Compare commits

..

73 Commits

Author SHA1 Message Date
Jeremy Elbourn df41fc79f1 docs(changelog): fix wrong date in changelog for 1.8.3
(cherry picked from commit 47bf11ee94)
2022-04-12 08:56:56 -07:00
Jeremy Elbourn 04080affa8 docs(changelog): fix typo in changelog for 1.8.3
(cherry picked from commit b5aa42586e)
2022-04-12 08:56:51 -07:00
Jeremy Elbourn 5bfef634d8 docs(changelog): add release notes for 1.8.3
We're doing this final release to update poackage README files for npm.

(cherry picked from commit cf16b241e1)
2022-04-12 08:56:09 -07:00
Jeremy Elbourn 05c65be8ac docs(*): update end-of-life messages (#17177)
* Docs homepage
* Docs banner
* Security and support pages
* GitHub README
* CHANGELOG

(cherry picked from commit 757d56ea9c)
2022-03-18 14:52:08 -07:00
Ed Clement 876b8c7607 docs(eol): add EOL options text and link to template header used in every page
Closes #17164
2021-12-10 01:04:47 +02:00
Ed Clement 5d112c232a test(Angular): fix angularInit() tests on Safari v15+
Previously, the `angularInit()` tests assumed that the Safari browser
uses the `safari-extension:` protocol for browser extension URLs. This
is true for versions <15. However, since v15, Safari on iOS only
recognizes the `chrome-extension:` protocol, which causes the tests to
fail ([example failure][1]).

This commit updates the tests to use the correct protocol according to
the version of Safari used.

NOTE:
On macOS, Safari v15+ recognizes both `safari-extension:` and
`chrome-extension:`, so it is OK to always use the later with Safari
v15+ (regardless of the platform).

[1]: https://circleci.com/gh/angular/angular.js/3527

Co-authored-by: George Kalpakas <kalpakas.g@gmail.com>

Closes #17166
2021-12-09 22:26:28 +02:00
Ed Clement 4736479c12 test(input): fix tests on Firefox v93+
Since version 93, Firefox started more closely following the spec on
formatting `datetime-local` input values by removing trailing zeros from
the string representation of the value. This causes some of our tests to
fail ([example failure][1]).

For example, a value is reported by Firefox as `2009-01-06T16:25` while
the tests expect `2009-01-06T16:25:00.000`. I.e. Firefox started leaving
out seconds/milliseconds if they are zero.

According to [MDN][2], this is the correct behavior according to the
spec. Indeed the spec says that [if the value of the element is a valid
local date and time string, then it must be set to a **valid normalized
local date and time string**][3], where **valid normalized local date
and time string** is [defined as consisting of][4]:
> - A valid date string representing the date.
> - A U+0054 LATIN CAPITAL LETTER T character (T).
> - A valid time string representing the time, expressed as the
>   **shortest possible string** for the given time (e.g. **omitting the
>   seconds component** entirely if the given time is zero seconds past
>   the minute).

This commit fixes the relevant tests by explicitly specifying non-zero
values for seconds and milliseconds.

[1]: https://circleci.com/gh/angular/angular.js/3527
[2]: https://developer.mozilla.org/en-US/docs/Web/HTML/Date_and_time_formats
  #local_date_and_time_strings
[3]: https://html.spec.whatwg.org/multipage/input.html
  #local-date-and-time-state-(type=datetime-local)
[4]: https://html.spec.whatwg.org/multipage/common-microsyntaxes.html
  #concept-datetime-local

Co-authored-by: George Kalpakas <kalpakas.g@gmail.com>
2021-12-09 22:26:28 +02:00
Ikko Ashimine 8e637dd6ac docs($parse): fix typo in parse.js
Propogate -> Propagate

(cherry picked from commit e29900c78f)
2021-10-20 10:16:31 +02:00
Gage Guzman 4110e57daf docs(README.md): add wiki link to MVC
Add a wiki link to MVC in case people have not heard of it before and
want to read about it more.

Closes #17152
2021-08-24 11:28:41 +03:00
dependabot[bot] 48e9ac68ff chore(deps): bump js-yaml from 3.5.5 to 3.14.1
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.5.5 to 3.14.1.
- [Release notes](https://github.com/nodeca/js-yaml/releases)
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/3.5.5...3.14.1)

Closes #17147
2021-06-12 16:27:24 +03:00
dependabot[bot] e44b9961c6 chore(deps): bump normalize-url from 4.5.0 to 4.5.1
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

Closes #17145
2021-06-12 15:28:42 +03:00
Michael Prentice 67861ef7cd chore(e2e): run tests against Chrome 91 on macOS Catalina
Closes #17144
2021-06-12 15:28:42 +03:00
Michael Prentice d04f07df97 chore(e2e): run tests against Firefox 85 on macOS Catalina
Closes #17142
2021-06-12 15:28:42 +03:00
Michael Prentice 35633ccbbe chore(functions): support NodeJS LTS v14. fix audit issues
- update firebase scripts
- from: 6 vulnerabilities found - Severity: 6 High
- to: 0 vulnerabilities found

Closes #17140
2021-06-07 20:11:19 +03:00
Michael Prentice 8e53378cb9 chore(build): support NodeJS LTS v14. fix audit issues
- from:483 vulnerabilities found - 273 Low | 38 Moderate | 168 High | 4 Critical
- to: 389 vulnerabilities found - 259 Low | 28 Moderate | 98 High | 4 Critical

Closes #17139
2021-06-05 20:49:02 +03:00
Michael Prentice 474af907ad docs(misc/Version Support Status): update URL for XLTS.dev
- the subdomain was switched to a path many months ago
- the angularjs.xlts.dev site will soon be used for hosting something else
  and the redirect removed (ASAP)

Closes #17136
2021-06-01 17:21:41 +03:00
dependabot[bot] e107bcdf6b chore(deps): bump y18n from 3.2.1 to 3.2.2
Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17122
2021-03-31 19:45:49 +03:00
Ikko Ashimine 71d197f262 docs($parse): fix typo in lval.ngdoc
assigment -> assignment

Closes #17120
2021-03-09 13:30:07 +02:00
dependabot[bot] 4f12307708 chore(deps): bump elliptic from 6.5.3 to 6.5.4
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17119
2021-03-09 13:26:33 +02:00
dependabot[bot] 9784f99a90 chore(deps): bump bl from 1.2.2 to 1.2.3
Bumps [bl](https://github.com/rvagg/bl) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/rvagg/bl/releases)
- [Commits](https://github.com/rvagg/bl/compare/v1.2.2...v1.2.3)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17116
2021-02-06 21:35:33 +02:00
dependabot[bot] fcb354a18f chore(deps): bump https-proxy-agent from 2.2.1 to 2.2.4
Bumps [https-proxy-agent](https://github.com/TooTallNate/node-https-proxy-agent) from 2.2.1 to 2.2.4.
- [Release notes](https://github.com/TooTallNate/node-https-proxy-agent/releases)
- [Commits](https://github.com/TooTallNate/node-https-proxy-agent/compare/2.2.1...2.2.4)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17115
2021-02-06 21:35:32 +02:00
dependabot[bot] 945271ac3f chore(deps): bump ini from 1.3.4 to 1.3.7
Bumps [ini](https://github.com/isaacs/ini) from 1.3.4 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.4...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17099
2021-02-06 21:35:32 +02:00
George Kalpakas 11f8c69e91 chore(ci): only run deploy-code-firebase on master
Previously, the `deploy-code-firebase` CI job was run on any build
corresponding to a git tag, the master branch or the stable branch.
Given that all runs of `deploy-code-firebase` deploy to the same
Firebase project (and overwrites previous deployments), there is no
point in deploying from multiple branches/tags.

This commit fixes this by ensuring that we only run the
`deploy-code-firebase` job on builds for the master branch, which
contains the most up-to-date code/configuration.
2021-02-06 19:58:26 +02:00
George Kalpakas c9cb05dacd chore(ci): fix failing deploy-code job
In #17114, the `deploy-code` CI job was modified to also run some
commands via `yarn`. It turns out that this breaks on CI, because the
`deploy-code` job uses the `cloud-sdk` executor that does not have
`yarn` installed. ([Example failure][1])

This commit fixes this by splitting the `deploy-code` job into two jobs:
- `deploy-code-files` uses the `cloud-sdk` and uploads the files to
  Google Cloud.
  (This is essentially the `deploy-code` job from before #17114.)
- `deploy-code-firebase` uses the `default` executor (which has `yarn`
  installed) and deploys to Firebase.
  (This essentially includes the new bits added in #17114.)

[1]: https://circleci.com/gh/angular/angular.js/2712
2021-02-06 13:49:15 +02:00
George Kalpakas 6f0d32a871 fix(code.angularjs.org): correctly re-construct paths on Windows in sendStoredFile()
Previously, the `sendStoredFile()` Firebase function used `.split('/')`
to split the request path into segments and later used `path.join()` to
join them back together. This worked fine on *nix based systems, which
use `/` as the path separator. On Windows, however, where `\` is the
path separator, the re-constructed paths could not be retrieved from the
Google Cloud Storage bucket. This prevented the Firebase emulators from
working correctly when testing the function locally on Windows.

This commit fixes the issue by using `.join('/')` to join the path
segments back together.

Closes #17114
2021-02-06 11:54:07 +02:00
George Kalpakas c4bf0c45a3 chore(build): update Firebase dependencies to latest versions
This commit updates `firebase-admin`, `firebase-functions` and
`firebase-tools` to latest versions to take advantage of the most recent
fixes and improvements.
2021-02-06 11:54:06 +02:00
George Kalpakas 52bb5b7e74 chore(build): use Node.js v12 for Firebase functions on {code,docs}-angularjs-org 2021-02-06 11:54:06 +02:00
George Kalpakas b1838492f2 chore(ci): use default project from config when deploying to Firebase
Previously, when deploying `scripts/{code,docs}.angularjs.org-firebase/`
to Firebase, we explicitly specified the target projects. Since the
project IDs are also specified in the respective `.firebaserc` files,
this was unnecessary (and meant we had multiple places to update if the
IDs changed).

This commit simplifies the process by automatically targeting the
default projects (as configured in the `.firebaserc` files) when
deploying to Firebase in CI.
2021-02-06 11:54:06 +02:00
George Kalpakas d7c7b24f8d chore(ci): also deploy code-angularjs-org to Firebase
Previously, we only deployed the built files to Google Cloud Storage for
the `code-angularjs-org` Firebase project. This meant that the other
Firebase services (such as functions, hosting, storage) were not updated
when we made changes to their source code or configuration.
(This isn't a problem at the moment, since the code/configuration for
these service changes infrequently, but could bite us in the future.)

This commit fixes this by ensuring that we deploy to all enabled
Firebase services (currently functions, hosting and storage).
2021-02-06 11:54:06 +02:00
George Kalpakas f9e6aceefe chore(ci): also deploy Firebase functions to docs-angularjs-org
Previously, we only deployed to Firebase hosting for the
`docs-angularjs-org` Firebase project. This meant that the deployed
functions used an old version of Node.js and started failing once
support was dropped for that version. See #17111 for details.

This commit fixes this by ensuring that we deploy to all enabled
Firebase services (currently functions and hosting).

Fixes #17111
Fixes angular/angularjs.org#251
2021-02-06 11:54:06 +02:00
George Kalpakas 3ac2877507 chore(ci): deploy to docs.angularjs.org from within the corresponding directory
Previously, in order to deploy to Firebase from
`scripts/docs.angularjs.org-firebase/`, we had to copy the
`firebase.json` file to the repository root and adjust the contained
paths accordingly.

By running the `firebase` CLI directly (instead of via `yarn`), we are
able to deploy from `docs.angularjs.org-firebase/` directly. This
simplifies the deployment (and local testing) process and paves the way
for also deploying from `code.angularjs.org-firebase/` in a subsequent
commit.
2021-02-06 11:54:05 +02:00
George Kalpakas 8ae4c8217b chore(ci): copy deployment files inside the respective Firebase directories
We have the `scripts/{code,docs}.angularjs.org-firebase/` directories,
which contain the necessary code and config for deploying built files to
the `code-angularjs-org` and `docs-angularjs-org` Firebase projects
respectively.

Previously, some of the files that needed to be deployed to Firebase (or
Google Cloud) were placed outside these directories (e.g. in
`deploy/{code,docs}/`).

Since these files are only used for deploying to Firebase/Google Cloud,
this commit changes the deployment process to instead copy the files
inside the directories. In a subsequent commit, this will allow
simplifying the deployment process, by running it from inside each
directory instead of having to copy the `firebase.json` files to the
repository root (and adjust the paths).

These are the destination directory changes:

| Before       | After                                       |
|--------------|---------------------------------------------|
| deploy/code/ | scripts/code.angularjs.org-firebase/deploy/ |
| deploy/docs/ | scripts/docs.angularjs.org-firebase/deploy/ |
2021-02-06 11:54:05 +02:00
George Kalpakas c043ba145f chore(code.angularjs.org): check in yarn.lock file (and remove package-lock.json)
Since we are using `yarn` to install dependencies, it makes sense to use
`yarn.lock` as the lockfile (and get rid of the unused
`package-lock.json`).
2021-02-06 11:54:05 +02:00
George Kalpakas 2a7b80223d docs(changelog): fix typos in 1.8.1/1.8.2 notes
- Remove stray backtick.
- Add missing preposition (`identical` --> `identical to`).
- Remove 1.8.1 change from the 1.8.2 section.

Closes #17093
2020-10-25 11:43:52 +02:00
Pete Bacon Darwin 823939c969 docs(changelog): add release notes for 1.8.2 2020-10-21 12:49:04 +01:00
George Kalpakas d9f820a430 fix($sceDelegate): make resourceUrlWhitelist() is identical trustedResourceUrlList()
In commit a206e2675c, `$sceDelegateProvider`'s
`resourceUrlWhitelist()` was deprecated in favor of the new
`trustedResourceUrlList()`. However, although both properties were
assigned the same value, it was possible for an app to break if one of
the properties was overwritten in one part of the app (or a 3rd-party
library) while another part of the app interacts with the other,
non-overwritten property.

This commit fixes it by making `resourceUrlWhitelist()` a getter/setter
that delegates to `trustedResourceUrlList()`, ensuring that the two
properties will remain in sync. This, also, makes it consistent with
other similar deprecated properties, such as `$sceDelegateProvider`'s
`resourceUrlBlacklist()`.

Closes #17090
2020-10-14 15:46:11 +03:00
George Kalpakas 5e85ef3634 docs(*): fix docs on recently deprecated properties/methods
In commits 9679e58ec4e9d9e4b743..3dd42cea688a7b6f7789, some properties
and methods names including the terms whitelist/blacklist were
deprecated in favor of new ones not including the terms.

This commit fixes some typos in docs related to these changes and adds
links to the new properties/methods in the changelog for easier access.

Fixes #17088
2020-10-14 15:46:11 +03:00
frosty 1c64a350f3 docs(version-support-status): add link to extended long term support 2020-10-08 19:17:26 +01:00
Pete Bacon Darwin aac55c0b51 docs(changelog): add release notes for 1.8.1 2020-10-05 14:05:40 +01:00
George Kalpakas 83e5177459 chore(CircleCI): fix deploy-docs job
Since #17039, our docs Firebase functions' `package.json` specifies a
`node` engine version. This is required for configuring which version of
Node.js should Firebase use to execute the functions. However, since
Firebase is using an older version of Node.js than the one we use to
build the AngularJS project, yarn would error due to incompatible
Node.js engine versions ([example failure][1]).

This commit avoids the error by running yarn with the `--ignore-engines`
option.

[1]: https://app.circleci.com/pipelines/github/angular/angular.js/214/
     workflows/ad2e9baf-7249-467d-bc71-bd98e6cd922c/jobs/2247
2020-10-01 02:17:05 +03:00
dependabot[bot] aa7e17764d chore(deps): bump node-fetch from 2.6.0 to 2.6.1
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17073
2020-10-01 00:59:54 +03:00
dependabot[bot] a4f3934b72 chore(deps): bump node-fetch
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17072
2020-10-01 00:59:54 +03:00
dependabot[bot] a2739b6911 chore(deps): bump node-fetch
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17071
2020-10-01 00:59:53 +03:00
dependabot[bot] 81408626a3 chore(deps): bump http-proxy from 1.16.2 to 1.18.1
Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.16.2 to 1.18.1.
- [Release notes](https://github.com/http-party/node-http-proxy/releases)
- [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/http-party/node-http-proxy/compare/1.16.2...1.18.1)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17070
2020-10-01 00:59:53 +03:00
Michael Prentice eaa0349e95 chore(copyright): update to Google LLC
- fix minor typo in comment

Relates to angular/angular#27880

Closes #17062
2020-10-01 00:59:53 +03:00
George Kalpakas 4b0b68150f chore(SauceLabs): update sauce-connect to version 4.6.2
Closes #17078
2020-10-01 00:59:52 +03:00
dependabot[bot] 931fc3c9c8 chore(deps): bump is-my-json-valid from 2.15.0 to 2.20.5
Bumps [is-my-json-valid](https://github.com/mafintosh/is-my-json-valid) from 2.15.0 to 2.20.5.
- [Release notes](https://github.com/mafintosh/is-my-json-valid/releases)
- [Commits](https://github.com/mafintosh/is-my-json-valid/compare/v2.15.0...v2.20.5)

Signed-off-by: dependabot[bot] <support@github.com>
2020-10-01 00:47:05 +03:00
Martin Staffa 450d32a13b chore(ci): add engines to docs firebase deployment
According to the Firebase docs, this field is necessary: https://firebase.google.com/docs/functions/manage-functions#set_nodejs_version
It's also a good idea to set it because NodeJS 8 is end-of-life, and Firebase will require Node 10 for all functions by  March 15, 2021.
2020-09-30 19:41:25 +01:00
Michael Prentice 5193f4788d docs(security): add SECURITY.md 2020-09-30 19:36:52 +01:00
Joey Perrott 1d3ec55914 refactor(misc): remove usages of whitelist and blacklist
Remove miscellaneous usages and references to usages of whitelist and blacklist
throughout the repository.
2020-09-30 18:52:35 +01:00
Joey Perrott 10ae3e2932 refactor(SanitizeUriProvider): remove usages of whitelist
Changes aHrefSanitizationWhitelist to aHrefSanitizationTrustedUri and imgSrcSanitizationWhitelist
to imgSrcSanitizationTrustedUri updating references to use the new symbols.

For the purposes of backward compatibility, the previous symbols are aliased to
the new symbols.
2020-09-30 18:52:25 +01:00
Joey Perrott 0d02831658 refactor(httpProvider): remove usages of whitelist and blacklist
Changes xsrfWhitelistedOrigins to xsrfTrustedOrigins updating references to use
this new symbol.

For the purposes of backward compatibility, the previous symbol is aliased to
the new symbol.
2020-09-30 18:52:16 +01:00
Joey Perrott 634866aa32 refactor(sceDelegateProvider): remove usages of whitelist and blacklist
Changes resourceUrlWhitelist to trustedResourceUrlList and resourceUrlBlacklist
to bannedResourceUrlList, updating references to use this new symbol.

For the purposes of backward compatibility, the previous symbols are aliased to
their new symbol.
2020-09-30 18:52:04 +01:00
George Kalpakas e7ae361580 chore(ci): correctly compute $DIST_TAG in the deploy-code CI job
Previously, the `DIST_TAG` environment variable was failing to be
computed correctly in the `deploy-code` CI job, because it relied on the
non-existent `node` executable. It worked with the default executor
(which includes `node`), but not with the `cloud-sdk` executor used in
`deploy-code`, resulting in the following error:

```sh
./.circleci/env.sh: line 59: node: command not found
DIST_TAG=
```

You can see an example failure in the "Set up environment" step logs in
https://app.circleci.com/pipelines/github/angular/angular.js/
170/workflows/32fcacf9-c89b-4020-b3eb-15debe18bb67/jobs/1793

This commit fixes it by computing `$DIST_TAG` using unix tools (`cat`,
`grep`, `sed`) that _are_ available on the docker images of all
executors.

Closes #17067
2020-08-22 22:06:05 +03:00
George Kalpakas d0d819b856 chore(ci): fix docs deployment to Firebase (deploy-docs CI job)
Previously, the command used to deploy the docs to Firebase (as part of
the `deploy-docs` CI job) would fail, because no target project was
specified (either directly in the command or indirectly via a
`.firebaserc` file in the working directory).

Example failure:
https://app.circleci.com/pipelines/github/angular/angular.js/
166/workflows/34c692ec-18d4-4422-a1cf-108a91219fa5/jobs/1744

This commit fixes the command by specifying the project via the
`--project` cli argument. It also adds the commit SHA as message to make
it easier to associate a deployment with the corresponding commit.

Closes #17066
2020-08-22 18:56:36 +03:00
George Kalpakas 2ffee328e8 chore(ci): correctly compute the DIST_TAG environment variable
Previously, the `DIST_TAG` environment variable was failing to be
computed correctly, because it was using the non-existent `jq` tool. In
the past (when running on TravisCI), `jq` used to be available, but it
is not on the currently used CircleCI docker image, resulting in the
following error:

```sh
./.circleci/env.sh: line 59: jq: command not found
DIST_TAG=
```

You can see an example failure in the "Set up environment" step logs in
https://app.circleci.com/pipelines/github/angular/angular.js/
166/workflows/34c692ec-18d4-4422-a1cf-108a91219fa5/jobs/1742

This commit fixes it by using `node` (which _is_ available on the docker
image) to compute `$DIST_TAG`.
2020-08-22 18:56:36 +03:00
George Kalpakas af2cadba09 chore(ci): avoid deploying if linting fails
Previously, the `prepare-deployment` CI job, which requires all unit and
e2e test jobs to have succeeded before running, was ignoring the `lint`
job. As a result, deployments might happen even when there were linting
issues. This looks like an oversight.

This commit ensures that, in addition to unit and e2e tests passing,
linting must also pass before deploying the code or documentation.

Closes #17063
2020-08-21 17:34:41 +03:00
George Kalpakas 5d7ce8de07 chore(ci): fix deploy-docs CI job
One step in the `deploy-docs` CI job contains a typo that causes it to
fail: `yarn -cwd ...` instead of `yarn --cwd ...`
This has been broken since a0488b30a7, but
has not been noticed because the job was not running. #17060 configured
the job to run as necessary, which brought up the error.

Example failure:
  - On v1.8.x:
    https://app.circleci.com/pipelines/github/angular/angular.js/
    153/workflows/6a9826ac-d191-4042-8c39-0c969c81e381/jobs/1606

This commit fixes the typo in the command.
2020-08-21 17:34:40 +03:00
George Kalpakas c47c0bb259 chore(ci): fix deploy-code CI job
In #17060, the `deploy-code` job was updated to [include][1] the
`init_environment` custom command. This caused the job to start failing,
because  the `init_environment` command was not compatible with the
`cloud-sdk` executor used in `deploy-code`. There were two problems:

1. The `init_environment` command assumes that the working directory is
   `~/ng`. The `cloud-sdk` executor [did not specify][2] a working
   directory.
   Example failures:
     - On master:
       https://app.circleci.com/pipelines/github/angular/angular.js/
       152/workflows/812df7b2-4bba-4e9e-a868-8c58db5d40d1/jobs/1594
     - On v1.8.x:
       https://app.circleci.com/pipelines/github/angular/angular.js/
       153/workflows/6a9826ac-d191-4042-8c39-0c969c81e381/jobs/1607

2. The `install_java` step, which is part of the `init_environment`
   command, relies on `sudo`, which is not available in the `cloud-sdk`
   executor.
   Example failure:
   - [On a PR]:
     https://app.circleci.com/pipelines/github/angular/angular.js/
     160/workflows/2eed5cfa-751c-44ba-b825-1d6cd5ba3406/jobs/1660

This commit fixes the issues by:
1. Specifying a working directory for the `cloud-sdk` executor. It also
   updates paths used in other steps of the `deploy-code` job to take
   the working directory into account.
2. Removing the `install_java` step from the `init_environment` command
   and adding it explicitly to jobs than require it.

[1]: https://github.com/angular/angular.js/blob/83f084e5db95768dcee5/.circleci/config.yml#L359
[2]: https://github.com/angular/angular.js/blob/83f084e5db95768dcee5/.circleci/config.yml#L34-L37
2020-08-21 17:34:40 +03:00
George Kalpakas 4f7ea6cd6a chore(ci): avoid unnecessarily running grunt prepareDeploy in deploy-docs CI job
Previously, the `grunt prepareDeploy` command was run in both the
`prepare-deployment` and `deploy-docs` CI jobs. The reason was that not
all files affected by `grunt prepareDeploy` were persisted to the
workspace across jobs.

More specifically, the command would affect files in the `deploy/` and
`scripts/docs.angularjs.org-firebase/` directories and also create a
`firebase.json` file at the root directory, but only the `deploy/`
directory was [persisted to the workspace][1].

This commit avoids unnecessarily running the `grunt prepareDeploy`
command in the `deploy-docs` CI job by ensuring that all affected files
will be persisted to the workspace in the `prepare-deployment` CI job,
which always runs before `deploy-docs`.

[1]: https://github.com/angular/angular.js/blob/295213df953766625462/.circleci/config.yml#L265

Closes #17060
2020-08-13 15:10:08 +03:00
George Kalpakas 5c93c996f1 chore(ci): correctly deploy code and docs on version branches and tags
Previously, the generated build artifacts and docs were only deployed
for builds associated with the master branch. There was also a `latest`
branch mentioned in the config, but there is normally no such branch, so
this had no effect.

This commit fixes the rules so that deployments happen when necessary.
More specifically:
- The `deploy-code` job now runs for builds associated with:
  - The master branch.
  - The stable branch (i.e. the branch from which the version tagged as
    `@latest` on npm is released).
  - Tags of the form `v1.X.Y(-Z)`. (This also required configuring
    CircleCI to run builds for git tags, which does not happen by
    default.)
- The `deploy-docs` job now runs for builds associated with:
  - The stable branch (i.e. the branch from which the version tagged as
    `@latest` on npm is released).

The new rules for when deployments should take place are based on the
logic previously in [.travis.yml][1] and [scripts/travis/build.sh][2]
(from before we switched from Travis to CircleCI).

[1]: https://github.com/angular/angular.js/blob/974700af7c1/.travis.yml#L54-L103
[2]: https://github.com/angular/angular.js/blob/974700af7c1/scripts/travis/build.sh#L66-L101
2020-08-13 15:10:08 +03:00
George Kalpakas e676c7bdf8 chore(package.json): update docs app to use version 1.8 of AngularJS
As mentioned in `RELEASE.md`, now that the [CDN][1] has been updated
with the 1.8.0 version, it is safe to bump the value of the
`branchVersion` property in `package.json` to `^1.8.0`. This will cause
the docs app to use the latest version, namely 1.8.0.

[1]: https://ajax.googleapis.com/ajax/libs/angularjs/1.8.0/angular.js
2020-08-13 15:10:08 +03:00
dependabot[bot] a2811b1ccb chore(deps): bump elliptic from 6.3.3 to 6.5.3
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.3.3 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.3.3...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Closes #17059
2020-07-30 18:46:30 +03:00
George Kalpakas 0f0e2fbe4e fix(doc-gen): use the correct lodash method in dgeni processor (indexBy --> keyBy)
The `indexBy()` method was renamed to `keyBy()` in lodash v4 (see
lodash/lodash@b1d52ccd82). This commit
updates all usages of `indexBy()` to `keyBy()`.
2020-07-30 12:26:43 +03:00
dependabot[bot] 8ca6115917 chore(deps-dev): bump lodash from 2.4.2 to 4.17.19
Bumps [lodash](https://github.com/lodash/lodash) from 2.4.2 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/2.4.2...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-30 12:26:40 +03:00
dependabot[bot] 8758bafc83 chore(deps): bump lodash
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-30 12:26:38 +03:00
dependabot[bot] a94dbfe89e chore(deps): bump lodash
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-30 12:26:36 +03:00
Ewa G 6617ed5d41 docs(misc/Version Support Status): mention LTS extension by 6 months due to COVID
Due to COVID-19 affecting teams migrating from AngularJS, the Long Term Support period has been
extended by 6 months (until the end of 2021). See announcement on Twitter:
https://twitter.com/angular/status/1287780634572857357

This commit updates the "Version Support Status" page to also mention the extension.

Partially addresses #17058.
2020-07-30 12:20:28 +03:00
dependabot[bot] 5f9d831117 Merge pull request #17043 from angular/dependabot/npm_and_yarn/scripts/docs.angularjs.org-firebase/functions/websocket-extensions-0.1.4
chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4 in /scripts/docs.angularjs.org-firebase/functions
2020-06-11 11:47:59 +01:00
dependabot[bot] 80fbe2f291 chore(deps): bump websocket-extensions
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>
2020-06-11 11:46:50 +01:00
Harri Lehtola 6717e2c0e2 fix($sanitize): do not trigger CSP alert/report in Firefox and Chrome
If `ngSanitize` is added as a module dependency and a Content-Security-Policy
is set that does not allow inline styles then Firefox and Chrome show the
following message:

> Content Security Policy: The page’s settings observed the loading of a
resource at self (“default-src”). A CSP report is being sent.

This message is caused because AngularJS is creating an inline style tag
to test for a browser bug that we use to decide what sanitization strategy
to use, which causes CSP violation errors if inline CSS is prohibited.

This test is no longer necessary, since the `DOMParser` is now safe to use
and the `style` based check is redundant.

In this fix, we default to using `DOMParser` if it is available and fall back
to `createHTMLDocument()` if needed. This is the approach used by DOMPurify
too.

The related unit tests in `sanitizeSpec.js`, "should not allow JavaScript
execution when creating inert document" and "should not allow JavaScript
hidden in badly formed HTML to get through sanitization (Firefox bug)", are
left untouched to assert that the behavior hasn't changed in those scenarios.

Fixes #16463.
2020-06-11 11:44:03 +01:00
Pete Bacon Darwin 55157817f3 chore: update changelog with vulnerability credits 2020-06-05 13:35:57 +01:00
Pete Bacon Darwin 55e96b5769 chore(*): update dist-tag for 1.8.0 2020-06-04 17:57:19 +01:00
2 changed files with 3 additions and 2 deletions
@@ -25,4 +25,5 @@ See https://goo.gle/angularjs-end-of-life for the full details.
If you need extended support for AngularJS, you should consider:
* [HeroDevs](https://www.herodevs.com/support/nes-angularjs)
* [XLTS.dev](https://xlts.dev/angularjs)
* [OpenLogic](https://www.openlogic.com/solutions/angularjs-support-and-services)
+1 -1
View File
@@ -3,7 +3,7 @@
"license": "MIT",
"branchVersion": "^1.8.0",
"branchPattern": "1.8.*",
"distTag": "next",
"distTag": "latest",
"repository": {
"type": "git",
"url": "https://github.com/angular/angular.js.git"