Skip to content

Bump the minor-and-patch-version-updates group with 4 updates#168

Merged
mroloux merged 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-version-updates-35410872f8
Jun 2, 2026
Merged

Bump the minor-and-patch-version-updates group with 4 updates#168
mroloux merged 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-version-updates-35410872f8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Bumps the minor-and-patch-version-updates group with 4 updates: @angular/cli, @angular/language-service, @types/node and semver.

Updates @angular/cli from 21.2.9 to 21.2.13

Release notes

Sourced from @​angular/cli's releases.

21.2.13

@​angular-devkit/build-angular

Commit Description
fix - 3c6d26a31 remove unconditional CORS wildcard from webpack dev-server

@​angular/build

Commit Description
fix - 2b3e95517 assert that asset input paths are within workspace root

21.2.12

@​angular/build

Commit Description
fix - cbad57579 ignore virtual esbuild paths with (disabled):

21.2.11

@​angular/cli

Commit Description
fix - bbd63b7a5 robustly parse npm manifest from array

@​angular/ssr

Commit Description
fix - eafe1a719 allow all hosts in common engine rendering options to prevent validation errors
fix - 7a116a80d remove stateful flag from URL_PARAMETER_REGEXP

21.2.10

@​angular/cli

Commit Description
fix - bb8611913 restrict MCP workspace access to allowed client roots during resolution
Changelog

Sourced from @​angular/cli's changelog.

21.2.13 (2026-05-27)

@​angular-devkit/build-angular

Commit Type Description
3c6d26a31 fix remove unconditional CORS wildcard from webpack dev-server

@​angular/build

Commit Type Description
2b3e95517 fix assert that asset input paths are within workspace root

22.0.0-rc.1 (2026-05-21)

@​schematics/angular

Commit Type Description
a7ac8e5f0 fix support spy call arguments migration in refactor-jasmine-vitest

@​angular/build

Commit Type Description
327cc2414 fix assert that asset input paths are within workspace root
93d352798 fix ignore virtual esbuild paths with (disabled):

21.2.12 (2026-05-20)

@​angular/build

Commit Type Description
cbad57579 fix ignore virtual esbuild paths with (disabled):

22.0.0-rc.0 (2026-05-13)

... (truncated)

Commits
  • 287e4e8 release: cut the v21.2.13 release
  • 3c6d26a fix(@​angular-devkit/build-angular): remove unconditional CORS wildcard from w...
  • 2b3e955 fix(@​angular/build): assert that asset input paths are within workspace root
  • 9dcef4d release: cut the v21.2.12 release
  • feec5bf refactor(@​angular/build): add missing OutputFile import
  • 48c17e8 docs: update JSDoc return tag to @return and fix description in registry.ts
  • cbad575 fix(@​angular/build): ignore virtual esbuild paths with (disabled):
  • 6cc9349 docs: update ng.ts render function documentation to reflect removal of render...
  • 00e3663 release: cut the v21.2.11 release
  • eafe1a7 fix(@​angular/ssr): allow all hosts in common engine rendering options to prev...
  • Additional commits viewable in compare view

Updates @angular/language-service from 21.2.11 to 21.2.15

Release notes

Sourced from @​angular/language-service's releases.

21.2.15

common

Commit Description
fix - 7f4ac78994 add upper bounds for digitsInfo
fix - 300f61feb3 sanitize placeholder

compiler

Commit Description
fix - 0b07f47bd6 normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
fix - eb1cbbf2eb prevent namespaced SVG elements from being stripped
fix - cc1378d54b sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
fix - 782e01594e strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description
fix - ff12fe55ac normalize tag names in runtime i18n attribute security context lookup (#68925)
fix - e6fe77cc97 sanitize meta selectors
fix - daaf32937f support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
fix - dada86e43d synchronize core sanitization schema with compiler (#68925)

http

Commit Description
fix - 582a417bd2 exclude withCredentials requests from transfer cache
fix - 5c6d6df34b skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - 37e8aadf87 prevent SSRF bypasses via backslash URLs in HttpClient
fix - 72696e244e secure location and document initialization against SSRF and path hijack

service-worker

Commit Description
fix - b8bd49341d Preserves explicit 'credentials: omit' in asset requests
fix - ca32fc1000 Preserves HTTP cache mode in asset group requests

21.2.14

compiler

Commit Description
fix - 68282dff9f strip namespaced SVG script elements during template compilation

core

Commit Description
fix - c0f52272ed do not insert todo when migrating void @​Output
fix - 938a7f3edd makes resource URL sanitizer lookup case-insensitive
fix - 0fb2724194 reject script element as a dynamic component host
fix - 49113ac0ef visit ICU expressions in signal migration schematics

router

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/language-service's changelog.

21.2.15 (2026-05-28)

common

Commit Type Description
7f4ac78994 fix add upper bounds for digitsInfo
300f61feb3 fix sanitize placeholder

compiler

Commit Type Description
0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
eb1cbbf2eb fix prevent namespaced SVG elements from being stripped
cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description
ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)
e6fe77cc97 fix sanitize meta selectors
daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description
582a417bd2 fix exclude withCredentials requests from transfer cache
5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description
37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description
b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests
ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

compiler

Commit Type Description
6ea6379123 fix prevent namespaced SVG elements from being stripped

20.3.23 (2026-05-28)

compiler

... (truncated)

Commits

Updates @types/node from 25.6.0 to 25.9.1

Commits

Updates semver from 7.7.4 to 7.8.1

Release notes

Sourced from semver's releases.

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

v7.8.0

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

Changelog

Sourced from semver's changelog.

7.8.1 (2026-05-21)

Bug Fixes

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-and-patch-version-updates group with 4 updates
f70d16b 
Bumps the minor-and-patch-version-updates group with 4 updates: [@angular/cli](https://github.com/angular/angular-cli), [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [semver](https://github.com/npm/node-semver).


Updates `@angular/cli` from 21.2.9 to 21.2.13
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@v21.2.9...v21.2.13)

Updates `@angular/language-service` from 21.2.11 to 21.2.15
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.15/packages/language-service)

Updates `@types/node` from 25.6.0 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `semver` from 7.7.4 to 7.8.1
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.7.4...v7.8.1)

---
updated-dependencies:
- dependency-name: "@angular/cli"
  dependency-version: 21.2.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch-version-updates
- dependency-name: "@angular/language-service"
  dependency-version: 21.2.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch-version-updates
- dependency-name: "@types/node"
  dependency-version: 25.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-version-updates
- dependency-name: semver
  dependency-version: 7.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 2, 2026
@mroloux mroloux merged commit 1ce78f6 into master Jun 2, 2026
1 check passed
@mroloux mroloux deleted the dependabot/npm_and_yarn/minor-and-patch-version-updates-35410872f8 branch June 2, 2026 06:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mroloux