AngularJS: vulnerability: npm audit fix https://github.com/advisories/GHSA-89mq-4x47-5v83 "In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload." Although, don't see how this is a real threat to the webui fixed anyway. https://github.com/angular/angular.js/compare/v1.7.8...v1.7.9 The difference between 1.7.8 and 1.7.9 is small. Discussion in the works to move any from AngularJS https://lists.ozlabs.org/pipermail/openbmc/2019-November/019431.html Tested: Built and loaded on a Witherspoon Change-Id: Ibe2c9671203a76cd8b4dbb8b1dbbaae2a8230138 Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

commit: 86f4056a2dfee6fced5b5b03de04a7ef9c33d74f [log] [tgz]
author: Gunnar Mills <gmills@us.ibm.com> Wed Nov 20 15:48:16 2019 -0600
committer: Gunnar Mills <gmills@us.ibm.com> Wed Dec 04 16:23:03 2019 -0600
tree: c1476c9ceeadb155400e8b01ae8d1340a9f15087
parent: b42b93d8adcf463dc7cc4422cf6718d698c95236 [diff] [blame]
diff --git a/package.json b/package.json
index 48f4cb1..04c02dc 100644
--- a/package.json
+++ b/package.json

@@ -35,7 +35,7 @@
   ],
   "dependencies": {
     "@novnc/novnc": "1.1.0",
-    "angular": "1.7.8",
+    "angular": "1.7.9",
     "angular-animate": "1.7.8",
     "angular-clipboard": "1.7.0",
     "angular-cookies": "1.7.8",
@@ -50,8 +50,8 @@
     "ng-toast": "2.0.0",
     "pkg-dir": "4.2.0",
     "regenerator-runtime": "0.13.3",
-    "xterm": "3.14.5",
-    "text-encoding": "0.7.0"
+    "text-encoding": "0.7.0",
+    "xterm": "3.14.5"
   },
   "peerDependencies": {},
   "devDependencies": {
commit	86f4056a2dfee6fced5b5b03de04a7ef9c33d74f	[log] [tgz]
author	Gunnar Mills <gmills@us.ibm.com>	Wed Nov 20 15:48:16 2019 -0600
committer	Gunnar Mills <gmills@us.ibm.com>	Wed Dec 04 16:23:03 2019 -0600
tree	c1476c9ceeadb155400e8b01ae8d1340a9f15087
parent	b42b93d8adcf463dc7cc4422cf6718d698c95236 [diff] [blame]