Commit Graph

9065 Commits

Author SHA1 Message Date
George Kalpakas 3e62832680 chore(ci): fix deploy-code CI job
In #17060, the `deploy-code` job was updated to [include][1] the
`init_environment` custom command. This caused the job to start failing,
because  the `init_environment` command was not compatible with the
`cloud-sdk` executor used in `deploy-code`. There were two problems:

1. The `init_environment` command assumes that the working directory is
   `~/ng`. The `cloud-sdk` executor [did not specify][2] a working
   directory.
   Example failures:
     - On master:
       https://app.circleci.com/pipelines/github/angular/angular.js/
       152/workflows/812df7b2-4bba-4e9e-a868-8c58db5d40d1/jobs/1594
     - On v1.8.x:
       https://app.circleci.com/pipelines/github/angular/angular.js/
       153/workflows/6a9826ac-d191-4042-8c39-0c969c81e381/jobs/1607

2. The `install_java` step, which is part of the `init_environment`
   command, relies on `sudo`, which is not available in the `cloud-sdk`
   executor.
   Example failure:
   - [On a PR]:
     https://app.circleci.com/pipelines/github/angular/angular.js/
     160/workflows/2eed5cfa-751c-44ba-b825-1d6cd5ba3406/jobs/1660

This commit fixes the issues by:
1. Specifying a working directory for the `cloud-sdk` executor. It also
   updates paths used in other steps of the `deploy-code` job to take
   the working directory into account.
2. Removing the `install_java` step from the `init_environment` command
   and adding it explicitly to jobs than require it.

[1]: https://github.com/angular/angular.js/blob/83f084e5db95768dcee5/.circleci/config.yml#L359
[2]: https://github.com/angular/angular.js/blob/83f084e5db95768dcee5/.circleci/config.yml#L34-L37
2020-08-21 17:32:25 +03:00
George Kalpakas 83f084e5db chore(ci): avoid unnecessarily running grunt prepareDeploy in deploy-docs CI job
Previously, the `grunt prepareDeploy` command was run in both the
`prepare-deployment` and `deploy-docs` CI jobs. The reason was that not
all files affected by `grunt prepareDeploy` were persisted to the
workspace across jobs.

More specifically, the command would affect files in the `deploy/` and
`scripts/docs.angularjs.org-firebase/` directories and also create a
`firebase.json` file at the root directory, but only the `deploy/`
directory was [persisted to the workspace][1].

This commit avoids unnecessarily running the `grunt prepareDeploy`
command in the `deploy-docs` CI job by ensuring that all affected files
will be persisted to the workspace in the `prepare-deployment` CI job,
which always runs before `deploy-docs`.

[1]: https://github.com/angular/angular.js/blob/295213df953766625462/.circleci/config.yml#L265

Closes #17060
2020-08-13 14:57:18 +03:00
George Kalpakas 046887048a chore(ci): correctly deploy code and docs on version branches and tags
Previously, the generated build artifacts and docs were only deployed
for builds associated with the master branch. There was also a `latest`
branch mentioned in the config, but there is normally no such branch, so
this had no effect.

This commit fixes the rules so that deployments happen when necessary.
More specifically:
- The `deploy-code` job now runs for builds associated with:
  - The master branch.
  - The stable branch (i.e. the branch from which the version tagged as
    `@latest` on npm is released).
  - Tags of the form `v1.X.Y(-Z)`. (This also required configuring
    CircleCI to run builds for git tags, which does not happen by
    default.)
- The `deploy-docs` job now runs for builds associated with:
  - The stable branch (i.e. the branch from which the version tagged as
    `@latest` on npm is released).

The new rules for when deployments should take place are based on the
logic previously in [.travis.yml][1] and [scripts/travis/build.sh][2]
(from before we switched from Travis to CircleCI).

[1]: https://github.com/angular/angular.js/blob/974700af7c1/.travis.yml#L54-L103
[2]: https://github.com/angular/angular.js/blob/974700af7c1/scripts/travis/build.sh#L66-L101
2020-08-13 14:56:34 +03:00
George Kalpakas f9b5cbfcf7 chore(package.json): update docs app to use version 1.8 of AngularJS
As mentioned in `RELEASE.md`, now that the [CDN][1] has been updated
with the 1.8.0 version, it is safe to bump the value of the
`branchVersion` property in `package.json` to `^1.8.0`. This will cause
the docs app to use the latest version, namely 1.8.0.

[1]: https://ajax.googleapis.com/ajax/libs/angularjs/1.8.0/angular.js
2020-08-13 14:56:34 +03:00
dependabot[bot] 0d14993d75 chore(deps): bump elliptic from 6.3.3 to 6.5.3
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.3.3 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.3.3...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17059
2020-07-30 18:44:04 +03:00
Ewa G 5541828ff4 docs(misc/Version Support Status): mention LTS extension by 6 months due to COVID
Due to COVID-19 affecting teams migrating from AngularJS, the Long Term Support period has been
extended by 6 months (until the end of 2021). See announcement on Twitter:
https://twitter.com/angular/status/1287780634572857357

This commit updates the "Version Support Status" page to also mention the extension.

Partially addresses #17058.
2020-07-30 12:25:28 +03:00
George Kalpakas 4099279426 fix(doc-gen): use the correct lodash method in dgeni processor (indexBy --> keyBy)
The `indexBy()` method was renamed to `keyBy()` in lodash v4 (see
lodash/lodash@b1d52ccd82). This commit
updates all usages of `indexBy()` to `keyBy()`.
2020-07-16 19:32:02 +03:00
dependabot[bot] 01ed44efd6 chore(deps-dev): bump lodash from 2.4.2 to 4.17.19
Bumps [lodash](https://github.com/lodash/lodash) from 2.4.2 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/2.4.2...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-16 19:32:02 +03:00
dependabot[bot] 49655fac26 chore(deps): bump lodash
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-16 15:48:27 +03:00
dependabot[bot] 42abc8270a chore(deps): bump lodash
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-16 12:15:17 +03:00
dependabot[bot] d6ae0ee772 Merge pull request #17043 from angular/dependabot/npm_and_yarn/scripts/docs.angularjs.org-firebase/functions/websocket-extensions-0.1.4
chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4 in /scripts/docs.angularjs.org-firebase/functions
2020-06-11 11:47:40 +01:00
dependabot[bot] 94dc1d0e6d chore(deps): bump websocket-extensions
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>
2020-06-11 11:46:25 +01:00
Harri Lehtola 2fab3d4e00 fix($sanitize): do not trigger CSP alert/report in Firefox and Chrome
If `ngSanitize` is added as a module dependency and a Content-Security-Policy
is set that does not allow inline styles then Firefox and Chrome show the
following message:

> Content Security Policy: The page’s settings observed the loading of a
resource at self (“default-src”). A CSP report is being sent.

This message is caused because AngularJS is creating an inline style tag
to test for a browser bug that we use to decide what sanitization strategy
to use, which causes CSP violation errors if inline CSS is prohibited.

This test is no longer necessary, since the `DOMParser` is now safe to use
and the `style` based check is redundant.

In this fix, we default to using `DOMParser` if it is available and fall back
to `createHTMLDocument()` if needed. This is the approach used by DOMPurify
too.

The related unit tests in `sanitizeSpec.js`, "should not allow JavaScript
execution when creating inert document" and "should not allow JavaScript
hidden in badly formed HTML to get through sanitization (Firefox bug)", are
left untouched to assert that the behavior hasn't changed in those scenarios.

Fixes #16463.
2020-06-11 11:41:27 +01:00
Pete Bacon Darwin 72fbd48f2a chore: update changelog with vulnerability credits 2020-06-05 13:35:32 +01:00
Pete Bacon Darwin e55d352e94 docs(*): update changelog for 1.8.0 v1.8.0 2020-06-04 16:12:37 +01:00
Pete Bacon Darwin 78ab691072 chore(*): prep for 1.8.0 2020-06-04 16:11:00 +01:00
Eran Nussbaum 59b5651d82 docs(ngRepeat): missing closing backtick 2020-06-02 14:52:51 +03:00
Michał Gołębiowski-Owczarek c8b7c16b78 fix(jqLite): improve documentation 2020-05-26 22:21:32 +02:00
Michał Gołębiowski-Owczarek 05cf60677b fix(jqLite): apply suggestions from code review
Co-authored-by: Michael Prentice <splaktar@gmail.com>
2020-05-26 22:08:46 +02:00
Michał Gołębiowski-Owczarek 2df43c0777 fix(jqLite): prevent possible XSS due to regex-based HTML replacement
This also splits the wrapping logic to one for modern browsers & one for IE 9
as IE 9 has restrictions that make it impossible to make it as secure.
2020-05-26 18:58:01 +02:00
George Kalpakas 295213df95 chore(*): clean up package.json and CircleCI config
This is a follow-up to #16915, cleaning up `package.json` and
`.circleci/config.yml` and making release scripts executable.
2020-05-26 17:39:51 +03:00
George Kalpakas a31c207bf1 chore(docs-app): remove document.write() from docs index.html
Previously, the docs app used `document.write()`, causing the following
warning on Chrome:

```
A parser-blocking, cross site (i.e. different eTLD+1) script,
https://ajax.googleapis.com/ajax/libs/angularjs/1.7.9/angular.min.js, is
invoked via document.write. The network request for this script MAY be
blocked by the browser in this or a future page load due to poor network
connectivity.
```

In the past, `document.write()` seems to have been used in order for
browsers (such as Firefox) to work correctly with our dynamically set
`<base>` tag and relative style/script URLs.

This commit replaces `document.write()` with regular
`<style>`/`<script>` tabs to avoid the warning (and potential issues due
to poor network connectivity). It seems that the latest versions of
Chrome, Firefox and IE can handle this fine (without naticeable delays).

Fixes #15396
2020-05-25 16:41:54 +01:00
Krzysztof Kotowicz 2518966153 fix(grunt-utils): insert the core CSS styles without using innerHTML
Create style elements and modify their text content instead of using
innerHTML to create the whole `<style>` element with its content.
That way style insertion done at bootstrap time doesn't interfere with
Trusted Types restrictions in Chrome (https://bit.ly/trusted-types).

Remove the type attribute - `text/css` is default:
https://html.spec.whatwg.org/#update-a-style-block.

Closes #17014
2020-05-25 11:17:53 +03:00
Pete Bacon Darwin 7de25c8e41 chore(ci): ensure that deployment files are ready for deployment 2020-05-24 19:57:58 +01:00
Pete Bacon Darwin 566a552645 chore(ci): update and deploy firebase function for code.angularjs.org 2020-05-24 19:57:57 +01:00
Pete Bacon Darwin 3c75a89906 chore(ci): attempt to fix up code deployment 2020-05-24 07:19:13 +01:00
Pete Bacon Darwin d9e68b157b chore(ci): use correct executor for deploying code 2020-05-23 14:57:48 +01:00
Pete Bacon Darwin a0488b30a7 chore(ci): move over to CircleCi config
This commit gets rid of all references to Travis and, belatedly, Jenkins.
Now all CI is done on CircleCI and releases are run locally.

The CI no longer updates the docs and code.angularjs.org for jobs that are
not on the `master` branch.

During releases, the docs and code should be uploaded manually.
2020-05-23 13:22:56 +01:00
Pete Bacon Darwin 974700af7c test(*): fix up some tests for Firefox 2020-05-22 18:09:15 +01:00
Pete Bacon Darwin 9c810ebb2c chore(*): update saucelabs browsers 2020-05-22 18:09:15 +01:00
Pete Bacon Darwin c4b79d59b4 chore(*): update protractor to latest version 2020-05-22 18:09:07 +01:00
Michał Gołębiowski-Owczarek 43c3e5b11b chore(*): update Node.js from 8 to 12, update some dependencies
Node.js 8 ends its support at the end of 2019. Node 12 will be supported
until April 2022 which is way past AngularJS end of support.

Some dependencies needed to be updated to make them work in Node.js 12.
2020-05-22 18:08:04 +01:00
Michał Gołębiowski-Owczarek 8e941f42e4 chore(*): update jQuery from 3.4.0 to 3.5.1 2020-05-20 05:17:05 +01:00
George Kalpakas 418355f1cf chore(docs.angularjs.org): upgrade Firebase libraries 2020-04-14 16:12:17 +03:00
George Kalpakas 94c288b125 chore(code.angularjs.org): upgrade Firebase libraries 2020-04-14 16:11:59 +03:00
Nishant Mittal 123c5a0a3e docs(misc/Version Support Status): Minor Typo Fix
Closes #17012
2020-04-13 15:48:57 +03:00
Sam Katakouzinos f6986f8e52 docs(developers): commit message format typo
Any line of the commit message cannot be longer *than* 100 characters!

Closes #17006
2020-03-11 13:29:49 +02:00
Chives ff963de73a docs($aria): get the docs working for the service
Closes #16945
2020-02-07 16:23:12 +02:00
comet 2b28c540ad docs(*): fix spelling errors
Closes #16942
2020-02-02 11:28:55 +02:00
George Kalpakas 68701efb9e chore(*): fix serving of URI-encoded files on code.angularjs.org
The files served for the various versions on https://code.angularjs.org/
are retrieved by a Firebase function from a Firebase Storage bucket
(where they are deployed to from Travis CI). The files are stored
exactly as they are named on disk.

It turns out that some of the files have names with special characters
that get URI-encoded when sent to the Firebase function. For example,
`input[text].html` becomes `input%5Btext%5D.html`. As a result, the
actual file cannot be retrieved from the Storage bucket (since the name
does not match) and `index.html` is returned instead. Apparently, this
never worked, but nobody noticed or reported it until recently.

An example of a failing URL is:
https://code.angularjs.org/1.7.9/docs/api/ng/input/input%5Btext%5D

(NOTE: https://docs.angularjs.org/ works correctly, since the files are
deployed to Firebase hosting directly and not to a Storage bucket.)

This commit fixes the problem by decoding the request path before trying
to retrieve the corresponding file from the Storage bucket.

Closes #16943
2020-02-02 11:19:17 +02:00
George Kalpakas c8a6e8450f chore(package): fix scripts for latest Node 10.x on Windows 2020-02-02 11:19:11 +02:00
thatshubham 0cd592f49f docs(angular.errorHandlingConfig): fix typo (wether --> whether)
Closes #16935
2020-01-14 12:22:44 +02:00
thatshubham a4daf1f767 docs(angular.copy): fix getter/setter formatting
Fix the formatting of `getter`/`setter` in the known limitations section
of the `angular.copy()` docs.

Closes #16934
2020-01-14 12:19:52 +02:00
Angel_Kitty be6a6d80e0 chore(*): update copyright year to 2020
Closes #16930
2020-01-14 12:16:06 +02:00
Pete Bacon Darwin 36f17c9262 docs: add mention to changelog 2019-11-19 14:37:18 +00:00
Pete Bacon Darwin ff5f782b20 docs: add mention to changelog 2019-11-19 14:35:59 +00:00
Pete Bacon Darwin 27460db1db docs: release notes for 1.7.9 2019-11-19 08:23:28 +00:00
Pete Bacon Darwin add78e6200 fix(angular.merge): do not merge __proto__ property
By blocking `__proto__` on deep merging, this commit
prevents the `Object` prototype from being polluted.
2019-11-07 15:39:21 +00:00
George Kalpakas 060bcdeeb9 chore(saucelabs): switch to latest version of desktop Safari
The currently latest-1 version of desktop Safari (v12.0) on SauceLabs is
completely unstable. Switching to the latest version (currently v12.1),
which works fine.

Closes #16888
2019-07-24 15:53:19 +03:00
George Kalpakas 881167d7bd chore(saucelabs): upgrade SauceConnect to 4.5.4 2019-07-24 15:52:07 +03:00