is no element. (#​52570)

core

Commit	Type	Description
6a1d4ed667	fix	handle non-container environment injector cases (#​52774)
5de7575be8	fix	reset cached scope for components that were overridden using TestBed (#​52916)

http

Commit	Type	Description
7c066a4af4	fix	Use the response content-type to set the blob type. (#​52840)

migrations

Commit	Type	Description
4e200bf13b	fix	Add missing support for ngForOf (#​52903)
d033540d0f	fix	Add support for bound versions of NgIfElse and NgIfThenElse (#​52869)
aa2d815648	fix	Add support for removing imports post migration (#​52763)
3831942771	fix	Fixes issue with multiple if elses with same template (#​52863)
e1f84a31dc	fix	passed in paths will be respected in nx workspaces (#​52796)

v7.0.2

Compare Source

compiler-cli

Commit	Type	Description
7a95cccf50	fix	add interpolatedSignalNotInvoked to diagnostics (#​52687)
a548c0333e	fix	incorrect inferred type of for loop implicit variables (#​52732)

core

Commit	Type	Description
2cea80c6e2	fix	error code in image performance warning (#​52727)
b16fc2610a	fix	limit rate of markers invocations (#​52742)
44c48a4835	fix	properly update collection with repeated keys in @for (#​52697)

v7.0.1

Compare Source

http

Commit	Type	Description
5c6f3f8ec0	fix	Don't override the backend when using the InMemoryWebAPI (#​52425)

migrations

Commit	Type	Description
70d30c28e0	fix	Add support for ng-templates with i18n attributes (#​52597)
4f125c5f9a	fix	Switches to multiple passes to fix several reported bugs (#​52592)

Web Frameworks: the internet frontier.

These are the voyages of the framework Angular.

Its continuing mission:

To explore strange, new technologies.

To seek out new users and new applications.

To boldly go where no web framework has gone before.

In honor of v17.0.1

                                                  ______
                                     ___.--------'------`---------.____
                               _.---'----------------------------------`---.__
                             .'___=]===========================================
,-----------------------..__/.'         >--.______        _______.---'
]====================<==||(__)        .'          `------'
`-----------------------`' ----.___--/
     /       /---'                 `/
    /_______(______________________/
    `-------------.--------------.'
                   \________|_.-'

Live long and prosper 🖖🏻

v7.0.0

Compare Source

Blog post "Angular v17 is now available".

Breaking Changes

• Node.js v16 support has been removed and the minimum support version has been bumped to 18.13.0.

  Node.js v16 is planned to be End-of-Life on 2023-09-11. Angular will stop supporting Node.js v16 in Angular v17. For Node.js release schedule details, please see: https://github.com/nodejs/release#release-schedule

common

• the NgSwitch directive now defaults to the === equality operator,
  migrating from the previously used == operator. NgSwitch expressions and / or
  individual condition values need adjusting to this stricter equality
  check. The added warning message should help pin-pointing NgSwitch
  usages where adjustments are needed.

core

• Angular now requires zone.js version ~0.14.0

• Versions of TypeScript older than 5.2 are no longer supported.

• The mutate method was removed from the WritableSignal interface and completely
  dropped from the public API surface. As an alternative, please use the update method and
  make immutable changes to the object.

  Example before:

  items.mutate(itemsArray => itemsArray.push(newItem));

  Example after:

  items.update(itemsArray => [itemsArray, …newItem]);

• The mutate method was removed from the WritableSignal interface and completely
  dropped from the public API surface. As an alternative please use the update method and
  make immutable changes to the object.

  Example before:

  items.mutate(itemsArray => itemsArray.push(newItem));

  Example after:

  items.update(itemsArray => [itemsArray, …newItem]);

• OnPush components that are created dynamically now
  only have their host bindings refreshed and ngDoCheck run during change
  detection if they are dirty.
  Previously, a bug in the change detection would result in the OnPush
  configuration of dynamically created components to be ignored when
  executing host bindings and the ngDoCheck function. This is
  rarely encountered but can happen if code has a handle on the
  ComponentRef instance and updates values read in the OnPush
  component template without then calling either markForCheck or
  detectChanges on that component's ChangeDetectorRef.

platform-browser

• REMOVE_STYLES_ON_COMPONENT_DESTROY default value is now true. This causes CSS of components to be removed from the DOM when destroyed. You retain the previous behaviour by providing the REMOVE_STYLES_ON_COMPONENT_DESTROY injection token.

  import {REMOVE_STYLES_ON_COMPONENT_DESTROY} from '@​angular/platform-browser';
  ...
  providers: [{
    provide: REMOVE_STYLES_ON_COMPONENT_DESTROY,
    useValue: false,
  }]

• The withNoDomReuse() function was removed from the public API. If you need to disable hydration, you can exclude the provideClientHydration() call from provider list in your application (which would disable hydration features for the entire application) or use ngSkipHydration attribute to disable hydration for particular components. See this guide for additional information: https://angular.io/guide/hydration#how-to-skip-hydration-for-particular-components.

router

• Absolute redirects no longer prevent further redirects.
  Route configurations may need to be adjusted to prevent infinite
  redirects where additional redirects were previously ignored after an
  absolute redirect occurred.

• Routes with loadComponent would incorrectly cause
  child routes to inherit their data by default. The default
  paramsInheritanceStrategy is emptyOnly. If parent data should be
  inherited in child routes, this should be manually set to always.

• urlHandlingStrategy has been removed from the Router public API.
  This should instead be configured through the provideRouter or RouterModule.forRoot APIs.

• The following Router properties have been removed from
  the public API:

  • canceledNavigationResolution
  • paramsInheritanceStrategy
  • titleStrategy
  • urlUpdateStrategy
  • malformedUriErrorHandler

  These should instead be configured through the provideRouter or
  RouterModule.forRoot APIs.

• The setupTestingRouter function has been removed. Use
  RouterModule.forRoot or provideRouter to setup the Router for
  tests instead.

• malformedUriErrorHandler is no longer available in
  the RouterModule.forRoot options. URL parsing errors should instead be
  handled in the UrlSerializer.parse method.

zone.js

• Deep and legacy dist/ imports like zone.js/bundles/zone-testing.js and zone.js/dist/zone are no longer allowed. zone-testing-bundle and zone-testing-node-bundle are also no longer part of the package.

  The proper way to import zone.js and zone.js/testing is:

  import 'zone.js';
  import 'zone.js/testing';

Deprecations

animations

• The AnimationDriver.NOOP symbol is deprecated, use NoopAnimationDriver instead.

core

• ChangeDetectorRef.checkNoChanges is deprecated.

  Test code should use ComponentFixture instead of ChangeDetectorRef.
  Application code should not call ChangeDetectorRef.checkNoChanges directly.

• Swapping out the context object for EmbeddedViewRef
  is no longer supported. Support for this was introduced with v12.0.0, but
  this pattern is rarely used. There is no replacement, but you can use
  simple assignments in most cases, or Object.assign , or alternatively
  still replace the full object by using a Proxy (see NgTemplateOutlet
  as an example).

  Also adds a warning if the deprecated

• NgProbeToken

  The NgProbeToken is not used internally since the transition from View Engine to Ivy. The token has no utility and can be removed from applications and libraries.

Commit	Type	Description
59aa0634f4	build	remove support for Node.js v16 (#​51755)

animations

Commit	Type	Description
e753278faa	feat	Add the possibility of lazy loading animations code. (#​50738)
698c058e1c	fix	remove code duplication between entry-points (#​51500)
0598613950	refactor	deprecation of AnimationDriver.NOOP (#​51843)

benchpress

Commit	Type	Description
2da3551a70	feat	report gc and render time spent in script (#​50771)

common

Commit	Type	Description
fe2fd7e1a8	feat	make the warning for lazy-loaded lcp image an error (#​51748)
dde3fdabbd	feat	upgrade warning to logged error for lazy-loaded LCP images using NgOptimizedImage (#​52004)
da056a1fe2	fix	add missing types field for @​angular/common/locales of exports in package.json (#​52080)
85843e8212	fix	allow to specify only some properties of DatePipeConfig (#​51287)
3bd85fb7b0	fix	apply fixed_srcset_width value only to fixed srcsets (#​52459)
65b460448e	fix	missing space in ngSwitch equality warning (#​52180)
86c5e34601	fix	remove code duplication between entry-points (#​51500)
28a5925f53	fix	use === operator to match NgSwitch cases (#​51504)

compiler

Commit	Type	Description
1934524a0c	feat	add docs extraction for type aliases (#​52118)
7f6d9a73ab	feat	expand class api doc extraction (#​51733)
a7fa25306f	feat	extract api docs for interfaces (#​52006)
7bfe20707f	feat	extract api for fn overloads and abtract classes (#​52040)
c7daf7ea16	feat	extract directive docs info (#​51733)
e0b1bb33d7	feat	extract doc info for JsDoc (#​51733)
b9c70158ab	feat	extract docs for accessors, rest params, and types (#​51733)
a24ae994a0	feat	extract docs for top level functions and consts (#​51733)
2e41488296	feat	extract docs info for enums, pipes, and NgModules (#​51733)
34495b3533	feat	extract docs via exports (#​51828)
7e82df45c5	feat	initial skeleton for API doc extraction (#​51733)
6795cccbbb	fix	account for type-only imports in defer blocks (#​52343)
23bfa10ac8	fix	add diagnostic for inaccessible deferred trigger (#​51922)
31295a3cf9	fix	allocating unnecessary slots in conditional instruction (#​51913)
2aaddd3f64	fix	allow comments between switch cases (#​52449)
ddd9df68bb	fix	allow decimals in defer block time values (#​52433)
7dbd47fb30	fix	allow newlines in track and let expressions (#​52137)
0eae992c4e	fix	allow nullable values in for loop block (#​51997)
073ebfe09e	fix	apply style on :host attributes in prod builds. (#​49118)
81a287a79a	fix	avoid error in template parser for tag names that can occur in object prototype (#​52225)
6c58252521	fix	compilation error when for loop block expression contains new line (#​52447)
9d19c8e317	fix	don't allocate variable to for loop expression (#​52158)
9acd2ac98b	fix	enable block syntax in the linker (#​51979)
1d871c03a5	fix	forward referenced dependencies not identified as deferrable (#​52017)
16ff08ec70	fix	narrow the type of expressions in event listeners inside if blocks (#​52069)
ac0d5dcfd6	fix	narrow the type of expressions in event listeners inside switch blocks (#​52069)
02edb43067	fix	narrow the type of the aliased if block expression (#​51952)
83067b3ef2	fix	ng-template directive invoke twice at the root of control flow (#​52515)
17078a3fe1	fix	pipes used inside defer triggers not being picked up (#​52071)
861ce3a7c5	fix	pipes using DI not working in blocks (#​52112)
1f5039bbd6	fix	project control flow root elements into correct slot (#​52414)
81c315ec6e	fix	template type checking not reporting diagnostics for incompatible type comparisons (#​52322)
1beef49d80	fix	update the minVersion if component uses block syntax (#​51979)
386e1e9500	fix	work around TypeScript bug when narrowing switch statements (#​52110)
e5bca43224	perf	further reduce bundle size using arrow functions (#​52010)

compiler-cli

Commit	Type	Description
5b66330329	fix	allow non-array imports for standalone component in local compilation mode (#​51819)
377a7abfda	fix	bypass static resolving of the component's changeDetection field in local compilation mode (#​51848)
19c3dc18d3	fix	fix NgModule injector def in local compilation mode when imports/exports are non-array expressions (#​51819)
11bb19cafc	fix	handle nested qualified names in ctor injection in local compilation mode (#​51947)
f91f222b55	fix	resolve component encapsulation enum in local compilation mode (#​51848)

core

Commit	Type	Description
59b6ec6be8	docs	Deprecate ChangeDetectorRef.checkNoChanges (#​52431)
4f04d1cdab	feat	add new list reconcilation algorithm (#​51980)
c7127b98b5	feat	add schematic to escape block syntax characters (#​51905)
50275e58b8	feat	Add schematic to migrate control flow syntax (#​52035)
81b67aa987	feat	add support for zone.js 0.14.0 (#​51774)
048f400efc	feat	add warnings for oversized images and lazy-lcp (#​51846)
93675dc797	feat	conditional built-in control flow (#​51346)
4427e1ebc2	feat	create function to assert not running inside reactive context (#​52049)
e23aaa7d75	feat	drop support for older TypeScript versions (#​51792)
43e6fb0606	feat	enable block syntax ([#​51994](https://togith

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: ng-events@0.0.0
npm ERR! Found: zone.js@0.8.29
npm ERR! node_modules/zone.js
npm ERR!   zone.js@"^0.8.26" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer zone.js@"~0.10.3" from @angular/core@10.2.5
npm ERR! node_modules/@angular/core
npm ERR!   @angular/core@"^10.0.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/worker/4a5c40/6d7bd1/cache/others/npm/_logs/2023-10-11T05_04_43_864Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/worker/4a5c40/6d7bd1/cache/others/npm/_logs/2023-10-11T05_04_43_864Z-debug-0.log