SWI-3723 [Snyk] Security upgrade @angular/core from 12.2.16 to 19.2.19

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/typescript-angular-v12-provided-in-root/package.json
• samples/client/petstore/typescript-angular-v12-provided-in-root/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-15353393	164

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[bwappsec]

Upgrading from Angular v12 to v19 is a massive undertaking that involves seven major version leaps. A direct upgrade is not feasible and will fail. This process requires a sequential, version-by-version migration, addressing numerous breaking changes, new APIs, and ecosystem updates at each step.

Recommendation: Do not attempt a direct upgrade. Follow the official Angular Update Guide for a step-by-step migration from one major version to the next (12->13, 13->14, and so on). Allocate significant time for this effort, as it involves substantial code refactoring, dependency updates, and thorough testing at each stage.

Key breaking changes across versions include:

• v13: View Engine is completely removed, making Ivy the default rendering engine. Support for Internet Explorer 11 is dropped. RxJS v7 is now the standard.
• v14: Introduces standalone components as a developer preview, and typed reactive forms.
• v15: Standalone APIs become stable. A major refactoring of Angular Material components to use Material Design Components (MDC) requires a migration using ng generate @angular/material:mdc-migration, which can cause significant style and theme breakage.
• v16: The Angular Compatibility Compiler (ngcc) is removed, meaning libraries built with View Engine are no longer supported. Requires Node.js v16 or v18 and TypeScript v4.9+.
• v17: Introduces a new built-in control flow syntax (@if, @for) which requires code migration. Standalone is now the default for new components, directives, and pipes.
• v18 & v19: Continue to build on modern features like Signals, hydration, and further refine standalone components. Angular Material v18 adopts Material 3, which can break existing themes.

Source: Angular Update Guide

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.