[Snyk] Security upgrade @angular-devkit/build-angular from 18.2.12 to 20.3.15

[snyk-io]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• chargebee-js-angular/package.json
• chargebee-js-angular/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Server-side Request Forgery (SSRF) SNYK-JS-WEBPACK-15235959	380
	Server-side Request Forgery (SSRF) SNYK-JS-WEBPACK-15235969	380

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-io]

This is a major version upgrade from v18 to v20, introducing significant breaking changes that require developer action. The most critical changes involve the build system, testing framework, and component architecture.

Key Breaking Changes:

• Build System Overhaul & Karma Deprecation (v20): The default build package is transitioning from @angular-devkit/build-angular to the new @angular/build. Crucially, the new package removes support for the Karma test runner. As a result, ng test commands will fail after this upgrade. A temporary fix is to manually re-install @angular-devkit/build-angular, but the long-term solution is to migrate tests to a modern runner like Jest or Vitest.

• Standalone Components by Default (v19): Components, directives, and pipes are now standalone by default, eliminating the need for NgModules in many cases. The ng update command will automatically refactor code to remove the standalone: true property, but developers should be aware of this fundamental shift in application structure.

• Removal of ng-reflect-* Attributes (v20): To improve performance, Angular no longer adds ng-reflect-* attributes to the DOM in development mode. This will break any tests that rely on these attributes for element selection. The recommended solution is to refactor tests to use stable, custom attributes like data-testid.

• Node.js Requirement: Angular v20 requires Node.js version 20.11.1 or later.

Recommendation:
Due to the removal of Karma and other build system changes, this upgrade will likely break your test pipeline. It is critical to plan for the migration of your unit tests away from Karma. Run ng update @angular/core @angular/cli and carefully review the migration logs. Allocate time to address test failures and adapt to the new standalone component architecture.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.