jordan-hall / angular-material-rail-drawer-plugin Goto Github PK
View Code? Open in Web Editor NEWAngular Material extension for mini/rail drawer variant
License: Other
Angular Material extension for mini/rail drawer variant
License: Other
SockJS-node is a server counterpart of SockJS-client a JavaScript library that provides a WebSocket-like object in the browser. SockJS gives you a coherent, cross-browser, Javascript API which creates a low latency, full duplex, cross-domain communication
Library home page: https://registry.npmjs.org/sockjs/-/sockjs-0.3.19.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/sockjs/package.json
Dependency Hierarchy:
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
Publish Date: 2020-07-09
URL: CVE-2020-7693
Base Score Metrics:
Type: Upgrade version
Origin: sockjs/sockjs-node#265
Release Date: 2020-07-09
Fix Resolution: sockjs - 0.3.20
Step up your Open Source Security Game with WhiteSource here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/elliptic/package.json
Dependency Hierarchy:
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.
Publish Date: 2021-02-02
URL: CVE-2020-28498
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498
Release Date: 2021-02-02
Fix Resolution: v6.5.4
Step up your Open Source Security Game with WhiteSource here
Hi! When sidenav gets opened it blinks for a moment.
This can be seen at stackblitz from a recent issue: https://stackblitz.com/edit/angular-material-mini-variant
When the sidenav's background is white it's not a big deal, but when it's colored the flash becomes apparent. Blink happens only on opening, not closing.
When following the installation steps outlined in the readme and running ng build
I receive the following error:
Error: src/app/components/navigation/navigation.component.html:13:38 - error TS2322: Type '"rail"' is not assignable to type 'MatDrawerMode'.
13 <mat-sidenav #left class="sidenav" mode="rail" opened closeWidth="60px" expandedWidth="200px"
~~~~
src/app/components/navigation/navigation.component.ts:5:16
5 templateUrl: './navigation.component.html',
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Error occurs in the template of component NavigationComponent.
I am using angular 12.1.2, node 14.16.
Below is my package.json dependencies
"dependencies": {
"@angular/animations": "~12.1.2",
"@angular/cdk": "^12.1.2",
"@angular/common": "~12.1.2",
"@angular/compiler": "~12.1.2",
"@angular/core": "~12.1.2",
"@angular/forms": "~12.1.2",
"@angular/material": "^12.1.2",
"@angular/platform-browser": "~12.1.2",
"@angular/platform-browser-dynamic": "~12.1.2",
"@angular/router": "~12.1.2",
"@datorama/akita": "^6.2.1",
"angular-material-rail-drawer": "0.0.6",
"angular-oauth2-oidc": "^10.0.3",
"angular-pipes": "^10.0.0",
"rxjs": "~6.6.0",
"tslib": "^2.0.0",
"zone.js": "~0.11.4"
}
here is my app.module.ts
import { LayoutModule } from '@angular/cdk/layout';
import { HttpClientModule } from '@angular/common/http';
import { NgModule } from '@angular/core';
import { BrowserModule } from '@angular/platform-browser';
import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
import { DrawerRailModule } from 'angular-material-rail-drawer';
import { OAuthModule } from 'angular-oauth2-oidc';
import { NgArrayPipesModule, NgWherePipeModule } from 'angular-pipes';
import { AppRoutingModule } from './app-routing.module';
import { AppComponent } from './app.component';
import { HealthComponent } from './components/health/health.component';
import { HomeComponent } from './components/home/home.component';
import { LogoutComponent } from './components/logout/logout.component';
import { NavigationComponent } from './components/navigation/navigation.component';
import { SnackBarMessageComponent } from './components/snack-bar-message/snack-bar-message.component';
import { AdministrationModule } from './modules/administration/administration.module';
import { GravityMaterialModule } from './modules/gravity-material/gravity-material.module';
import { AuthGuard } from './services/auth-guard/auth-guard.service';
import { ConfigModule } from './services/config/config.module';
@NgModule({
declarations: [
AppComponent,
NavigationComponent,
HomeComponent,
HealthComponent,
LogoutComponent,
SnackBarMessageComponent
],
imports: [
OAuthModule.forRoot(),
NgArrayPipesModule,
NgWherePipeModule,
BrowserModule,
AppRoutingModule,
BrowserAnimationsModule,
HttpClientModule,
LayoutModule,
DrawerRailModule,
MyMaterialModule,
AdministrationModule,
ConfigModule
],
providers: [AuthGuard],
bootstrap: [AppComponent],
})
export class AppModule {}
In my navigation.component that has the mat-sidenav here is the markup
<mat-sidenav #left class="sidenav" mode="rail" opened closeWidth="60px" expandedWidth="200px"
[fixedInViewport]="true" [fixedTopGap]="65">
I am not sure if this is angular version issue or if I am missing something. I have my material modules in a separate module, i.e. MyMaterialModule which is imported into the appModule, I have also tried moving the DrawerRailModule to AppModule but this did not help. I can provide more information if required.
Hi there,
1st - Thank you! Its amazing that the Angular Material team don't have this in their original control. I would have thought it was a common use case.
2nd - I just upgraded from Angular 9.1.5 to v10 (which was only released yesterday) and when doing the Material part of the upgrade, it rejects it with a dependency error as you've marked your plugin to use < 10.0.0. I used the --forced option to complete the upgrade and the control still works. Granted I've only been testing in Chrome so far. Just checked the Angular Material documentation and it still does not make mention of mode="rail" as one of the options. So I think its safe for you to raise the dependency version to allow the upgrade without using --forced.
Hello, I have ran into a strange behavior today. When using a mat-toolbar as a header outside of the mat-sidenav-container, the page will autoscroll to only fit the sidenav thus hiding the header.
I'm on a project where I need to have the header on top of the sidenav.
If you want to reproduce, just use your example (BTW you forgot to add your plugin "angular-material-rail-drawer-plugin" dependancy inside it) and replace home.component.html with the following :
<mat-toolbar color="primary" class="mat-elevation-z1">
<button mat-icon-button id="menu" (click)="appDrawer.toggle()">
<mat-icon>menu</mat-icon>
</button>
<span>Mini Variant</span>
</mat-toolbar>
<mat-sidenav-container>
<mat-sidenav #appDrawer mode="rail" opened="true">
<mat-nav-list class="dashboard">
<a mat-list-item>
<mat-icon mat-list-icon >account_circle</mat-icon>
<p matLine>Name</p>
</a>
<mat-divider></mat-divider>
<a mat-list-item>
<mat-icon mat-list-icon>inbox</mat-icon>
<p matLine>Inbox</p>
</a>
<a mat-list-item>
<mat-icon mat-list-icon>star</mat-icon>
<p matLine>Starred</p>
</a>
<a mat-list-item>
<mat-icon mat-list-icon>drafts</mat-icon>
<p matLine >Drafts</p>
</a>
</mat-nav-list>
</mat-sidenav>
<mat-sidenav-content>
<mat-toolbar color="primary" class="mat-elevation-z1">
<button mat-icon-button id="menu" (click)="appDrawer.toggle()">
<mat-icon>menu</mat-icon>
</button>
<span>Mini Variant</span>
</mat-toolbar>
<div class="container">
<h1 style="text-transform: uppercase">
Angular Material Navigation drawer — Adding support mode = “Rail” (mini variant behaviour)
</h1>
<p>Since 2016, the Angular community has been shouting out of a <a href="https://github.com/angular/components/issues/1728" class="cl gt gu gv gw gx" target="_blank" rel="noopener nofollow">mini variant for material design</a>, including this article by <a href="https://medium.com/u/2a8339499ae0?source=post_page-----8f7b107700b3----------------------" class="gy be gt" target="_blank" rel="noopener">Harkirat Singh</a> which you can view here: <a class="cl gt gu gv gw gx" target="_blank" rel="noopener" href="/@harkiratsingh.026/angular-6-mini-variant-drawer-d5326be55dd1">Angular 6 — Mini-Variant Drawer</a>. Unfortunately every version I’ve seen currently uses some form of *ngIf</p>
<figure><div><div><iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fstackblitz.com%2Fedit%2Fangular-jwbu9k%3Fembed%3D1%26file%3Dsrc%252Fapp%252Fminivariant.component.ts&display_name=StackBlitz&url=https%3A%2F%2Fstackblitz.com%2Fedit%2Fangular-jwbu9k%3Ffile%3Dsrc%252Fapp%252Fminivariant.component.ts&image=https%3A%2F%2Fc.staticblitz.com%2Fassets%2Ficon-664493542621427cc8adae5e8f50d632f87aaa6ea1ce5b01e9a3d05b57940a9f.png&key=a19fcc184b9711e1b4764040d3dc5c07&type=text%2Fhtml&schema=stackblitz" allowfullscreen="" frameborder="0" height="400" width="100%" title="angular-jwbu9k - StackBlitz" scrolling="auto"></iframe></div></div></figure>
<p>Other solutions include using CSS and setting a min with; however, what all of these solutions are lacking are animation support and straight forward implantation. In late December a client I was working for, wanted to use the official <a href="https://material.angular.io/" target="_blank" rel="noopener nofollow">Angular Material design</a> but also wanted to support a mini variant. At the time, I wrote a prototype using a customer directive called <code>mat-nav-mini.</code></p>
<h2>My issues with <code>mat-nav-mini</code> Solution</h2>
<p>The implementation was easy. You pick either the drawer or the sidenav drawer and add the custom directive. However, the UI was written abstract and wasn’t using the official <code>mat-sidenav-container.</code> However, I still didn’t like this approach; it felt bulky and still not a “realistic” implementation that the official team my introduce. At the time, I decided to share the result on <a href="https://github.com/angular/components/issues/1728#issuecomment-576750289" target="_blank" rel="noopener nofollow">Github</a> for people to use as a cleaner implementation to *ngIf.</p>
<p>Then the other day, I looked back through the thread on GitHub, and someone called <a href="https://github.com/angular/components/issues/1728#issuecomment-617342659" target="_blank" rel="noopener nofollow">Angelfraga</a> asked to create a working example.</p>
<figure><div><div><div><div><img width="100%" srcset="https://miro.medium.com/max/552/1*jO-d5LA3lHl0lqq3VO8Nzg.png 276w, https://miro.medium.com/max/1104/1*jO-d5LA3lHl0lqq3VO8Nzg.png 552w, https://miro.medium.com/max/1280/1*jO-d5LA3lHl0lqq3VO8Nzg.png 640w, https://miro.medium.com/max/1400/1*jO-d5LA3lHl0lqq3VO8Nzg.png 700w" sizes="700px" role="presentation" src="https://miro.medium.com/max/753/1*jO-d5LA3lHl0lqq3VO8Nzg.png"><noscript><img class="s t u ik ai" src="https://miro.medium.com/max/1506/1*jO-d5LA3lHl0lqq3VO8Nzg.png" width="753" height="229" srcSet="https://miro.medium.com/max/552/1*jO-d5LA3lHl0lqq3VO8Nzg.png 276w, https://miro.medium.com/max/1104/1*jO-d5LA3lHl0lqq3VO8Nzg.png 552w, https://miro.medium.com/max/1280/1*jO-d5LA3lHl0lqq3VO8Nzg.png 640w, https://miro.medium.com/max/1400/1*jO-d5LA3lHl0lqq3VO8Nzg.png 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure>
<p>A few more days have passed by, and I decided, I’ll make a working example. However, for the working example, I wanted to make the right implementation that meet my strict objectives</p>
<ul class="">
<li>They should be no new directive.</li>
<li>No extra markup to ensure element was hiding</li>
<li>Simple end-user implementation</li>
<li>Something that should be relatively easy to migrate if Angular Material get chance to make an official release</li>
</ul>
<h2>Designing a solution</h2>
<p>Material has long last drawn up specs for <a href="https://material.io/components/navigation-rail" target="_blank" rel="noopener nofollow">“Navigation rail.”</a> Inside the Specs they a behaviour usage: “Some apps, such as <a href="https://material.io/design/material-studies/reply" target="_blank" rel="noopener nofollow">Material’s Reply</a>, customize and extend the rail to function as both a rail and a navigation drawer.”</p>
<p>The goal is now to create a drawer implementation for a new mode setting <code>mode="rail".</code> Any new implementation should be implementing the existing material drawer component but with <code >mode="rail"</code>.</p>
<p>The solution meant no extending drawer component, no CSS solution but somehow adding functionality to “mode” which was an input for both md-drawer and md-sidenav-drawer</p>
<h2>Solving the the problem</h2>
<p>The first step was determining the first issue to overcome. The design solution requires you to use the mode input with the option of “rail” this was easy to overcome as every <code >@Input()</code>In angular is a simple implementation of the custom directive.</p>
<p>The next problem was the SCSS. Looking at the specs for Navigation rail, the drawer would be the same spec as the “side” drawer; this meant we didn’t have to write custom scss file that needed to import. That allowed me to use the “host” property and assign the same class as “side”.</p>
<p>After tackling these two issues, after two hours of work, looking through angular code file, I managed to come up with a solution. The solution is a simple directive that needs to include in your module.</p>
<p><strong class="gb jq">Result</strong> is the page you are looking at. <a href="https://stackblitz.com/edit/angular-material-mini-variant">View Source</a></p>
</div>
</mat-sidenav-content>
</mat-sidenav-container>
You'll see that when clicking on the sidebar on any of the icons, the page will "jump" to hide the header.
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/lodash/package.json
Dependency Hierarchy:
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash-4.17.21
Step up your Open Source Security Game with WhiteSource here
Hi Jordan.
Thank you for the plugin and for sharing is with the community!
I would like to make the mode conditional (based on media queries) but as soon as I change the mode to a property binding value, it defaults to 'over'.
<mat-sidenav #appDrawer [mode]="mode" opened="true">
import { Component, ViewChild, ElementRef } from '@angular/core';
@Component()
export class AppComponent {
mode = 'rail';
}
Please can you point me in the right direction?
Thanking you
Amanda
If I use a box-shadow, the side-nav (mode="rail"
), keeps it only when opened. When I close, the box-shadow disapear.
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: /tmp/ws-scm/angular-material-rail-drawer-plugin/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express-3.x/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/multiplex/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Hello, is there any API variable that can tell programatically if the drawer is in mini or expanded mode ?
I've seen that you've added APIs that I were searching for yesterday so maybe you have this one too ?
socket.io protocol parser
Library home page: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.2.0.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/socket.io-parser/package.json
Dependency Hierarchy:
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
Publish Date: 2021-01-08
URL: CVE-2020-36049
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36049
Release Date: 2021-01-08
Fix Resolution: socket.io-parser - 3.4.1
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/lodash/package.json
Dependency Hierarchy:
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
HTTP proxying for the masses
Library home page: https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.0.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/http-proxy/package.json
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.
Publish Date: 2020-05-14
URL: WS-2020-0091
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1486
Release Date: 2020-05-26
Fix Resolution: http-proxy - 1.18.1
Step up your Open Source Security Game with WhiteSource here
XMLHttpRequest for Node
Library home page: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/xmlhttprequest-ssl/package.json
Dependency Hierarchy:
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
Publish Date: 2021-04-23
URL: CVE-2021-31597
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31597
Release Date: 2021-04-23
Fix Resolution: xmlhttprequest-ssl - 1.6.1
Step up your Open Source Security Game with WhiteSource here
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.12.0.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/browserslist/package.json
Dependency Hierarchy:
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
It happens either on https://stackblitz.com/edit/angular-material-mini-variant or in my own project using your rail drawer plugin.
`
ERROR TypeError: Cannot read property 'style' of null
at DefaultDomRenderer2.setStyle (dom_renderer.ts:192)
at BaseAnimationRenderer.setStyle (animation_renderer.ts:176)
at DebugRenderer2.setStyle (services.ts:804)
at MatDrawerRailDirective.ngAfterContentInit (drawer-rail.directive.ts:70)
at callProviderLifecycles (provider.ts:562)
at callElementProvidersLifecycles (provider.ts:541)
at callLifecycleHooksChildrenFirst (provider.ts:529)
at checkAndUpdateView (view.ts:365)
at callViewAction (view.ts:615)
at execComponentViewsAction (view.ts:559)
`
That was get at the console of Chrome in the url above.
The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server
Library home page: https://registry.npmjs.org/engine.io/-/engine.io-3.2.1.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/engine.io/package.json
Dependency Hierarchy:
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
Publish Date: 2021-01-08
URL: CVE-2020-36048
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048
Release Date: 2021-01-08
Fix Resolution: engine.io - 4.0.0
Step up your Open Source Security Game with WhiteSource here
Hello community,
I wanted to bring to your attention that the angular-material-rail-drawer
package will no longer be updated to support Angular V17 and future versions. This decision has been made after careful consideration, and I'd like to share the reasons behind it:
Historical Context: The need for this feature was first highlighted in an issue dating back to Nov 4, 2016. Recognizing the community's demand and the lack of progress on the official front, I took the initiative to create this package and submitted a PR on May 12, 2020. Despite the clear demand and the passage of time, the concerns and needs of the community, in my humble view, seem to have been either ignored or given a lower priority by the Angular team.
New Syntax: Angular V17 introduces a new syntax that, in my opinion, is not in the best interest of developers. The changes seem to complicate rather than simplify the development process, making it less intuitive and more challenging to adopt.
Direction of Angular: Beyond just the syntax, the overall direction in which Angular is heading raises concerns. The framework's evolution seems to be diverging from the principles that made it popular in the first place.
Continue Using Older Versions: If your project relies on versions of Angular prior to V17, you can continue using the angular-material-rail-drawer
package without issues.
Hard Fork of Angular: For those who share similar concerns about Angular's direction, one option is to consider a hard fork of Angular. This would allow the community to maintain and evolve a version of Angular that aligns more closely with our preferences and needs.
Seek Alternatives: There are other frameworks and libraries available that might better suit your needs. It might be worth exploring these alternatives if Angular's direction is a significant concern.
Lastly, I want to express my gratitude to the Angular team for their hard work over the years. While I have personal disagreements with some of the decisions, I deeply appreciate their dedication and contributions to the community.
Thank you for your understanding and support.
Fetch-based http client for use with npm registry APIs
Library home page: https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.4.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/npm-registry-fetch/package.json
Dependency Hierarchy:
npm-registry-fetch before 4.0.5 and 8.1.1 is vulnerable to an information exposure vulnerability through log files.
Publish Date: 2020-07-07
URL: WS-2020-0127
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1544
Release Date: 2020-07-14
Fix Resolution: npm-registry-fetch - 4.0.5,8.1.1
Step up your Open Source Security Game with WhiteSource here
Hey thanks for this! I'm having a problem with the size of the . If I change the width, it covers the hamburger menu.
It's also not automatically sizing to the text of the buttons, as stated. If I have a longer button name, it wraps instead of pushing out the width to accommodate.
Spent quite a while viewing the source code but I can't find a way to change this? Please help, it's sooooooo close!
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Publish Date: 2020-06-01
URL: CVE-2020-7660
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660
Release Date: 2020-06-01
Fix Resolution: serialize-javascript - 3.1.0
Step up your Open Source Security Game with WhiteSource here
XMLHttpRequest for Node
Library home page: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/xmlhttprequest-ssl/package.json
Dependency Hierarchy:
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.
Publish Date: 2021-03-05
URL: CVE-2020-28502
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28502
Release Date: 2021-03-05
Fix Resolution: xmlhttprequest - 1.7.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express-3.x/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/multiplex/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
node.js realtime framework server
Library home page: https://registry.npmjs.org/socket.io/-/socket.io-2.1.1.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/socket.io/package.json
Dependency Hierarchy:
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
Publish Date: 2021-01-19
URL: CVE-2020-28481
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28481
Release Date: 2021-01-19
Fix Resolution: 2.4.0
Step up your Open Source Security Game with WhiteSource here
Hi there, Im currently checking out your package, great work! thank you very much!
One thing that is missing is a license (at least on npm) (hopefully like MIT or BSD,... :) ) such that I am allowed to use it for commercial applications
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
all versions of elliptic are vulnerable to Timing Attack through side-channels.
Publish Date: 2019-11-13
URL: WS-2019-0424
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
It seems you removed the module from the public_api.ts accidentally: dd64664#diff-13acfda7a5a5e239d77d61503fc8655d27bba738385a9ff459bd25025bfbe860
I just updated to the latest version and my build broke. I found out there the DrawerRailModule is missed. After a short research I found the mistake. I also created a PR to fix this.
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/lodash/package.json
Dependency Hierarchy:
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-23
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/webpack-dev-server/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: yargs/yargs-parser@63810ca
Release Date: 2020-06-05
Fix Resolution: 5.0.1;13.1.2;15.0.1;18.1.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express-3.x/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/multiplex/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Any plans to support angular 16?
I'm trying to create a SideNav that has 3 modes depending on the screen size. In mobile screens it will be fully hidden until the user clicks the "menu" icon, in medium screens it will show as a rail, and in large screens it will show as a full menu.
I tried to set this up using binding for the mode, but this doesn't work as per the previous issue. The only solution that "works" is for me to create multiple sidenavs and just show or hide the one I need, but this creates formatting issues.
How can I accomplish this?
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Publish Date: 2013-03-08
URL: CVE-2011-4969
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2011-4969
Release Date: 2013-03-08
Fix Resolution: 1.6.3
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express-3.x/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/multiplex/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-q4m3-2j7h-f7xw
Release Date: 2020-05-28
Fix Resolution: jquery - 1.9.0
Step up your Open Source Security Game with WhiteSource here
I am trying to integrate the rail into my project, and this is the error I am getting:
./node_modules/angular-material-rail-drawer/fesm2015/angular-material-rail-drawer.mjs - Error: Module build failed (from ./node_modules/@angular-devkit/build-angular/src/babel/webpack-loader.js):
TypeError: Cannot create property 'message' on string 'C:\baroloop\github\RPM-Frontend\node_modules\angular-material-rail-drawer\fesm2015\angular-material-rail-drawer.mjs: This application depends upon a library published using Angular version 14.0.6, which requires Angular version 14.0.0 or newer to work correctly.
Consider upgrading your application to use a more recent version of Angular.
at C:\baroloop\github\RPM-Frontend\node_modules\gensync\index.js:113:33
at step (C:\baroloop\github\RPM-Frontend\node_modules\gensync\index.js:287:14) at C:\baroloop\github\RPM-Frontend\node_modules\gensync\index.js:273:13 at async.call.result.err.err (C:\baroloop\github\RPM-Frontend\node_modules\gensync\index.js:223:11)
Error: node_modules/angular-material-rail-drawer/lib/drawer-rail.directive.d.ts:27:18 - error TS2314: Generic type 'ɵɵDirectiveDeclaration' requires 6 type argument(s).
27 static ɵdir: i0.ɵɵDirectiveDeclaration<MatDrawerRailDirective, "mat-sidenav[mode="rail"], mat-drawer[mode="rail"], mat-sidenav[rail-mode], mat-drawer[rail-mode]", never, { "openAnimation": "openAnimation"; "closeAnimation": "closeAnimation"; "closeWidth": "closeWidth"; "expandedWidth": "expandedWidth"; }, {}, never, never, false>; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Any ideas how to fix this? Thanks in advance!
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/sockjs/examples/hapi/html/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express-3.x/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/multiplex/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/express/index.html,angular-material-rail-drawer-plugin/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
Found in HEAD commit: e2a635ee3b3d0a5deb8a12c693a1948003799ec6
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: angular-material-rail-drawer-plugin/node_modules/elliptic/package.json
Dependency Hierarchy:
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Publish Date: 2020-06-04
URL: CVE-2020-13822
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/indutny/elliptic/tree/v6.5.3
Release Date: 2020-06-04
Fix Resolution: v6.5.3
Step up your Open Source Security Game with WhiteSource here
Hi there, Im currently checking out your package, great work! thank you very much!
One thing that is missing is a license (at least on npm) (hopefully like MIT or BSD,... :) ) such that I am allowed to use it for commercial applications
Thanks for this great contribution. Any plans on supporting right side drawer?
The current issue (version 0.0.4) can be reproduced by adding position="end"
on your Stackblitz and toggle the drawer. The main content moves sideways.
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-6.12.0.tgz
Path to dependency file: /tmp/ws-scm/angular-material-rail-drawer-plugin/package.json
Path to vulnerable library: /tmp/ws-scm/angular-material-rail-drawer-plugin/node_modules/ajv/package.json
Dependency Hierarchy:
Found in HEAD commit: 0799227358223988278a5d1101252574d1551d5a
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
Release Date: 2020-07-15
Fix Resolution: ajv - 6.12.3
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.