Angular 15 is EOL in May 2024, so bump to Angular 17.
joanise opened this issue · 4 comments
joanise commented
I did a first attempt just using the automatic tool to do 15->16, and it was not straightforward, there are interactions with other dependencies. So this will not be an easy task, but we need to tackle it at some point because we'll be stuck unable to handle CVEs soon enough if we don't.
dhdaines commented
Deleting package-lock.json often helps with dependency hell... Since I'm back in Angular land lately I can take a look at this shortly
…On Wed, Feb 28, 2024, at 07:38, Eric Joanis wrote:
I did a first attempt just using the automatic tool to do 15->16, and it was not straightforward, there are interactions with other dependencies. So this will not be an easy task, but we need to tackle it at some point because we'll be stuck unable to handle CVEs soon enough if we don't.
—
Reply to this email directly, view it on GitHub <#239>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAZLYUGTR46T4XJI7QAJUSDYV5FPDAVCNFSM6AAAAABD6IHLLKVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE2TSMRVGIZTQNY>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
joanise commented
Darn, this is now preventing us from fixing this high-severity CVE:
https://github.com/ReadAlongs/Web-Component/security/dependabot/79
dhdaines commented
Well, it's again a CVE that only affects the development environment, but I will get on the 15-17 update ASAP, probably this evening!