SWI-3723 [Snyk] Security upgrade @angular/core from 13.3.4 to 19.2.19

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/typescript-angular-v13-provided-in-root/package.json
• samples/client/petstore/typescript-angular-v13-provided-in-root/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-15353393	164

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[bwappsec]

Upgrading from Angular v13.3.4 to v19.2.19 is a massive undertaking that spans six major versions. This is not a direct upgrade and requires a sequential, version-by-version migration. Each major version introduces significant breaking changes, new APIs, and requires updates to dependencies like Node.js and TypeScript.

Key Breaking Changes Across Versions:

• v14: Standalone Components & Typed Forms: Introduced standalone: true components, directives, and pipes, beginning the shift away from NgModules. It also introduced strictly typed reactive forms.
• v15: Stable Standalone APIs & Material MDC: Standalone APIs became stable and the recommended approach. Angular Material components were refactored to use Material Design Components (MDC), which may require significant CSS and DOM-related adjustments. Support for older Node.js versions was dropped.
• v16: Signals (Developer Preview) & Removal of NGCC: Introduced the Signals library for a new reactivity model. Critically, the Angular Compatibility Compiler (ngcc) was removed, meaning libraries built with the older View Engine are no longer supported. This version requires Node.js v16 or v18 and TypeScript 4.9+.
• v17: New Control Flow & Stable Signals: Introduced a new built-in control flow syntax (@if, @for) and stabilized the Signals API. This version requires Node.js 18.13.0+ and TypeScript 5.2+.
• v18: Zoneless Change Detection (Experimental): Introduced experimental support for running Angular without zone.js, a fundamental shift in change detection.
• v19: Standalone by Default & Incremental Hydration: Components are now standalone by default. It also introduced a new resource API for data fetching and enhanced server-side rendering with incremental hydration.

Recommendation: This upgrade cannot be performed in a single step. A carefully planned, incremental migration is required. Developers must upgrade one major version at a time (13 -> 14, 14 -> 15, etc.), running tests and fixing breaking changes at each stage. The official Angular Update Guide is an essential resource for this process. Due to the removal of the Angular Compatibility Compiler in v16, all third-party libraries must be verified for Ivy compatibility.

Source: Angular Update Guide

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.