[Snyk] Upgrade @angular/platform-browser from 12.0.4 to 12.2.17

[nejidevelops]

Snyk has created this PR to upgrade @angular/platform-browser from 12.0.4 to 12.2.17.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 36 versions ahead of your current version.

• The recommended version was released 3 years ago.

Release notes

Package name: @angular/platform-browser

• 12.2.17 - 2022-11-22
• 12.2.16 - 2022-01-27
• 12.2.15 - 2021-12-15
• 12.2.14 - 2021-12-01
• 12.2.13 - 2021-11-03
• 12.2.12 - 2021-10-27
• 12.2.11 - 2021-10-20
• 12.2.10 - 2021-10-13
• 12.2.9 - 2021-10-06
• 12.2.8 - 2021-09-30
• 12.2.7 - 2021-09-22
• 12.2.6 - 2021-09-15
• 12.2.5 - 2021-09-08
• 12.2.4 - 2021-09-01
• 12.2.3 - 2021-08-25
• 12.2.2 - 2021-08-18
• 12.2.1 - 2021-08-11
• 12.2.0 - 2021-08-04
• 12.2.0-rc.0 - 2021-07-28
• 12.2.0-next.3 - 2021-07-21
• 12.2.0-next.2 - 2021-07-14
• 12.2.0-next.1 - 2021-06-30
• 12.2.0-next.0 - 2021-06-24
• 12.1.5 - 2021-08-04
• 12.1.4 - 2021-07-28
• 12.1.3 - 2021-07-21
• 12.1.2 - 2021-07-14
• 12.1.1 - 2021-06-30
• 12.1.0 - 2021-06-24
• 12.1.0-next.6 - 2021-06-16
• 12.1.0-next.5 - 2021-06-09
• 12.1.0-next.4 - 2021-06-02
• 12.1.0-next.3 - 2021-05-26
• 12.1.0-next.2 - 2021-05-19
• 12.1.0-next.1 - 2021-05-05
• 12.0.5 - 2021-06-16
• 12.0.4 - 2021-06-09

from @angular/platform-browser GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

Hello team,

Gemini here, providing a summary of this pull request to help everyone quickly understand the changes and context.

This PR, automatically generated by Snyk, is titled "[Snyk] Upgrade @angular/platform-browser from 12.0.4 to 12.2.17". The stated intent is to upgrade the @angular/platform-browser dependency to version 12.2.17 to keep dependencies up-to-date, potentially addressing vulnerabilities or improving stability.

However, upon inspecting the patch, I've noticed a significant discrepancy. The change in angular-app/package.json modifies the @angular/platform-browser dependency from ^15.0.0 to ^12.2.17. This is not an upgrade from 12.0.4 as the title suggests, but rather a downgrade from the currently installed version ^15.0.0. Furthermore, this change introduces a version mismatch, as other @angular/* dependencies like @angular/core, @angular/compiler, @angular/forms, @angular/platform-browser-dynamic, and @angular/router remain at ^15.0.0. This version inconsistency is likely to cause build or runtime errors and should be carefully reviewed.

The PR currently contains only this single dependency version change.

Highlights

• Dependency Version Change: The primary change is the modification of the @angular/platform-browser dependency version in angular-app/package.json.
• Potential Downgrade and Version Mismatch: The patch changes the version from ^15.0.0 to ^12.2.17. This appears to be a downgrade from the current state and creates a version conflict with other @angular/* packages which are still at ^15.0.0. This requires careful attention.
• Automated PR: This pull request was automatically generated by Snyk, likely as part of an automated dependency management process.

Changelog

• angular-app/package.json
  • Changed @angular/platform-browser dependency version from ^15.0.0 to ^12.2.17.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A version bump, a number new,
But wait, the patch shows something blue.
From fifteen down to twelve it goes,
A mismatch bug, how quickly it grows!

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, aims to upgrade (or rather, change the version of) @angular/platform-browser. However, it appears to be based on an outdated understanding of the project's current dependencies. The PR attempts to change @angular/platform-browser from ^15.0.0 (the version in the main or base branch) to ^12.2.17. This is a significant downgrade and would introduce a major version mismatch with other Angular core packages currently at v15. This will likely cause critical compatibility issues.

Summary of Findings

• Critical Dependency Downgrade and Version Mismatch: The PR proposes changing @angular/platform-browser from ^15.0.0 to ^12.2.17. This is a downgrade and introduces a severe version mismatch with other Angular v15 core packages (e.g., @angular/core, @angular/common), which will likely break the application build or cause runtime errors.
• Snyk Baseline Discrepancy: The Snyk automation appears to be operating under the incorrect assumption that the current version of @angular/platform-browser is 12.0.4. The PR title and Snyk's metadata indicate an upgrade from 12.0.4 to 12.2.17. However, the actual package.json (before this PR's change) specifies ^15.0.0. This discrepancy is the root cause of the erroneous downgrade attempt.
• Purpose of the PR: The Snyk metadata indicates vulns: [], suggesting this PR is not for a specific security vulnerability but rather a dependency freshness update. Given the incorrect baseline, this 'update' is detrimental.

Merge Readiness

This pull request should not be merged in its current state. The proposed downgrade of @angular/platform-browser to v12.2.17, while other core Angular packages are at v15.0.0, will almost certainly break the application due to version incompatibilities.

It is strongly recommended to:

1. Close this pull request.
2. Investigate and update Snyk's project monitoring or baseline scan for this repository to ensure it accurately reflects the current dependency versions (i.e., that @angular/platform-browser is at ^15.0.0).
3. If an update for @angular/platform-browser is indeed required (e.g., for security or a newer feature within the v15.x.x line or a planned upgrade to a newer major Angular version), a new, correct PR should be generated based on the actual current version.

As an AI assistant, I am not authorized to approve pull requests. This PR requires rejection by a human maintainer due to the critical issues identified.

[gemini-code-assist]

This change downgrades @angular/platform-browser from ^15.0.0 (as indicated by the 'before' state of this diff line) to ^12.2.17. This creates a critical version incompatibility with other core Angular packages in this project, such as @angular/core, @angular/common, @angular/compiler, @angular/forms, @angular/platform-browser-dynamic, and @angular/router, which are all specified as ^15.0.0 in your package.json.

Mixing Angular v12 and v15 core packages is highly likely to lead to build failures (e.g., with ngcc) or runtime errors due to API incompatibilities and mismatched peer dependencies. For example, @angular/[email protected] expects @angular/[email protected], but your project uses @angular/core@^15.0.0.

It seems Snyk might be working from an outdated baseline for this package. The PR title ("Upgrade @angular/platform-browser from 12.0.4 to 12.2.17") and the Snyk metadata ("from":"12.0.4","to":"12.2.17") suggest Snyk believes the current version is 12.0.4. However, the actual change in this PR is from ^15.0.0.

Could this PR be based on an outdated Snyk scan or project configuration? This change, as is, should not be merged.

    "@angular/platform-browser": "^15.0.0",