SWI-3723 [Snyk] Fix for 2 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/typescript-angular-v15-provided-in-root/package.json
• samples/client/petstore/typescript-angular-v15-provided-in-root/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCOMPILER-15610286	75
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-15610287	75

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[bwappsec]

This is a major upgrade spanning four versions, from Angular 15 to 19. This is a significant and high-risk undertaking that introduces numerous breaking changes, new APIs, and fundamental shifts in the framework's architecture. A direct upgrade is not recommended; the update should be performed incrementally, one major version at a time.

Recommendation: Use the official Angular Update Guide to create a step-by-step plan, upgrading from 15 → 16, then 16 → 17, and so on. Each step will require thorough testing.

Key Breaking Changes by Version:

Angular 16:

• Removal of View Engine Support: The Angular Compatibility Compiler (ngcc) has been removed. Libraries that have not been updated to the Ivy package format will no longer work and will break your build. This is a critical check for all third-party dependencies.
• TypeScript 5.0: Requires an update to at least TypeScript 4.9.

Angular 17:

• New Built-in Control Flow: A new declarative syntax (@if, @for, @switch) is introduced. An automated migration is available, but it will change a significant portion of your template files and requires careful review.
• Standalone Components by Default: This version solidifies the shift away from NgModules, making standalone the default for new projects.
• Node.js Requirement: Support for Node.js v16 is dropped; v18.13.0 or newer is required.

Angular 18:

• NgSwitch Behavior Change: The equality check for NgSwitch now uses strict equality (===) instead of abstract equality (==), which may affect logic that relies on type coercion.
• Zoneless Change Detection (Experimental): Introduces an experimental path to use Signals for change detection without zone.js.
• TypeScript 5.4: Requires an update to TypeScript 5.4 or later.

Angular 19:

• Standalone is Enforced: Components, directives, and pipes are now standalone by default. You must explicitly add standalone: false to any components that still rely on being declared in an NgModule.
• TypeScript 5.6: Requires

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.