SWI-3723 [Snyk] Fix for 2 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/typescript-angular-v14-provided-in-root/package.json
• samples/client/petstore/typescript-angular-v14-provided-in-root/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCOMPILER-14908872	161
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-14908871	161

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[bwappsec]

This is a massive upgrade, jumping from version 13 to 19, which includes multiple major releases and fundamental architectural changes. A direct upgrade is not feasible and will require significant, planned refactoring.

Key Breaking Changes & Paradigm Shifts:

• Standalone Components: The architecture has shifted away from NgModules. Standalone components, directives, and pipes were introduced in v14, became stable in v15, and are the default in v19. [14, 2, 20] This requires a new way of structuring applications.
• Reactivity Model (Signals & Zoneless): Angular 16 introduced Signals, a new reactivity primitive for state management. [5, 26] This is part of a larger initiative to make Zone.js optional (zoneless), which fundamentally changes how change detection works. [19, 25]
• Build System and Rendering: The legacy View Engine compatibility compiler (ngcc) was removed in v16, meaning any third-party libraries not compiled with Ivy will break. [5, 13, 25] The build system now defaults to the much faster esbuild. [22]
• New Control Flow Syntax: Angular 17 introduced a new, built-in syntax for control flow (@if, @for, @switch) that replaces the old *ngIf and *ngFor directives. [22, 33]

Source: Angular Update Guide
Recommendation: Do not attempt a direct upgrade. Use the official Angular Update Guide to perform an incremental migration, one major version at a time, addressing the numerous breaking changes and deprecations at each step.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.