Skip to content

fix(deps): update angular-cli monorepo to v19.2.23#2211

Merged
kamilmysliwiec merged 1 commit intomasterfrom
renovate/angular-cli-monorepo
Mar 31, 2026
Merged

fix(deps): update angular-cli monorepo to v19.2.23#2211
kamilmysliwiec merged 1 commit intomasterfrom
renovate/angular-cli-monorepo

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Oct 15, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@angular-devkit/core 19.2.1719.2.23 age confidence
@angular-devkit/schematics 19.2.1719.2.23 age confidence

Release Notes

angular/angular-cli (@​angular-devkit/core)

v19.2.23

Compare Source

@​angular/cli
Commit Type Description
67cfbe32f fix update picomatch to 4.0.4
@​angular-devkit/build-angular
Commit Type Description
771b979e7 fix update picomatch to 4.0.4
@​angular-devkit/core
Commit Type Description
de2da4874 fix update picomatch to 4.0.4
@​angular/build
Commit Type Description
27a9ce4a7 fix update picomatch to 4.0.4

v19.2.22

Compare Source

@​angular-devkit/core
Commit Type Description
0a01aecd9 fix update ajv to 8.18.0
@​angular/build
Commit Type Description
79f59412a fix update rollup to 4.59.0

v19.2.21

Compare Source

@​angular/ssr
Commit Type Description
288e22816 fix prevent open redirect via X-Forwarded-Prefix header
2a72d7483 fix validate host headers to prevent header-based SSRF

v19.2.20

Compare Source

@​angular-devkit/build-angular
Commit Type Description
0e5421ba7 fix update webpack to 5.105.0

v19.2.19

Compare Source

@​angular/build
Commit Type Description
4d8ea27a1 fix update vite to v6.4.1

v19.2.18

Compare Source

@​angular/ssr
Commit Type Description
9136a5d13 fix prevent malicious URL from overriding host

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from b256d8e to fa5aeea Compare October 21, 2025 15:10
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from fa5aeea to e4d5567 Compare October 29, 2025 16:10
@renovate renovate Bot changed the title fix(deps): update angular-cli monorepo to v19.2.18 fix(deps): update angular-cli monorepo to v19.2.19 Oct 29, 2025
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from e4d5567 to ad8ad87 Compare November 10, 2025 14:12
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from ad8ad87 to 1afc841 Compare November 18, 2025 11:44
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from 1afc841 to 155db3e Compare December 3, 2025 18:59
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from 155db3e to 0fdff36 Compare December 31, 2025 12:41
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from 0fdff36 to eb1dfd9 Compare January 8, 2026 19:01
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch 2 times, most recently from 8923db8 to aebc85c Compare January 23, 2026 18:05
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from aebc85c to 03d47f6 Compare February 2, 2026 15:31
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch 2 times, most recently from 49e1dd5 to 5f9abf5 Compare February 13, 2026 14:06
@renovate renovate Bot changed the title fix(deps): update angular-cli monorepo to v19.2.19 fix(deps): update angular-cli monorepo to v19.2.20 Feb 13, 2026
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch 2 times, most recently from 2501577 to 2735219 Compare February 23, 2026 18:05
@renovate renovate Bot changed the title fix(deps): update angular-cli monorepo to v19.2.20 fix(deps): update angular-cli monorepo to v19.2.21 Feb 23, 2026
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from 2735219 to dc52ca7 Compare February 26, 2026 21:58
@renovate renovate Bot changed the title fix(deps): update angular-cli monorepo to v19.2.21 fix(deps): update angular-cli monorepo to v19.2.22 Feb 26, 2026
@raheel-iso365
Copy link
Copy Markdown

raheel-iso365 commented Mar 3, 2026

Is this getting closed anytime soon?

npm audit
# npm audit report

ajv  7.0.0-alpha.0 - 8.17.1
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6

Which is coming from @angular-devkit/core@19.2.19:

npm ls ajv@8.17

├─┬ @nestjs/cli@11.0.16
│ └─┬ @angular-devkit/core@19.2.19
│   └── ajv@8.17.1
└─┬ @nestjs/schematics@11.0.9
  └─┬ @angular-devkit/core@19.2.17
    └── ajv@8.17.1

@SchroederSteffen
Copy link
Copy Markdown

SchroederSteffen commented Mar 5, 2026

Related:

@SchroederSteffen SchroederSteffen mentioned this pull request Mar 5, 2026
Merged
1 task
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from dc52ca7 to e5afdc6 Compare March 5, 2026 14:53
@Timur2915
Copy link
Copy Markdown

Timur2915 commented Mar 10, 2026

@kamilmysliwiec could you please take a look at this PR?

Is this getting closed anytime soon?

npm audit
# npm audit report

ajv  7.0.0-alpha.0 - 8.17.1
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6

Which is coming from @angular-devkit/core@19.2.19:

npm ls ajv@8.17

├─┬ @nestjs/cli@11.0.16
│ └─┬ @angular-devkit/core@19.2.19
│   └── ajv@8.17.1
└─┬ @nestjs/schematics@11.0.9
  └─┬ @angular-devkit/core@19.2.17
    └── ajv@8.17.1

@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from e5afdc6 to dae2262 Compare March 13, 2026 10:40
@prateekkathal
Copy link
Copy Markdown

prateekkathal commented Mar 20, 2026

@kamilmysliwiec Can we please release a new v11 update for this? Thank you!

@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from dae2262 to 5319b7c Compare March 27, 2026 09:36
@renovate renovate Bot changed the title fix(deps): update angular-cli monorepo to v19.2.22 fix(deps): update angular-cli monorepo to v19.2.23 Mar 27, 2026
@prateekkathal
Copy link
Copy Markdown

prateekkathal commented Mar 27, 2026

This PR now also fixes GHSA-c2c7-rcm5-vvqj:

picomatch  <=2.3.1 || 4.0.0 - 4.0.3
Severity: high
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - https://github.com/advisories/GHSA-3v7f-55p6-f55p
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - https://github.com/advisories/GHSA-3v7f-55p6-f55p
Picomatch has a ReDoS vulnerability via extglob quantifiers - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
Picomatch has a ReDoS vulnerability via extglob quantifiers - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj

@SchroederSteffen SchroederSteffen mentioned this pull request Mar 31, 2026
Closed
4 tasks
@renovate renovate Bot force-pushed the renovate/angular-cli-monorepo branch from 5319b7c to ee1313b Compare March 31, 2026 07:44
@kamilmysliwiec kamilmysliwiec merged commit 7a16b71 into master Mar 31, 2026
1 check passed
@renovate renovate Bot deleted the renovate/angular-cli-monorepo branch March 31, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@raheel-iso365 @SchroederSteffen @Timur2915 @prateekkathal @kamilmysliwiec