[Snyk] Fix for 3 vulnerabilities

[patzeltj]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Use of Weak Hash SNYK-JS-ANGULARCOMMON-17356555	746
	Modification of Assumed-Immutable Data SNYK-JS-ANGULARCORE-17353317	716
	Server-side Request Forgery (SSRF) SNYK-JS-ANGULARPLATFORMSERVER-17357205	701

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of Weak Hash

[patzeltj]

This is a massive upgrade across six major versions (from v14 to v19/v20), introducing significant architectural shifts, new APIs, and mandatory migration steps. A direct upgrade is not possible; you must upgrade one major version at a time. This process requires significant planning, refactoring, and testing.

Key Breaking Changes & Architectural Shifts:

• Mandatory Sequential Upgrades: You cannot jump directly from v14 to v20. The Angular CLI enforces sequential upgrades, meaning you must run ng update for each major version individually (14 → 15, 15 → 16, and so on).

• Architectural Shift to Standalone APIs: The framework has moved from NgModules to a simpler, standalone component architecture. Standalone APIs became stable in v15 and are the default for new projects since v17. Migration schematics are available to help automate this transition.

• New Built-in Control Flow: The structural directives *ngIf, *ngFor, and *ngSwitch have been replaced by a new, faster, built-in block syntax (@if, @for, @switch). This became stable in v18 and migration is recommended. The new @for block requires a track expression, which is a mandatory change from *ngFor.

• Environment and Build System Overhaul:

  • Node.js and TypeScript: Each Angular version has new minimum requirements. For example, v17 requires Node.js 18.13.0+ and TypeScript 5.2+. You must update your development environment accordingly at each step.
  • Angular Compatibility Compiler (ngcc) Removed: As of v16, ngcc is gone. This means libraries built with the legacy View Engine are no longer supported and must be updated to Ivy-compatible versions.

• Server-Side Rendering (SSR) Evolution: The @nguniversal/express-engine is replaced by the new @angular/ssr package in v17. The upgrade also introduces non-destructive hydration, significantly improving SSR performance and user experience.

• Introduction of Signals: Angular v16 introduced a new reactivity

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.