Skip to content

chore(deps): bump @angular/core and @angular/compiler in /client#102

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/client/multi-4d467c75f2
Open

chore(deps): bump @angular/core and @angular/compiler in /client#102
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/client/multi-4d467c75f2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Jan 9, 2026

Bumps @angular/core to 21.0.8 and updates ancestor dependency @angular/compiler. These dependencies need to be updated together.

Updates @angular/core from 11.0.5 to 21.0.8

Release notes

Sourced from @​angular/core's releases.

21.0.8

core

Commit Description
fix - a6a2621bf9 fix memory leak with event replay
fix - 5239e471a1 handle cancelled traversals in fake navigation

21.0.7

compiler

Commit Description
fix - 8e808740c9 better types for a few expression AST nodes
fix - 63b1cdcf70 produce accurate span for typeof and void expressions
fix - 3c3ae0cb64 provide location information for literal map keys
fix - 523dbaf1c3 stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit Description
fix - 4d9c4567ed ensure component import diagnostics are reported within the imports expression
fix - cd405685af fix up spelling of diagnostic
fix - 778460fcca support qualified names in typeof type references

core

Commit Description
fix - 7c74674eb0 avoid leaking view data in animations
fix - 0edbee4550 explicitly cast signal node value to String
fix - f9c29572d2 sanitize sensitive attributes on SVG script elements

forms

Commit Description
feat - e3fba182f9 add [formField] directive
fix - 561772b152 allow custom controls to require dirty input
fix - f0fb1d8581 allow custom controls to require hidden input
fix - ec110f170b allow custom controls to require pending input
fix - ae1dc16bb0 clean up abort listener after timeout
fix - 9748b0d5da support custom controls with non signal-based models
fix - 6bd22df987 Support readonly arrays in signal forms

router

Commit Description
fix - 41cd4a6af8 Fix RouterLink href not updating with queryParamsHandling
fix - 5e9e09aee0 handle errors from view transition updateCallbackDone promise

21.0.6

core

Commit Description
fix - 4c8fb3631d throw better errors for potential circular references
fix - 48492524ea use mutable ResponseInit type for RESPONSE_INIT token

forms

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.0.8 (2026-01-08)

core

Commit Type Description
a6a2621bf9 fix fix memory leak with event replay
5239e471a1 fix handle cancelled traversals in fake navigation

20.3.16 (2026-01-07)

core

Commit Type Description
c2c2b4aaa8 fix sanitize sensitive attributes on SVG script elements

19.2.18 (2026-01-07)

core

Commit Type Description
26cdc53d9c fix sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit Type Description
8e808740c9 fix better types for a few expression AST nodes
63b1cdcf70 fix produce accurate span for typeof and void expressions
3c3ae0cb64 fix provide location information for literal map keys
523dbaf1c3 fix stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit Type Description
4d9c4567ed fix ensure component import diagnostics are reported within the imports expression
cd405685af fix fix up spelling of diagnostic
778460fcca fix support qualified names in typeof type references

core

Commit Type Description
7c74674eb0 fix avoid leaking view data in animations
0edbee4550 fix explicitly cast signal node value to String
f9c29572d2 fix sanitize sensitive attributes on SVG script elements

forms

| Commit | Type | Description |

... (truncated)

Commits
  • 5239e47 fix(core): handle cancelled traversals in fake navigation
  • 8aab227 build: update cross-repo angular dependencies
  • f5bad8e refactor(core): Improve tree-shakable RuntimeError error for `INVALID_FIELD...
  • a6a2621 fix(core): fix memory leak with event replay
  • fbb37d8 refactor(core): remove unused instruction parameter
  • 7c74674 fix(core): avoid leaking view data in animations
  • c1e9627 docs(core): fix Ivy view data docs tables
  • e3fba18 feat(forms): add [formField] directive
  • af1d4ac refactor(forms): bind native properties on interop controls
  • 0e8b9d8 refactor(forms): bind field properties to all directives on interop controls
  • Additional commits viewable in compare view

Updates @angular/compiler from 19.1.2 to 19.2.18

Release notes

Sourced from @​angular/compiler's releases.

19.2.18

core

Commit Description
fix - 26cdc53d9c sanitize sensitive attributes on SVG script elements

19.2.17

compiler

Commit Description
fix - 7c42e2ebeb prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16

http

Commit Description
fix - 05fe6686a9 prevent XSRF token leakage to protocol-relative URLs

19.2.15

core

Commit Description
fix - 70d0639bc1 introduce BootstrapContext for improved server bootstrapping (#63639)

Breaking Changes

core

  • The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

    Before:

    const bootstrap = () => bootstrapApplication(AppComponent, config);

    After:

    const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);

    A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

    In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.

For more information please see: GHSA-68x2-mx4q-78m7

19.2.14

compiler

Commit Description
fix - 24bab55f0c lexer support for template literals in object literals (#61601)

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

19.2.18 (2026-01-07)

core

Commit Type Description
26cdc53d9c fix sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit Type Description
8e808740c9 fix better types for a few expression AST nodes
63b1cdcf70 fix produce accurate span for typeof and void expressions
3c3ae0cb64 fix provide location information for literal map keys
523dbaf1c3 fix stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit Type Description
4d9c4567ed fix ensure component import diagnostics are reported within the imports expression
cd405685af fix fix up spelling of diagnostic
778460fcca fix support qualified names in typeof type references

core

Commit Type Description
7c74674eb0 fix avoid leaking view data in animations
0edbee4550 fix explicitly cast signal node value to String
f9c29572d2 fix sanitize sensitive attributes on SVG script elements

forms

Commit Type Description
e3fba182f9 feat add [formField] directive
561772b152 fix allow custom controls to require dirty input
f0fb1d8581 fix allow custom controls to require hidden input
ec110f170b fix allow custom controls to require pending input
ae1dc16bb0 fix clean up abort listener after timeout
9748b0d5da fix support custom controls with non signal-based models
6bd22df987 fix Support readonly arrays in signal forms

router

Commit Type Description
41cd4a6af8 fix Fix RouterLink href not updating with queryParamsHandling
5e9e09aee0 fix handle errors from view transition updateCallbackDone promise

21.1.0-next.4 (2025-12-17)

Breaking Changes

... (truncated)

Commits
  • 26cdc53 fix(core): sanitize sensitive attributes on SVG script elements
  • 7c42e2e fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
  • 24bab55 fix(compiler): lexer support for template literals in object literals (#61601)
  • fc2483e refactor(compiler): avoid duplication between FactoryTarget type (#61571)
  • 8e54b57 build: move private testing helpers outside platform-browser/testing (#61571)
  • 44bb328 fix(compiler): avoid conflicts between HMR code and local symbols (#61550)
  • 1007079 build: update compiler-cli to not be stamped when used for the compiler in ng...
  • 0d025c5 build: support new ng_project rule (#61336)
  • 899cb4a refactor: add explicit types for exports relying on inferred call return type...
  • 1312eb1 build: remove irrelevant madge circular deps tests (#61209)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump @angular/core and @angular/compiler in /client
7d9907b 
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) to 21.0.8 and updates ancestor dependency [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler). These dependencies need to be updated together.


Updates `@angular/core` from 11.0.5 to 21.0.8
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.0.8/packages/core)

Updates `@angular/compiler` from 19.1.2 to 19.2.18
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v19.2.18/packages/compiler)

---
updated-dependencies:
- dependency-name: "@angular/core"
  dependency-version: 21.0.8
  dependency-type: direct:production
- dependency-name: "@angular/compiler"
  dependency-version: 19.2.18
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants