Pythons/oncehub 108277

[so-kaushal]

https://scheduleonce.atlassian.net/browse/ONCEHUB-108277
CVE-2025-66412 vulnerability found in package @angular/compiler in project knowledgeowl-angular

This pull request updates the package version and upgrades several dependencies to their latest compatible versions, ensuring improved compatibility and stability for the project.

Version bump:

• Updated the package version from 5.1.4 to 5.1.5 in package.json, src/package.json, and src/package-lock.json. [1] [2] [3]

Dependency upgrades:

• Upgraded various Angular dependencies in package.json to the latest patch versions (^20.3.12 and ^20.3.15), improving compatibility and security.
• Updated ng-packagr dependency from 20.3.0 to ^20.3.2 in package.json.

[Copilot]

Pull request overview

This pull request addresses a security vulnerability (CVE-2025-66412) in @angular/compiler by upgrading Angular dependencies and bumps the package version from 5.1.4 to 5.1.5.

Key Changes:

• Package version bumped from 5.1.4 to 5.1.5 across all package.json files
• Angular dependencies upgraded from 20.3.0 to 20.3.12-20.3.15 patch versions
• ng-packagr updated from 20.3.0 to ^20.3.2
• Extensive transitive dependency updates reflected in package-lock.json

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File	Description
package.json	Updated version to 5.1.5; upgraded Angular packages to 20.3.12-20.3.15; updated ng-packagr to ^20.3.2
package-lock.json	Resolved dependency tree with Angular 20.3.12-20.3.15 and numerous transitive dependency updates
src/package.json	Updated version to 5.1.5
src/package-lock.json	Updated version to 5.1.5 in lockfile metadata

Files not reviewed (1)

• src/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.