[Snyk] Upgrade @angular/router from 21.2.17 to 22.0.0 by shafeeqd959 · Pull Request #86 · contentstack/kickstart-angular

shafeeqd959 · 2026-06-25T02:50:43Z

Snyk has created this PR to upgrade @angular/router from 21.2.17 to 22.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 18 versions ahead of your current version.
The recommended version was released 22 days ago.

Release notes

Package name: @angular/router

22.0.0 - 2026-06-03
Breaking Changes

The extension now bundles TypeScript version 6.0, which itself includes breaking
changes, including new defaults such as strict being true. You will need to explicitly set
"strict": false in your tsconfig.json. Alternatively, the extension supports configuring the tsdk in the same way as the built in TS/JS extension.

Fixes and features
- fix(language-service): Add support for @ Input with transforms (dc9c72da9b)
- feat(language-service): add Document Symbols support for Angular templates (cfd0f9950c)
- feat(language-service): add angular template inlay hints support (5a6d88626b)
- feat(language-service): Add support for idle timeout in defer blocks (c6f98c723c)
22.0.0-rc.3 - 2026-06-01
common

Commit Description

only strip a literal /index.html suffix from URLs

compiler

Commit Description

move projection attributes into constants

core

Commit Description

use Object.create(null) for LOCALE_DATA as a hardening measure

migrations

Commit Description

Make the safe optional chaining idempotent

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

22.0.0-rc.2 - 2026-05-28

common

Commit	Description
	add upper bounds for digitsInfo
	sanitize placeholder

compiler

Commit	Description
	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68868)
	prevent namespaced SVG <style> elements from being stripped
	sanitize dynamic href and xlink:href bindings on SVG a elements (#68868)

core

Commit	Description
	do not register dom triggers when defer blocks are in manual mode
	normalize tag names in runtime i18n attribute security context lookup (#68868)
	prevent rxResource from leaking a subscription
	sanitize meta selectors

forms

Commit	Description
	avoid redundant invalidations in parser errors signal

http

Commit	Description
	exclude withCredentials requests from transfer cache
	Introduce a max buffer size for fetch requests on SSR
	prevent `httpResource` from leaking a subscription
	skip TransferCache for cookie-bearing requests by default

platform-server

Commit	Description
	prevent SSRF bypasses via backslash URLs in HttpClient
	secure location and document initialization against SSRF and path hijack

service-worker

Commit	Description
	Preserves explicit 'credentials: omit' in asset requests
	Preserves HTTP cache mode in asset group requests

22.0.0-rc.1 - 2026-05-20
22.0.0-rc.0 - 2026-05-13
22.0.0-next.12 - 2026-05-08
22.0.0-next.11 - 2026-05-06
22.0.0-next.10 - 2026-04-29
22.0.0-next.9 - 2026-04-22
22.0.0-next.8 - 2026-04-15
22.0.0-next.7 - 2026-04-08
22.0.0-next.6 - 2026-04-01
22.0.0-next.5 - 2026-03-25
22.0.0-next.4 - 2026-03-19
22.0.0-next.3 - 2026-03-12
22.0.0-next.2 - 2026-03-11
22.0.0-next.1 - 2026-03-05
22.0.0-next.0 - 2026-03-04
21.2.17 - 2026-06-10

from @angular/router GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @angular/router from 21.2.17 to 22.0.0. See this package in npm: @angular/router See this project in Snyk: https://app.snyk.io/org/contentstack-devex/project/11c47692-61cb-4ece-ba33-ab2c35193373?utm_source=github&utm_medium=referral&page=upgrade-pr

github-actions · 2026-06-25T02:51:13Z

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Without fixes	Threshold	Result
🔴 Critical Severity	0	10	✅ Passed
🟠 High Severity	0	25	✅ Passed
🟡 Medium Severity	2	500	✅ Passed
🔵 Low Severity	0	1000	✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity	SLA Threshold (with/no fixes)	Status
🔴 Critical	15 / 30 days	✅ Passed
🟠 High	30 / 120 days	✅ Passed
🟡 Medium	90 / 365 days	✅ Passed
🔵 Low	180 / 365 days	✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

Critical without fixes: 0
High without fixes: 0
Medium without fixes: 2
Low without fixes: 0

✅ BUILD PASSED - All security checks passed

shafeeqd959 requested a review from a team as a code owner June 25, 2026 02:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade @angular/router from 21.2.17 to 22.0.0#86

[Snyk] Upgrade @angular/router from 21.2.17 to 22.0.0#86
shafeeqd959 wants to merge 1 commit into
mainfrom
snyk-upgrade-388dc562856a0a03a87195d938bf8ecf

shafeeqd959 commented Jun 25, 2026

Breaking Changes