[Snyk] Security upgrade @angular/core from 21.0.6 to 21.1.6

[travist]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• angular/src/package.json
• angular/src/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-15353393	666

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[travist]

This minor version upgrade from @angular/core 21.0.6 to 21.1.6 introduces new features, bug fixes, and one key deprecation that requires developer attention.

Key Changes:

• Deprecation of Router.isActive(): The Router.isActive() method is now deprecated and will be removed in a future version. It is replaced by a new standalone, signal-based isActive() function.
• Experimental Signal Forms Update: For applications using the experimental Signal Forms API, the [field] directive has been updated to [formField]. An ng update command should handle this migration automatically.
• New Features: The release adds non-breaking features, including support for spread operators in templates and a multi-case @switch block.
• Bug Fixes: The update includes fixes for RouterLink query parameter merging and various memory leaks. While beneficial, these could alter behavior in applications that inadvertently relied on the previous buggy behavior.

Recommendation:
While this is not a major breaking release, the deprecation of Router.isActive() warrants a medium risk assessment. Developers should plan to migrate to the new isActive() function to avoid issues in future Angular versions. Teams using experimental Signal Forms must verify that the automatic migration was successful.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.