chore: update to Angular 19 #750
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Update all @angular/* packages to 19.2.17 - Update @angular/cli and @Angular-devkit to 19.2.19 - Update @angular-eslint packages to 19.0.0 - Update ng-packagr to 19.2.2 - Update zone.js to 0.15.1 - Update TypeScript to 5.8.3 This upgrade addresses Snyk security vulnerabilities: - @angular/[email protected] → @angular/[email protected] - @angular/[email protected] → @angular/[email protected] Skipped optional migrations: - use-application-builder (deferred for separate PR) - provide-initializer (deferred for separate PR) All tests passing. No breaking changes for library consumers.
- Convert AppComponent and test components to standalone - Add required imports (NgIf, AsyncPipe, UpperCasePipe, etc.) - Update test configuration to import standalone components - Fix all linting errors related to standalone components
- Move all standalone components to imports array in AppModule - Move LazyModuleComponent to imports in LazyModuleModule - Empty declarations arrays since all components are now standalone
yogeshchoudhary147
changed the title
yogeshchoudhary147
changed the title
Contributor
|
@yogeshchoudhary147 We should update MIGRATION_GUIDE for changes made in this PR. |
yogeshchoudhary147
changed the title
README.md
Outdated
|
|
||
| ### Angular 19 Security Update | ||
|
|
||
| **v2.5.0** requires Angular 19.2.17+ and addresses two high-severity vulnerabilities (CVE-2025-66035, CVE-2025-66412). Angular 18 is no longer supported as it has reached end-of-life. |
Member
There was a problem hiding this comment.
v2.5.0 requires Angular 19.2.17+
This is not true.
We have 2 package.json files. For our shipped SDK, we only have peerDependencies on Angular: https://github.com/auth0/auth0-angular/blob/chore/upgrade-angular-19/projects/auth0-angular/package.json#L28-L32
Note CVE fixes in v2.5.0 and recommend upgrading to Angular 19
yogeshchoudhary147
force-pushed
the
chore/upgrade-angular-19
branch
from
2588665 to
e2712be
Compare
frederikprijck
approved these changes
Jan 5, 2026
This was referenced Jan 5, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Angular 19 Development Environment Update
Updates the development and testing environment to Angular 19.2.17 to address Snyk-reported vulnerabilities and maintain compatibility with actively supported Angular versions.
Background
Snyk reported two high-severity vulnerabilities in Angular 18.2.13:
@angular/common@angular/compilerThese vulnerabilities are fixed in Angular 19.2.17+. Additionally, Angular 18 has reached end-of-life per Google's support policy.
Changes
standalone: falseto components for Angular 19 compatibilityprefer-standalonerule in playgroundSDK Impact
No changes to the distributed SDK package:
>=13(backward compatible)Security Note
The distributed
@auth0/auth0-angularpackage does not bundle Angular (it's a peer dependency). Users must upgrade their own Angular version to 19.2.17+ to address the CVE vulnerabilities. This PR updates our development and testing environment to Angular 19.Testing
This update ensures the SDK is tested and verified with Angular 19, maintaining Auth0's policy of supporting actively maintained Angular versions.