[Snyk] Fix for 2 vulnerabilities

[PoojaPanchal12]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• example-apps/angular/package.json
• example-apps/angular/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCOMPILER-14908872	651
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-14908871	651

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

---

Note

Updates Angular dependencies in the example app and refreshes the lockfile.

• Bumps @angular/compiler and @angular/core from ~11.0.9 to ~19.2.18 in package.json
• Updates package-lock.json to align versions, raising tslib to 2.8.1 and adjusting Angular tslib requirements to ^2.3.0
• Minor lockfile dependency graph changes (e.g., JSONStream, string_decoder)

^{Written by Cursor Bugbot for commit ff341b0. This will update automatically on new commits. Configure here.}

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[francispereira]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Angular packages have incompatible major version mismatch

High Severity

The Snyk fix upgrades only @angular/compiler and @angular/core from v11 to v19 while leaving all other Angular packages at v11. Angular requires all @angular/* packages to be at the same major version. This creates incompatible dependencies: @angular/common, @angular/forms, @angular/router, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/animations remain at v11, while @angular/compiler-cli and @angular-devkit/build-angular in devDependencies are also still at v11. This will cause build failures and peer dependency conflicts.

Additional Locations (1)

• example-apps/angular/package.json#L13-L21