Skip to content

chore(deps): bump @angular/common from 21.0.9 to 21.2.17 in /src/adminWeb#27

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/src/adminWeb/angular/common-21.2.17
Open

chore(deps): bump @angular/common from 21.0.9 to 21.2.17 in /src/adminWeb#27
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/src/adminWeb/angular/common-21.2.17

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown

Bumps @angular/common from 21.0.9 to 21.2.17.

Release notes

Sourced from @​angular/common's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • 86a56dc fix(common): Limits date format string length
  • bcb1b7e fix(http): preserve empty referrer option in HttpRequest
  • a810a31 fix(http): Rejects non-HTTP(S) URLs in JSONP requests
  • bc55749 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • d846326 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e245d40 fix(http): skip transfer cache for fetch credentialed requests
  • f6d8e64 fix(common): only strip a literal /index.html suffix from URLs
  • 582a417 fix(http): exclude withCredentials requests from transfer cache
  • 5c6d6df fix(http): skip TransferCache for cookie-bearing requests by default
  • 300f61f fix(common): sanitize placeholder
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Open in Devin Review

Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 21.0.9 to 21.2.17.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/common)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 21.2.17
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 2 potential issues.

Open in Devin Review

Comment thread src/adminWeb/package.json
"@angular/animations": "~21.0.0",
"@angular/aria": "~21.1.0",
"@angular/common": "~21.0.0",
"@angular/common": "~21.2.17",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Angular package version mismatch: @angular/common at ~21.2.17 while all other @angular/ packages are at ~21.0.0*

@angular/common was bumped to ~21.2.17 but every other @angular/* package in the file remains at ~21.0.0 (e.g., @angular/core, @angular/compiler, @angular/forms, @angular/router, @angular/platform-browser, etc.). Angular requires all its core framework packages to be on the same minor version. With the tilde (~) operator, ~21.0.0 resolves to >=21.0.0 <21.1.0 while ~21.2.17 resolves to >=21.2.17 <21.3.0, making it impossible for these packages to align. This will cause peer dependency errors during npm install and can lead to runtime incompatibilities. If the intent was to upgrade Angular, all @angular/* packages should be updated together.

Suggested change
"@angular/common": "~21.2.17",
"@angular/common": "~21.0.0",
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Comment thread src/adminWeb/package.json
@@ -23,7 +23,7 @@
"@abp/ng.theme.shared": "~10.2.0",
"@angular/animations": "~21.0.0",
"@angular/aria": "~21.1.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚩 @angular/aria is also on a different minor version (~21.1.0)

While auditing the Angular version consistency, note that @angular/aria at line 25 is already at ~21.1.0, which is also misaligned with the ~21.0.0 used by the other core Angular packages. This pre-existing inconsistency wasn't introduced by this PR but compounds the version mismatch problem. If the intent is to keep all Angular packages aligned, @angular/aria should also be reviewed.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant