Update dependency angular to 1.8.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change
angular	1.6.10 -> 1.8.0

GitHub Vulnerability Alerts

CVE-2019-10768

Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge() does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.

CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code. GHSA-5cp4-xmrw-59wf Summary XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. Description JQLite (DOM manipulation library that's part of AngularJS) manipulates input HTML before inserting it to the DOM in jqLiteBuildFragment. One of the modifications performed expands an XHTML self-closing tag. If jqLiteBuildFragment is called (e.g. via new JQLite(aString)) with user-controlled HTML string that was sanitized (e.g. with DOMPurify), the transformation done by JQLite may modify some forms of an inert, sanitized payload into a payload containing JavaScript - and trigger an XSS when the payload is inserted into DOM. This is similar to a bug in jQuery htmlPrefilter function that was fixed in 3.5.0. Proof of concept const inertPayload = `<div><style><style/><img src=x onerror="alert(1337)"/>`  Note that the style element is not closed and <img would be a text node inside the style if inserted into the DOM as-is. As such, some HTML sanitizers would leave the <img as is without processing it and stripping the onerror attribute. angular.element(document).append(inertPayload); This will alert, as <style/> will be replaced with <style></style> before adding it to the DOM, closing the style element early and reactivating img. Patches The issue is patched in JQLite bundled with angular 1.8.0. AngularJS users using JQuery should upgrade JQuery to 3.5.0, as a similar vulnerability affects jQuery <3.5.0. Workarounds Changing sanitizer configuration not to allow certain tag grouping (e.g. <option><style></option>) or inline style elements may stop certain exploitation vectors, but it's uncertain if all possible exploitation vectors would be covered. Upgrade of AngularJS to 1.8.0 is recommended. References https://github.com/advisories/GHSA-mhp6-pxh8-r675 https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 Configuration 📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Never, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. [ ] If you want to rebase/retry this PR, check this box This PR has been generated by Mend Renovate. View repository job log here.