[Snyk] Fix for 3 vulnerabilities

[patzeltj]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• src/frontend/packages/core/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Use of Weak Hash SNYK-JS-ANGULARCOMMON-17356555	746
	Modification of Assumed-Immutable Data SNYK-JS-ANGULARCORE-17353317	716
	Server-side Request Forgery (SSRF) SNYK-JS-ANGULARPLATFORMSERVER-17357205	701

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of Weak Hash

[patzeltj]

This is an extremely high-risk upgrade, jumping from Angular v9 across more than 10 major versions to v19 and v20. A direct upgrade is not feasible and will require a significant, multi-step migration effort. The application architecture, tooling, and core APIs have fundamentally changed.

Recommendation: Do not attempt a direct upgrade. You must perform an incremental migration, updating one major version at a time (e.g., 9 → 10, 10 → 11, and so on) using the official Angular Update Guide. [4, 12, 15] This tool provides the specific commands and code modifications needed for each step.

Key Architectural Breaking Changes:

• End of View Engine: Angular 9 was the last version to support the legacy View Engine renderer. It was completely removed in v13, making the Ivy renderer mandatory. [16] The project must be fully migrated to Ivy, which can affect older libraries.
• Standalone is the New Standard: The concept of NgModules is now deprecated as of v19. [7] The entire ecosystem has shifted to a simpler, module-less architecture using Standalone Components, Directives, and Pipes, which became the default in v17. [2, 7, 23] This requires a fundamental restructuring of the application, though the CLI provides schematics to assist the migration. [8, 9]
• New Reactivity and Control Flow: A new signal-based reactivity model was introduced in v16 and is now stable. [23] Additionally, a new built-in control flow syntax (@if, @for) was introduced in v17 to replace *ngIf and *ngFor. [14, 23]

Environment and Dependency Changes:

• Node.js and TypeScript: Each Angular version requires specific Node.js and TypeScript versions. This upgrade will force major updates to your development and CI/CD environments. For example, support for Node.js 18 was dropped in v20, and TypeScript must be upgraded from v3.x to v5.x. [15, 21]
• Angular Material (MDC): If used, the v15 update included a massive refactoring of Material components to align with Material Design Components (MDC), which introduced significant breaking changes to HTML structure and CSS. [15]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.