Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@angular/http
Advanced tools
The sources for this package are in the main Angular repo. Please file issues and pull requests against that repo.
License: MIT
14.0.0 (2022-06-02)
Blog post "Angular v14 is now available".
AnimationDriver.getParentElement
method has become required, so any
implementors of this interface are now required to provide an implementation
for this method. This breakage is unlikely to affect application developers,
as AnimationDriver
is not expected to be implemented in user code.Keyframes names are now prefixed with the component's "scope name". For example, the following keyframes rule in a component definition, whose "scope name" is host-my-cmp:
@keyframes foo { ... }
will become:
@keyframes host-my-cmp_foo { ... }
Any TypeScript/JavaScript code which relied on the names of keyframes rules will no longer match.
The recommended solutions in this case are to either:
None
or ShadowDom
Support for Node.js v12 has been removed as it will become EOL on 2022-04-30. Please use Node.js v14.15 or later.
TypeScript versions older than 4.6 are no longer supported.
Forms [email] input coercion
Forms [email] input value will be considered as true if it is defined with any value rather than false and 'false'.
Since Ivy, TestBed doesn't use AOT summaries. The aotSummaries
fields in TestBed APIs were present, but unused. The fields were deprecated in previous major version and in v14 those fields are removed. The aotSummaries
fields were completely unused, so you can just drop them from the TestBed APIs usage.
Forms classes accept a generic.
Forms model classes now accept a generic type parameter. Untyped versions of these classes are available to opt-out of the new, stricter behavior.
objects with a length key set to zero will no longer validate as empty.
This is technically a breaking change, since objects with a key length
and value 0
will no longer validate as empty. This is a very minor change, and any reliance on this behavior is probably a bug anyway.
Queries including + will now actually query for + instead of space. Most workarounds involving custom codecs will be unaffected. Possible server-side workarounds will need to be undone.
JSONP will throw an error when headers are set on a reques
JSONP does not support headers being set on requests. Before when a request was sent to a JSONP backend that had headers set the headers were ignored. The JSONP backend will now throw an error if it receives a request that has any headers set. Any uses of JSONP on requests with headers set will need to remove the headers to avoid the error.
This change may cause a breaking change in unit tests that are implicitly depending on a specific number and sequence of change detections in order for their assertions to pass.
This may break invalid calls to TransferState
methods.
This tightens parameter types of TransferState
usage, and is a minor breaking change which may reveal existing problematic calls.
The type of Route.pathMatch
is now stricter. Places that use
pathMatch
will likely need to be updated to have an explicit
Route
/Routes
type so that TypeScript does not infer the type as
string
.
When returning a Promise
from the
LoadChildrenCallback
, the possible type is now restricted to
Type<any>|NgModuleFactory<any>
rather than any
.
initialNavigation: 'enabled'
was deprecated in v11 and is replaced by
initialNavigation: 'enabledBlocking'
.
The type of component
on ActivatedRoute
and ActivatedRouteSnapshot
includes string
. In reality, this is not the case. The component
cannot be anything other than a component class.
initialUrl
is set to string|UrlTree
but in reality,
the Router
only sets it to a value that will always be UrlTree
initialUrl
is documented as "The target URL passed into the
Router#navigateByUrl()
call before navigation" but the value
actually gets set to something completely different. It's set to the
current internal UrlTree
of the Router at the time navigation
occurs.With this change, there is no exact replacement for the old value of
initialUrl
because it was never intended to be exposed.
Router.url
is likely the best replacement for this.
In more specific use-cases, tracking the finalUrl
between successful
navigations can also be used as a replacement.
Lazy loaded configs are now also validated once loaded like the initial set of routes are. Lazy loaded modules which have invalid Route configs will now error. Note that this is only done in dev mode so there is no production impact of this change.
When a guard returns a UrlTree
, the router would previously schedule
the redirect navigation within a setTimeout
. This timeout is now removed,
which can result in test failures due to incorrectly written tests.
Tests which perform navigations should ensure that all timeouts are
flushed before making assertions. Tests should ensure they are capable
of handling all redirects from the original navigation.
Previously, resolvers were waiting to be completed
before proceeding with the navigation and the Router would take the last
value emitted from the resolver.
The router now takes only the first emitted value by the resolvers
and then proceeds with navigation. This is now consistent with Observables
returned by other guards: only the first value is used.
FAQs
Angular - the http service
The npm package @angular/http receives a total of 62,303 weekly downloads. As such, @angular/http popularity was classified as popular.
We found that @angular/http demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.