dependencies: Update all non-major and non-minor dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
node		patch	12.22.1 -> 12.22.3
		lockFileMaintenance	->
@angular-devkit/build-angular	devDependencies	patch	12.1.0 -> 12.1.1
@angular-eslint/builder	devDependencies	pin	^12.0.0 -> 12.2.0
@angular-eslint/eslint-plugin	devDependencies	pin	^12.0.0 -> 12.2.0
@angular-eslint/eslint-plugin-template	devDependencies	pin	^12.0.0 -> 12.2.0
@angular-eslint/template-parser	devDependencies	pin	^12.0.0 -> 12.2.0
@angular/cli	devDependencies	patch	12.1.0 -> 12.1.1
@types/jasmine	devDependencies	patch	3.7.7 -> 3.7.8
@types/jasminewd2	devDependencies	patch	2.0.9 -> 2.0.10
@types/node	devDependencies	patch	14.17.3 -> 14.17.5
@types/qrcode	devDependencies	patch	1.4.0 -> 1.4.1
@typescript-eslint/eslint-plugin	devDependencies	patch	4.28.1 -> 4.28.2
@typescript-eslint/parser	devDependencies	patch	4.28.1 -> 4.28.2
ajv (source)	dependencies	patch	8.6.0 -> 8.6.1
assert	dependencies	pin	^2.0.0 -> 2.0.0
buffer	dependencies	pin	^6.0.3 -> 6.0.3
core-js	dependencies	patch	3.15.1 -> 3.15.2
crypto-browserify	dependencies	pin	^3.12.0 -> 3.12.0
eslint (source)	devDependencies	pin	^7.26.0 -> 7.29.0
https-browserify	dependencies	pin	^1.0.0 -> 1.0.0
os-browserify	dependencies	pin	^0.3.0 -> 0.3.0
prettier (source)	devDependencies	patch	2.3.1 -> 2.3.2
process	dependencies	pin	^0.11.10 -> 0.11.10
sass	devDependencies	patch	1.35.1 -> 1.35.2
stream-browserify	dependencies	pin	^3.0.0 -> 3.0.0
stream-http	dependencies	pin	^3.2.0 -> 3.2.0
zone.js (changelog)	dependencies	pin	~0.11.4 -> 0.11.4

---

Release Notes

nodejs/node

v12.22.3

Compare Source

Notable Changes

Node.js 12.22.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

Commits

• [182f86a4d4] - win,msi: use localized "Authenticated Users" name (Richard Lau) #​39241

v12.22.2

Compare Source

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
  • Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
• CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
  • Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921
• CVE-2021-27290: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High)
  • This is a vulnerability in the ssri npm mudule which may be vulnerable to denial of service attacks. You can read more about it in GHSA-vx3p-948g-6vhq
• CVE-2021-23362: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium)
  • This is a vulnerability in the hosted-git-info npm mudule which may be vulnerable to denial of service attacks. You can read more about it in https://nvd.nist.gov/vuln/detail/CVE-2021-23362

Commits

• [623fd1fcb5] - deps: uv: cherry-pick 99c29c9 (Ben Noordhuis) nodejs-private/node-private#​267
• [923b3760f8] - deps: upgrade npm to 6.14.13 (Ruy Adorno) #​38214
• [a52790cba0] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#​269

angular/angular-cli

v12.1.1

Compare Source

Commits

@​angular-devkit/build-angular (12.1.1)
Commit	Description	Notes
	handle `ENOENT` and `ENOTDIR` errors when deleting outputs	[Closes #​21202]
	downlevel `for await...of` when targetting ES2018+	[Closes #​21196]
	configure webpack target in common configuration	[Closes #​21239]
	update `mini-css-extract-plugin` to `1.6.2`
	update `webpack` to `5.41.1`
@​angular/cli (12.1.1)
Commit	Description	Notes
	disable update notifier when retrieving package manager version during `ng version`	[Closes #​21172]
@​ngtools/webpack (12.1.1)
Commit	Description	Notes
	encode component style data	[Closes #​21236]

---

---

Special Thanks

Alan Agius, Charles Lyding, Doug Parker

typescript-eslint/typescript-eslint

v4.28.2

Compare Source

Note: Version bump only for package @​typescript-eslint/eslint-plugin

ajv-validator/ajv

v8.6.1

Compare Source

Fix "not" keyword preventing validation of "allOf" and some other keywords (#​1668)

zloirock/core-js

v3.15.2

Compare Source

• Worked around breakage related to zone.js loaded before core-js, #​953
• Added NodeJS 16.4 -> Chrome 91 compat data mapping

prettier/prettier

v2.3.2

Compare Source

diff

Fix failure on dir with trailing slash (#​11000 by @​fisker)

$ ls
1.js  1.unknown

sass/dart-sass

v1.35.2

Compare Source

• Potentially breaking bug fix: Properly throw an error for Unicode ranges
  that have too many ?s after hexadecimal digits, such as U+12345??.

• Potentially breaking bug fix: Fixed a bug where certain local variable
  declarations nested within multiple @if statements would incorrectly
  override a global variable. It's unlikely that any real stylesheets were
  relying on this bug, but if so they can simply add !global to the variable
  declaration to preserve the old behavior.

• Potentially breaking bug fix: Fix a bug where imports of root-relative
  URLs (those that begin with /) in @import rules would be passed to
  both Dart and JS importers as file: URLs.

• Properly support selector lists for the $extendee argument to
  selector.extend() and selector.replace().

• Fix an edge case where @extend wouldn't affect a selector within a
  pseudo-selector such as :is() that itself extended other selectors.

• Fix a race condition where meta.load-css() could trigger an internal error
  when running in asynchronous mode.

Dart API

• Use the @internal annotation to indicate which Value APIs are available
  for public use.

---

Configuration

📅 Schedule: "before 8am on thursday" in timezone Europe/Berlin.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov]

Codecov Report

Merging #649 (ddf6ff3) into master (fa025e3) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #649   +/-   ##
=======================================
  Coverage   95.94%   95.94%           
=======================================
  Files          92       92           
  Lines        2392     2392           
  Branches      316      316           
=======================================
  Hits         2295     2295           
  Misses         55       55           
  Partials       42       42           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fa025e3...ddf6ff3. Read the comment docs.