[Snyk] Security upgrade @angular/core from 15.2.8 to 19.2.19

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• frontend/todo-app-angular/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-15353393	164

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[snyk-io]

This is a major upgrade, spanning four major versions from v15 to v19. It introduces significant breaking changes, new APIs, and fundamental shifts in the framework's architecture. A direct upgrade is not recommended; instead, a sequential migration using the official Angular Update Guide is necessary.

Key Breaking Changes & Architectural Shifts:

• Standalone Components by Default (v19): New components, directives, and pipes are standalone by default. Projects still using NgModules will need to explicitly set standalone: false. This continues the shift that began in earlier versions, with migration schematics available since v16.
• New Control Flow Syntax (v17): The structural directives *ngIf, *ngFor, and *ngSwitch are replaced by a new, built-in block syntax (@if, @for, @switch). An automatic migration schematic is provided by ng update.
• Signals (Stable in v17): A new reactivity model for fine-grained change detection is now a core feature. This is a fundamental change to how state management can be handled in Angular.
• Zoneless Change Detection (Experimental in v18): Angular 18 introduces experimental support for running applications without Zone.js, which can improve performance and reduce bundle size.
• Node.js and TypeScript Requirements:
  • v16: Requires Node.js v16 or v18 and TypeScript 4.9 or later.
  • v17: Requires Node.js 18.13.0 or higher and supports TypeScript 5.2.
  • v19: Supports TypeScript 5.6.
• Removal of Angular Compatibility Compiler (ngcc) (v16): Libraries built with the older View Engine are no longer supported.
• Server-Side Rendering (SSR) and Hydration: Major improvements to SSR have been made, with non-destructive hydration introduced in v16 and a new @angular/ssr package in v17.

Recommendation: This upgrade is a significant undertaking that requires careful planning and step-by-step execution. Do not attempt to jump directly from v15 to v19.

1. Use the official Angular Update Guide to generate a detailed migration plan.
2. Upgrade one major version at a time (15 -> 16, 16 -> 17, etc.), running tests and addressing breaking changes at each step.
3. Leverage the ng update @angular/cli @angular/core command, which will apply automated migrations for many of the breaking changes.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.