[Security] Bump ng-packagr from 4.7.1 to 10.1.1

[dependabot-preview]

Bumps ng-packagr from 4.7.1 to 10.1.1. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

OS Command Injection in ng-packagr The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Affected versions: < 10.1.1

Release notes

Sourced from ng-packagr's releases.

v10.0.0-rc.2

Bug Fixes

• issues with emitting declarationMap (38ad52b), closes #1464

10.0.0-rc.1 (2020-06-10)

v10.0.0-rc.1

Bug Fixes

• disable CSS calc optimizations (bdcc938)
• release commit message formatting (300b4bf)
• update @​rollup/plugin-commonjs to version ^13.0.0 (9413dbd)
• watch assets files and re-copy on changes (e7465c3), closes #1545

v10.0.0-rc.0

Bug Fixes

• remove custom namespaced sourceRoot in sourcemaps (481dd8f), closes #1622
• remove tslib from peerDependencies when adding it to dependencies (2981f73)
• update @​rollup/plugin-commonjs to version ^12.0.0 (e89c5b1)
• update @​rollup/plugin-node-resolve to version ^8.0.0 (b2ac9a2)

Performance

• don't set setParentNodes for analyse sourcefiles (d0ce240)

v10.0.0-next.2

⚠ BREAKING CHANGES

• cssUrl option default value has been changed to inline More info about this option can be found: https://github.com/ng-packagr/ng-packagr/blob/master/docs/embed-assets-css.md
• TypeScript 3.8 is no longer supported, please update to TypeScript 3.9

Features

• embed assets in css file using data uri by default (d2a5731)

Bug Fixes

• auto add tslib as direct dependency (4145af5)

... (truncated)

Changelog

Sourced from ng-packagr's changelog.

10.1.1 (2020-09-25)

Bug Fixes

• add basePath as sourceRoot (681fb1c)
• replace execFile with execFileSync to fix a potential malicious cmd injection (bda0fff)

10.1.0 (2020-08-27)

Features

• add support for TypeScript 4 (eb8b0c2)
• show warning on deprecated option usage (551a4d9)

Bug Fixes

• update commander to version ^6.0.0 (ec736e5)

Performance

• cache normalized paths (92f68e3)

10.0.4 (2020-08-13)

Bug Fixes

• update @​rollup/plugin-commonjs to version ^15.0.0 (cc3254a)
• update @​rollup/plugin-node-resolve to version ^9.0.0 (47606fd)

10.0.3 (2020-07-22)

Performance

• implement rollup caching (eb13316), closes #1580

10.0.2 (2020-07-16)

Bug Fixes

• pass tsconfig path to ngcc (fd18984)
• update @​rollup/plugin-commonjs to version ^14.0.0 (6581390)

10.0.1 (2020-07-09)

... (truncated)

Commits

• 884dcaa release: cut v10.1.1
• bda0fff fix: replace execFile with execFileSync to fix a potential malicious cmd inje...
• 6484138 build: update jasmine-spec-reporter to version ~6.0.0
• bb2f763 build: update typescript to version 4.0.3
• 681fb1c fix: add basePath as sourceRoot
• 26a0d7c refactor: replace chalk with ansi-colors
• 37e87f8 build: update @​angular-devkit/build-angular to version ~0.1001.0
• 97de61e build: update karma to version ~5.2.0
• 7dcbdf0 release: cut v10.1.0
• 2e184a9 test: add tests for all APF secondary entry points
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)