chore(deps): bump the angular group across 1 directory with 20 updates by dependabot[bot] · Pull Request #407 · radix-ng/primitives

dependabot · 2026-06-03T09:50:43Z

Bumps the angular group with 20 updates in the / directory:

Package	From	To
@angular/animations	`21.2.9`	`21.2.16`
@angular/cdk	`21.2.9`	`21.2.14`
@angular/common	`21.2.9`	`21.2.16`
@angular/compiler	`21.2.9`	`21.2.16`
@angular/core	`21.2.9`	`21.2.16`
@angular/forms	`21.2.9`	`21.2.16`
@angular/platform-browser	`21.2.9`	`21.2.16`
@angular/platform-browser-dynamic	`21.2.9`	`21.2.16`
@angular/platform-server	`21.2.9`	`21.2.16`
@angular/router	`21.2.9`	`21.2.16`
@angular/ssr	`21.2.9`	`21.2.14`
@angular-devkit/build-angular	`21.2.9`	`21.2.14`
@angular-devkit/core	`21.2.9`	`21.2.14`
@angular-devkit/schematics	`21.2.9`	`21.2.14`
@angular/build	`21.2.9`	`21.2.14`
@angular/cli	`21.2.12`	`21.2.14`
@angular/compiler-cli	`21.2.9`	`21.2.16`
@angular/language-service	`21.2.9`	`21.2.16`
@schematics/angular	`21.2.9`	`21.2.14`
ng-packagr	`21.2.3`	`21.2.5`

Updates @angular/animations from 21.2.9 to 21.2.16

Release notes

Sourced from @angular/animations's releases.

21.2.16

common

Commit Description

only strip a literal /index.html suffix from URLs

compiler

Commit Description

move projection attributes into constants

core

Commit Description

harden inherit definition feature against polluted prototypes

use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

21.2.15

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

prevent namespaced SVG elements from being stripped

sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68925)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

synchronize core sanitization schema with compiler (#68925)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

prevent SSRF bypasses via backslash URLs in HttpClient

secure location and document initialization against SSRF and path hijack

... (truncated)

Changelog

Sourced from @angular/animations's changelog.

21.2.16 (2026-06-03)

common

Commit Type Description

f6d8e642b0 fix only strip a literal /index.html suffix from URLs

compiler

Commit Type Description

ae1c8a1f7a fix move projection attributes into constants

core

Commit Type Description

3fd6897a67 fix harden inherit definition feature against polluted prototypes

7e38336dc7 fix use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Type Description

66821c4ed5 fix throw on suspicious URLs and restrict protocol-relative URLs

d3170031b6 fix update domino to latest version

19.2.25 (2026-06-02)

platform-server

Commit Type Description

e2fb854d55 fix throw on suspicious URLs and restrict protocol-relative URLs

0a8befb493 fix update domino to latest version

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

... (truncated)

Commits

See full diff in compare view

Updates @angular/cdk from 21.2.9 to 21.2.14

Release notes

Sourced from @angular/cdk's releases.

21.2.14

No user facing changes in this release

21.2.13

No user facing changes in this release

21.2.12

material

Commit Description

datepicker: ensure dates don't overflow on a small screen (#33281)

21.2.11

No user facing changes in this release

21.2.10

aria

Commit Description

menu: do not set default aria-label (#33202)

Changelog

Sourced from @angular/cdk's changelog.

21.2.14 "amicite-atlas" (2026-06-03)

No user facing changes in this release

21.2.13 "21-2-13" (2026-05-27)

No user facing changes in this release

21.2.12 "plastic-moose" (2026-05-20)

material

Commit Type Description

da87be7646 fix datepicker: ensure dates don't overflow on a small screen (#33281)

21.2.11 "crystal ball" (2026-05-13)

No user facing changes in this release

21.2.10 "metal-wallaby" (2026-05-06)

aria

Commit Type Description

48973661e fix menu: do not set default aria-label (#33202)

Commits

8fe4d6a release: cut the v21.2.14 release
ece530c docs(material/bottom-sheet): update panelClass comment (#33321)
7828452 release: cut the v21.2.13 release
e43b7aa release: cut the v21.2.12 release
da87be7 fix(material/datepicker): ensure dates don't overflow on a small screen (#33281)
e101874 docs(material/tooltip): fix tooltip-position-at-origin example overflow (#33218)
1238d15 release: cut the v21.2.11 release
583da8a release: cut the v21.2.10 release
babfbb7 build: update cross-repo angular dependencies (#33205)
e08fdf2 build: fix failing test (#33212)
Additional commits viewable in compare view

Updates @angular/common from 21.2.9 to 21.2.16

Release notes

Sourced from @angular/common's releases.

21.2.16

common

Commit Description

only strip a literal /index.html suffix from URLs

compiler

Commit Description

move projection attributes into constants

core

Commit Description

harden inherit definition feature against polluted prototypes

use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

21.2.15

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

prevent namespaced SVG elements from being stripped

sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68925)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

synchronize core sanitization schema with compiler (#68925)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

prevent SSRF bypasses via backslash URLs in HttpClient

secure location and document initialization against SSRF and path hijack

... (truncated)

Changelog

Sourced from @angular/common's changelog.

21.2.16 (2026-06-03)

common

Commit Type Description

f6d8e642b0 fix only strip a literal /index.html suffix from URLs

compiler

Commit Type Description

ae1c8a1f7a fix move projection attributes into constants

core

Commit Type Description

3fd6897a67 fix harden inherit definition feature against polluted prototypes

7e38336dc7 fix use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Type Description

66821c4ed5 fix throw on suspicious URLs and restrict protocol-relative URLs

d3170031b6 fix update domino to latest version

19.2.25 (2026-06-02)

platform-server

Commit Type Description

e2fb854d55 fix throw on suspicious URLs and restrict protocol-relative URLs

0a8befb493 fix update domino to latest version

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

... (truncated)

Commits

f6d8e64 fix(common): only strip a literal /index.html suffix from URLs
582a417 fix(http): exclude withCredentials requests from transfer cache
5c6d6df fix(http): skip TransferCache for cookie-bearing requests by default
300f61f fix(common): sanitize placeholder
7f4ac78 fix(common): add upper bounds for digitsInfo
30cf85f refactor(common): update deprecation message
42d57c3 refactor(common): fix viewport tests
10ad3c0 fix(common): prevent focus from scrollToAnchor
See full diff in compare view

Updates @angular/compiler from 21.2.9 to 21.2.16

Release notes

Sourced from @angular/compiler's releases.

21.2.16

common

Commit Description

only strip a literal /index.html suffix from URLs

compiler

Commit Description

move projection attributes into constants

core

Commit Description

harden inherit definition feature against polluted prototypes

use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

21.2.15

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

prevent namespaced SVG elements from being stripped

sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68925)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

synchronize core sanitization schema with compiler (#68925)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

prevent SSRF bypasses via backslash URLs in HttpClient

secure location and document initialization against SSRF and path hijack

... (truncated)

Changelog

Sourced from @angular/compiler's changelog.

21.2.16 (2026-06-03)

common

Commit Type Description

f6d8e642b0 fix only strip a literal /index.html suffix from URLs

compiler

Commit Type Description

ae1c8a1f7a fix move projection attributes into constants

core

Commit Type Description

3fd6897a67 fix harden inherit definition feature against polluted prototypes

7e38336dc7 fix use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Type Description

66821c4ed5 fix throw on suspicious URLs and restrict protocol-relative URLs

d3170031b6 fix update domino to latest version

19.2.25 (2026-06-02)

platform-server

Commit Type Description

e2fb854d55 fix throw on suspicious URLs and restrict protocol-relative URLs

0a8befb493 fix update domino to latest version

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

... (truncated)

Commits

ae1c8a1 fix(compiler): move projection attributes into constants
eb1cbbf fix(compiler): prevent namespaced SVG <style> elements from being stripped
29ceeff docs: fix typos in source code comments
782e015 fix(compiler): strip namespaced SVG script elements during template compilati...
ff12fe5 fix(core): normalize tag names in runtime i18n attribute security context loo...
0b07f47 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
cc1378d fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
daaf329 fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
68282df fix(compiler): strip namespaced SVG script elements during template compilation
6652ec0 refactor(core): align namespaced attribute validation and security schema con...
Additional commits viewable in compare view

Updates @angular/core from 21.2.9 to 21.2.16

Release notes

Sourced from @angular/core's releases.

21.2.16

common

Commit Description

only strip a literal /index.html suffix from URLs

compiler

Commit Description

move projection attributes into constants

core

Commit Description

harden inherit definition feature against polluted prototypes

use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

21.2.15

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

prevent namespaced SVG elements from being stripped

sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68925)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

synchronize core sanitization schema with compiler (#68925)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

prevent SSRF bypasses via backslash URLs in HttpClient

secure location and document initialization against SSRF and path hijack

... (truncated)

Changelog

Sourced from @angular/core's changelog.

21.2.16 (2026-06-03)

common

Commit Type Description

f6d8e642b0 fix only strip a literal /index.html suffix from URLs

compiler

Commit Type Description

ae1c8a1f7a fix move projection attributes into constants

core

Commit Type Description

3fd6897a67 fix harden inherit definition feature against polluted prototypes

7e38336dc7 fix use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Type Description

66821c4ed5 fix throw on suspicious URLs and restrict protocol-relative URLs

d3170031b6 fix update domino to latest version

19.2.25 (2026-06-02)

platform-server

Commit Type Description

e2fb854d55 fix throw on suspicious URLs and restrict protocol-relative URLs

0a8befb493 fix update domino to latest version

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

... (truncated)

Commits

736c4ab refactor(core): fix broken unit test.
3fd6897 fix(core): harden inherit definition feature against polluted prototypes
7e38336 fix(core): use Object.create(null) for LOCALE_DATA as a hardening measure
29ceeff docs: fix typos in source code comments
251c8f2 test(core): remove obsolete SVG script sanitization translation test (#68925)
dada86e fix(core): synchronize core sanitization schema with compiler (#68925)
782e015 fix(compiler): strip namespaced SVG script elements during template compilati...
ff12fe5 fix(core): normalize tag names in runtime i18n attribute security context loo...
0b07f47 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
cc1378d fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
Additional commits viewable in compare view

Updates @angular/forms from 21.2.9 to 21.2.16

Release notes

Sourced from @angular/forms's releases.

21.2.16

common

Commit Description

only strip a literal /index.html suffix from URLs

compiler

Commit Description

move projection attributes into constants

core

Commit Description

harden inherit definition feature against polluted prototypes

use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

21.2.15

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

prevent namespaced SVG elements from being stripped

sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68925)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

synchronize core sanitization schema with compiler (#68925)

http

Commit Description

Description has been truncated

vercel · 2026-06-03T09:50:45Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
primitives-storybook	Ready	Preview, Comment	Jun 6, 2026 7:49pm
radix-astro-doc	Error		Jun 6, 2026 7:49pm

Bumps the angular group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `21.2.9` | `21.2.16` | | [@angular/cdk](https://github.com/angular/components) | `21.2.9` | `21.2.14` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `21.2.9` | `21.2.16` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `21.2.9` | `21.2.16` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.2.9` | `21.2.16` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `21.2.9` | `21.2.16` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `21.2.9` | `21.2.16` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `21.2.9` | `21.2.16` | | [@angular/platform-server](https://github.com/angular/angular/tree/HEAD/packages/platform-server) | `21.2.9` | `21.2.16` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `21.2.9` | `21.2.16` | | [@angular/ssr](https://github.com/angular/angular-cli) | `21.2.9` | `21.2.14` | | [@angular-devkit/build-angular](https://github.com/angular/angular-cli) | `21.2.9` | `21.2.14` | | [@angular-devkit/core](https://github.com/angular/angular-cli) | `21.2.9` | `21.2.14` | | [@angular-devkit/schematics](https://github.com/angular/angular-cli) | `21.2.9` | `21.2.14` | | [@angular/build](https://github.com/angular/angular-cli) | `21.2.9` | `21.2.14` | | [@angular/cli](https://github.com/angular/angular-cli) | `21.2.12` | `21.2.14` | | [@angular/compiler-cli](https://github.com/angular/angular/tree/HEAD/packages/compiler-cli) | `21.2.9` | `21.2.16` | | [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) | `21.2.9` | `21.2.16` | | [@schematics/angular](https://github.com/angular/angular-cli) | `21.2.9` | `21.2.14` | | [ng-packagr](https://github.com/ng-packagr/ng-packagr) | `21.2.3` | `21.2.5` | Updates `@angular/animations` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/animations) Updates `@angular/cdk` from 21.2.9 to 21.2.14 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@v21.2.9...v21.2.14) Updates `@angular/common` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/common) Updates `@angular/compiler` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/compiler) Updates `@angular/core` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/core) Updates `@angular/forms` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/forms) Updates `@angular/platform-browser` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/platform-browser-dynamic) Updates `@angular/platform-server` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/platform-server) Updates `@angular/router` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/router) Updates `@angular/ssr` from 21.2.9 to 21.2.14 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v21.2.9...v21.2.14) Updates `@angular-devkit/build-angular` from 21.2.9 to 21.2.14 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v21.2.9...v21.2.14) Updates `@angular-devkit/core` from 21.2.9 to 21.2.14 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v21.2.9...v21.2.14) Updates `@angular-devkit/schematics` from 21.2.9 to 21.2.14 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v21.2.9...v21.2.14) Updates `@angular/build` from 21.2.9 to 21.2.14 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v21.2.9...v21.2.14) Updates `@angular/cli` from 21.2.12 to 21.2.14 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v21.2.12...v21.2.14) Updates `@angular/compiler-cli` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/compiler-cli) Updates `@angular/language-service` from 21.2.9 to 21.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/language-service) Updates `@schematics/angular` from 21.2.9 to 21.2.14 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v21.2.9...v21.2.14) Updates `ng-packagr` from 21.2.3 to 21.2.5 - [Release notes](https://github.com/ng-packagr/ng-packagr/releases) - [Changelog](https://github.com/ng-packagr/ng-packagr/blob/21.2.5/CHANGELOG.md) - [Commits](ng-packagr/ng-packagr@21.2.3...21.2.5) --- updated-dependencies: - dependency-name: "@angular-devkit/build-angular" dependency-version: 21.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular-devkit/core" dependency-version: 21.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular-devkit/schematics" dependency-version: 21.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/animations" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/build" dependency-version: 21.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/cdk" dependency-version: 21.2.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/cli" dependency-version: 21.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/common" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/compiler" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/compiler-cli" dependency-version: 21.2.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/core" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/forms" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/language-service" dependency-version: 21.2.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/platform-browser" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/platform-browser-dynamic" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/platform-server" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/router" dependency-version: 21.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/ssr" dependency-version: 21.2.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@schematics/angular" dependency-version: 21.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: ng-packagr dependency-version: 21.2.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-07T12:31:25Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot requested a review from pimenovoleg as a code owner June 3, 2026 09:50

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2026

dependabot Bot requested a review from artembelik as a code owner June 3, 2026 09:50

vercel Bot had a problem deploying to Preview – primitives-storybook June 3, 2026 09:50 Failure

vercel Bot had a problem deploying to Preview – radix-astro-doc June 3, 2026 09:51 Failure

dependabot Bot force-pushed the dependabot/npm_and_yarn/angular-eeda4633fa branch from ef58ab1 to 50c7020 Compare June 3, 2026 10:13

vercel Bot had a problem deploying to Preview – primitives-storybook June 3, 2026 10:14 Failure

vercel Bot had a problem deploying to Preview – radix-astro-doc June 3, 2026 10:14 Failure

dependabot Bot force-pushed the dependabot/npm_and_yarn/angular-eeda4633fa branch from 50c7020 to b86125a Compare June 3, 2026 14:53

vercel Bot had a problem deploying to Preview – radix-astro-doc June 3, 2026 14:54 Failure

vercel Bot deployed to Preview – primitives-storybook June 3, 2026 14:54 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/angular-eeda4633fa branch from b86125a to ad3aa2e Compare June 3, 2026 15:19

vercel Bot had a problem deploying to Preview – radix-astro-doc June 3, 2026 15:20 Failure

vercel Bot deployed to Preview – primitives-storybook June 3, 2026 15:20 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/angular-eeda4633fa branch from ad3aa2e to aec0af1 Compare June 4, 2026 15:35

vercel Bot had a problem deploying to Preview – radix-astro-doc June 4, 2026 15:35 Failure

vercel Bot deployed to Preview – primitives-storybook June 4, 2026 15:36 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/angular-eeda4633fa branch from aec0af1 to 9832afc Compare June 4, 2026 19:51

vercel Bot had a problem deploying to Preview – radix-astro-doc June 4, 2026 19:52 Failure

vercel Bot deployed to Preview – primitives-storybook June 4, 2026 19:53 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/angular-eeda4633fa branch from 9832afc to 24a41ad Compare June 6, 2026 19:48

vercel Bot had a problem deploying to Preview – radix-astro-doc June 6, 2026 19:49 Failure

vercel Bot deployed to Preview – primitives-storybook June 6, 2026 19:49 View deployment

dependabot Bot closed this Jun 7, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/angular-eeda4633fa branch June 7, 2026 12:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the angular group across 1 directory with 20 updates#407

chore(deps): bump the angular group across 1 directory with 20 updates#407
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular-eeda4633fa

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

Uh oh!

vercel Bot commented Jun 3, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Description
	harden inherit definition feature against polluted prototypes
	use Object.create(null) for LOCALE_DATA as a hardening measure

Commit	Description
	throw on suspicious URLs and restrict protocol-relative URLs
	update domino to latest version

Commit	Description
	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
	prevent namespaced SVG elements from being stripped
	sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
	strip namespaced SVG script elements during template compilation (#68925)

Commit	Description
	normalize tag names in runtime i18n attribute security context lookup (#68925)
	sanitize meta selectors
	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
	synchronize core sanitization schema with compiler (#68925)

Commit	Description
	exclude withCredentials requests from transfer cache
	skip TransferCache for cookie-bearing requests by default

Commit	Description
	prevent SSRF bypasses via backslash URLs in HttpClient
	secure location and document initialization against SSRF and path hijack

Commit	Type	Description
3fd6897a67	fix	harden inherit definition feature against polluted prototypes
7e38336dc7	fix	use Object.create(null) for LOCALE_DATA as a hardening measure

Commit	Type	Description
66821c4ed5	fix	throw on suspicious URLs and restrict protocol-relative URLs
d3170031b6	fix	update domino to latest version

Commit	Type	Description
e2fb854d55	fix	throw on suspicious URLs and restrict protocol-relative URLs
0a8befb493	fix	update domino to latest version

Commit	Type	Description
6ca433e56b	fix	throw on suspicious URLs and restrict protocol-relative URLs
8680b5152f	fix	update domino to latest version

Commit	Type	Description
7f4ac78994	fix	add upper bounds for digitsInfo
300f61feb3	fix	sanitize placeholder

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

21.2.16

common

compiler

core

platform-server

21.2.15

common

compiler

core

http

platform-server

21.2.16 (2026-06-03)

common

compiler

core

platform-server

19.2.25 (2026-06-02)

platform-server

20.3.24 (2026-06-02)

platform-server

21.2.15 (2026-05-28)

common

compiler

21.2.14

21.2.13

21.2.12

material

21.2.11

21.2.10

aria

21.2.14 "amicite-atlas" (2026-06-03)

21.2.13 "21-2-13" (2026-05-27)

21.2.12 "plastic-moose" (2026-05-20)

material

21.2.11 "crystal ball" (2026-05-13)

21.2.10 "metal-wallaby" (2026-05-06)

aria

21.2.16

common

compiler

core

platform-server

21.2.15

common

compiler

core

http

platform-server

21.2.16 (2026-06-03)

common

compiler

core

platform-server

19.2.25 (2026-06-02)

platform-server

20.3.24 (2026-06-02)

platform-server

21.2.15 (2026-05-28)

common

compiler

21.2.16

common

compiler

core

platform-server

21.2.15

common

compiler

core

http

platform-server

21.2.16 (2026-06-03)

common

compiler

core

platform-server

19.2.25 (2026-06-02)

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

vercel Bot commented Jun 3, 2026 •

edited

Loading