Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Minor XSS issue resolved by angularjs upgrade from 1.6.6 -> 1.6.9 #19849

Merged
merged 2 commits into from Oct 17, 2019
Merged

Security: Minor XSS issue resolved by angularjs upgrade from 1.6.6 -> 1.6.9 #19849

merged 2 commits into from Oct 17, 2019

Conversation

peterholmberg
Copy link
Contributor

What this PR does / why we need it:
There are some known security issues in angularjs <1.6.9, bumping version to not be vulnerable to these.

Which issue(s) this PR fixes:
Fixes #17133

Special notes for your reviewer:
Angularjs changelog

https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02

@peterholmberg peterholmberg changed the title bumping angular from 1.6.6 -> 1.6.9 Chore: Bump Angularjs 1.6.6 -> 1.6.9 Oct 16, 2019
@peterholmberg peterholmberg added this to the 6.5 milestone Oct 16, 2019
marefr
marefr reviewed Oct 16, 2019
View reviewed changes
Copy link
Member

@marefr marefr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Someone other than me should probably review this. I verified rendering using PhantomJS still works since I saw a change in yarn.lock referring to caniuse-db which we've historically had issues with 👍

torkelo
torkelo approved these changes Oct 17, 2019
View reviewed changes
Copy link
Member

@torkelo torkelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works great!

@torkelo torkelo merged commit cf7bc39 into master Oct 17, 2019
Frontend Platform Backlog automation moved this from In Review to Done Oct 17, 2019
@torkelo torkelo deleted the bump-angular-version branch October 17, 2019 11:27
@torkelo torkelo changed the title Chore: Bump Angularjs 1.6.6 -> 1.6.9 Security: Minor XSS issue resolved by angularjs upgrade from 1.6.6 -> 1.6.9 Oct 17, 2019
@torkelo torkelo mentioned this pull request Nov 5, 2019
Closed
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marefr marefr marefr left review comments

@torkelo torkelo torkelo approved these changes

Assignees
No one assigned
Labels
add to changelog
Projects
None yet
Milestone
6.5.0-beta1
Development

Successfully merging this pull request may close these issues.

Angularjs 1.5.0 -1.6.9 security issue
3 participants
@peterholmberg @torkelo @marefr