AngularJS 1.7.9 Security Update

*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects angular** > In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. > > Affected versions: ["< 1.7.9"] This is similar to pull request #1229 but needed a manual patch since this is part of the deprecated bower dependency management.
opencast · Nov 25, 2019 · 42d26e4 · 42d26e4
1 parent f877dda
commit 42d26e4
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/modules/admin-ui/bower.json b/modules/admin-ui/bower.json
@@ -5,7 +5,7 @@
     "jquery": "3.4.1",
     "jquery-ui": "1.12.1",
     "jqueryui-timepicker-addon": "1.6.3",
-    "angular": "1.7.8",
+    "angular": "1.7.9",
     "angular-route": "1.7.8",
     "angular-resource": "1.7.8",
     "angular-animate": "1.7.8",
@@ -28,5 +28,8 @@
     }
   },
   "appPath": "src/main/webapp",
-  "moduleName": "adminNg"
+  "moduleName": "adminNg",
+  "resolutions": {
+    "angular": "1.7.9"
+  }
 }