SWI-3723 [Snyk] Fix for 2 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/typescript-angular-v13-provided-in-root/package.json
• samples/client/petstore/typescript-angular-v13-provided-in-root/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCOMPILER-15610286	75
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-15610287	75

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[bwappsec]

This is a major upgrade across six Angular versions (v13 to v19), which introduces a very high number of significant breaking changes. A direct upgrade is not feasible; it must be performed incrementally, one major version at a time, following the official Angular Update Guide. [1, 27] This is a large-scale migration project that will require significant developer effort, code refactoring, and thorough testing at each stage.

Key Breaking Changes & Required Actions:

• v14: Strictly Typed Forms

  • FormGroup and FormControl are now strongly typed, which will likely cause compilation errors in existing forms that need to be updated. [19]

• v15: Angular Material MDC Migration

  • This is a massive breaking change. Most components in Angular Material were refactored to use the official Material Design Components (MDC). [13, 18] This will break custom styles and requires running a migration tool that often needs significant manual follow-up work. [13]
  • Requires Node.js 16 or 18 and TypeScript 4.8+. [4]

• v16: View Engine Removal

  • The Angular Compatibility Compiler (ngcc) has been removed. Any third-party libraries that do not support the Ivy rendering engine will no longer work and must be updated or replaced. [3]

• v17: New Control Flow and Standalone as Default

  • Introduces a new built-in syntax for control flow (@if, @for). A migration schematic is available, but @for requires a track function to be added manually. [8, 28]
  • Standalone components are now the default, marking a fundamental shift in application architecture. [28]
  • The build system now uses esbuild by default, which is much faster but may affect custom webpack configurations. [28]

Recommendation:

This upgrade cannot be handled as a single change. It must be broken down into a series of smaller upgrades:

1. Follow the official Angular Update Guide meticulously. [27]
2. Upgrade one major version at a time (13→14, then 14→15, etc.), running all tests and fixing breaking changes at each step. [1]
3. Allocate significant time for the v15 Material MDC migration, as it is known to be the most challenging part of this upgrade path. [2, 13]
4. Audit all third-party dependencies to ensure they are compatible with Ivy before starting the v16 upgrade. [3, 10]

Source: Angular Update Guide, Angular Versioning and Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.