[Snyk] Security upgrade @angular/core from 4.4.7 to 19.2.18 #40
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANGULARCORE-14908871
|
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "description": "An Ionic project", | ||
| "dependencies": { | ||
| "@angular/core": "^4.1.3", | ||
| "@angular/core": "^19.2.18", |
There was a problem hiding this comment.
Major version upgrade creates incompatible peer dependencies
High Severity
Upgrading @angular/core from 4.x to 19.x without updating peer dependencies will break the build. Angular 19 requires RxJS 7.x but the project has rxjs: ^5.4.0, and requires zone.js 0.14.x+ but the project has zone.js: ^0.8.11. Additionally, @ionic-native/core: ^3.12.1 was designed for Angular 4 and is incompatible with Angular 19. This is confirmed in the PR metadata where isBreakingChange is true.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-ANGULARCORE-14908871
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Scripting (XSS)
Note
Dependency upgrade
@angular/coreinpackage.jsonfrom^4.1.3to^19.2.18Written by Cursor Bugbot for commit 8fc6f4d. This will update automatically on new commits. Configure here.