Skip to content

Bump the npm_and_yarn group across 1 directory with 8 updates#45

Merged
Oguidan merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-d24f4298b7
Mar 19, 2026
Merged

Bump the npm_and_yarn group across 1 directory with 8 updates#45
Oguidan merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-d24f4298b7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package From To
@angular/core 21.0.8 21.2.4
@angular/ssr 20.3.12 20.3.17
@hono/node-server 1.19.9 1.19.11
minimatch 3.1.3 3.1.5
minimatch 10.2.2 10.2.4
hono 4.12.0 4.12.8
immutable 5.1.1 5.1.5
rollup 4.52.3 4.59.0
tar 7.5.9 7.5.11

Updates @angular/core from 21.0.8 to 21.2.4

Release notes

Sourced from @​angular/core's releases.

21.2.4

compiler

Commit Description
fix - ed2d324f9c disallow translations of iframe src

core

Commit Description
fix - abbd8797bb reverts "feat(core): add support for nested animations"
fix - d1dcd16c5b sanitize translated form attributes

VSCode Extension: 21.2.3

This release contains internal refactorings only.

21.2.3

core

Commit Description
fix - 62a97f7e4b ensure definitions compile
fix - 21b1c3b2ee include signal debug names in their toString() representation
fix - 224e60ecb1 sanitize translated attribute bindings with interpolations

VSCode Extension: 21.2.2

  • fix(extension): bundle TypeScript 5.9 internally (da57d1af73)

21.2.2

compiler

Commit Description
fix - 1df1697c6e prevent mutation of children array in RecursiveVisitor

compiler-cli

Commit Description
fix - c822bf8e76 always parenthesize object literals in TCB
fix - 05d022d5e6 ignore generated ngDevMode signal branch for code coverage

forms

Commit Description
feat - 670d1660c4 add 'blur' option to debounce rule

VSCode Extension: 21.2.1

  • perf(language-service): use lightweight project warmup for Angular analysis (d2137928e8)

21.2.1

core

Commit Description
fix - e2e9a9a531 adds transfer cache to httpResource to fix hydration
fix - b4ec3cc4e4 prevent child animation elements from being orphaned
fix - e923d88398 Prevent removal of elements during drag and drop

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.4 (2026-03-12)

compiler

Commit Type Description
ed2d324f9c fix disallow translations of iframe src

core

Commit Type Description
abbd8797bb fix reverts "feat(core): add support for nested animations"
d1dcd16c5b fix sanitize translated form attributes

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

  • createNgModuleRef was removed, use createNgModule instead

core

Commit Type Description
b918beda32 feat allow debouncing signals
f9ede9ec98 fix ensure definitions compile
b401c18674 fix include signal debug names in their toString() representation
8630319f74 fix sanitize translated attribute bindings with interpolations
36936872c9 refactor remove createNgModuleRef

forms

Commit Type Description
3e7ce0dafc fix restrict SignalFormsConfig to a readonly API

language-service

Commit Type Description
5a6d88626b feat add angular template inlay hints support

21.2.3 (2026-03-11)

core

Commit Type Description
62a97f7e4b fix ensure definitions compile
21b1c3b2ee fix include signal debug names in their toString() representation
224e60ecb1 fix sanitize translated attribute bindings with interpolations

21.2.2 (2026-03-09)

... (truncated)

Commits
  • d1dcd16 fix(core): sanitize translated form attributes
  • abbd879 fix(core): reverts "feat(core): add support for nested animations"
  • 7907e98 test: remove duplicate tests
  • 21b1c3b fix(core): include signal debug names in their toString() representation
  • 6c73aac refactor(common): Removes unused generic type parameters from KeyValueDiffers
  • c98eab7 refactor(core): remove old resource params
  • 7513558 docs: combine multiple documentation improvements into one PR
  • 575f302 refactor(core): interface cleanup
  • 224e60e fix(core): sanitize translated attribute bindings with interpolations
  • 09638ec docs(core): clarify provideZoneChangeDetection usage in v21+
  • Additional commits viewable in compare view

Updates @angular/ssr from 20.3.12 to 20.3.17

Release notes

Sourced from @​angular/ssr's releases.

20.3.17

@​angular/ssr

Commit Description
fix - 8700e18d7 prevent open redirect via X-Forwarded-Prefix header
fix - 67582a946 validate host headers to prevent header-based SSRF

20.3.16

@​angular/cli

Commit Description
fix - 656888a25 update dependency @​modelcontextprotocol/sdk to v1.26.0

20.3.15

@​angular/cli

Commit Description
fix - 795d65413 update pacote to v21.0.4

@​angular-devkit/build-angular

Commit Description
fix - ffc72cbc5 update webpack to version 5.104.1

20.3.14

@​angular/cli

Commit Description
fix - ff366499e update dependency @​modelcontextprotocol/sdk to v1.25.2

20.3.13

@​angular/cli

Commit Description
fix - cfbb61602 update @modelcontextprotocol/sdk to v1.24.0
Changelog

Sourced from @​angular/ssr's changelog.

20.3.17 (2026-02-23)

@​angular/ssr

Commit Type Description
8700e18d7 fix prevent open redirect via X-Forwarded-Prefix header
67582a946 fix validate host headers to prevent header-based SSRF

19.2.21 (2026-02-23)

@​angular/ssr

Commit Type Description
288e22816 fix prevent open redirect via X-Forwarded-Prefix header
2a72d7483 fix validate host headers to prevent header-based SSRF

19.2.20 (2026-02-13)

@​angular-devkit/build-angular

Commit Type Description
0e5421ba7 fix update webpack to 5.105.0

21.1.4 (2026-02-11)

@​angular/build

Commit Type Description
7a9dd6b47 fix correctly resolve absolute setup file paths in Vitest

... (truncated)

Commits
  • c0d1626 release: cut the v20.3.17 release
  • 8700e18 fix(@​angular/ssr): prevent open redirect via X-Forwarded-Prefix header
  • 67582a9 fix(@​angular/ssr): validate host headers to prevent header-based SSRF
  • 750f037 release: cut the v20.3.16 release
  • 0f02aca build: update webpack to v5.105.0
  • 656888a fix(@​angular/cli): update dependency @​modelcontextprotocol/sdk to v1.26.0
  • 279b1ad release: cut the v20.3.15 release
  • 795d654 fix(@​angular/cli): update pacote to v21.0.4
  • ffc72cb fix(@​angular-devkit/build-angular): update webpack to version 5.104.1
  • 4963d9c release: cut the v20.3.14 release
  • Additional commits viewable in compare view

Updates @hono/node-server from 1.19.9 to 1.19.11

Release notes

Sourced from @​hono/node-server's releases.

v1.19.11

What's Changed

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

Updates minimatch from 3.1.3 to 3.1.5

Commits

Updates minimatch from 10.2.2 to 10.2.4

Commits

Updates hono from 4.12.0 to 4.12.8

Release notes

Sourced from hono's releases.

v4.12.8

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.4...v4.12.5

v4.12.4

Security fixes

... (truncated)

Commits
  • fe689ec 4.12.8
  • 0c0bf8d fix(bearer-auth): escape regex metacharacters in bearer auth prefix option (#...
  • 488ea6a fix(utils/mime): Normalize input extension to lowercase before MIME check (#4...
  • b0aba5b 4.12.7
  • 1be3a53 ci: apply automated fixes
  • ef90225 Merge commit from fork
  • 3f88636 4.12.6
  • 53b66ae fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X (#4782)
  • 58825a7 feat(jsx-renderer): support function-based options (#4780)
  • 0e80acb chore: add tsconfig.spec.json (#4798)
  • Additional commits viewable in compare view

Updates immutable from 5.1.1 to 5.1.5

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Full Changelog: immutable-js/immutable-js@v5.1.4...v5.1.5

v5.1.4

What's Changed

Documentation

Internal

New Contributors

Full Changelog: immutable-js/immutable-js@v5.1.3...v5.1.4

v5.1.3

What's Changed

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples.

... (truncated)

Changelog

Sourced from immutable's changelog.

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

5.1.3

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

5.1.2

Commits
  • b37b855 5.1.5
  • 16b3313 Merge commit from fork
  • fd2ef49 fix new proto key injection
  • 6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
  • 6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
  • 5f3dc61 Bump rollup from 4.34.8 to 4.59.0
  • 049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
  • 2481a77 Merge pull request #2172 from mrazauskas/update-tstyche
  • eb04779 Bump lodash from 4.17.21 to 4.17.23
  • b973bf3 format
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.


Updates rollup from 4.52.3 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

v4.58.0

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

v4.57.1

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates tar from 7.5.9 to 7.5.11

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 8 updates
1fce5a2 
Bumps the npm_and_yarn group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.0.8` | `21.2.4` |
| [@angular/ssr](https://github.com/angular/angular-cli) | `20.3.12` | `20.3.17` |
| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.11` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.3` | `3.1.5` |
| [minimatch](https://github.com/isaacs/minimatch) | `10.2.2` | `10.2.4` |
| [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.8` |
| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.1` | `5.1.5` |
| [rollup](https://github.com/rollup/rollup) | `4.52.3` | `4.59.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.9` | `7.5.11` |



Updates `@angular/core` from 21.0.8 to 21.2.4
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.4/packages/core)

Updates `@angular/ssr` from 20.3.12 to 20.3.17
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@20.3.12...v20.3.17)

Updates `@hono/node-server` from 1.19.9 to 1.19.11
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v1.19.9...v1.19.11)

Updates `minimatch` from 3.1.3 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.3...v3.1.5)

Updates `minimatch` from 10.2.2 to 10.2.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.3...v3.1.5)

Updates `hono` from 4.12.0 to 4.12.8
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.0...v4.12.8)

Updates `immutable` from 5.1.1 to 5.1.5
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.1.1...v5.1.5)

Updates `rollup` from 4.52.3 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.52.3...v4.59.0)

Updates `tar` from 7.5.9 to 7.5.11
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.9...v7.5.11)

---
updated-dependencies:
- dependency-name: "@angular/core"
  dependency-version: 21.2.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/ssr"
  dependency-version: 20.3.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: immutable
  dependency-version: 5.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 19, 2026
Oguidan
Oguidan approved these changes Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Oguidan Oguidan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update

@Oguidan Oguidan added this pull request to the merge queue Mar 19, 2026
Merged via the queue into main with commit 822757c Mar 19, 2026
2 checks passed
@Oguidan Oguidan deleted the dependabot/npm_and_yarn/npm_and_yarn-d24f4298b7 branch March 19, 2026 04:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Oguidan Oguidan Oguidan approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Oguidan