chore(deps): bump @angular/common from 21.0.9 to 21.2.17 in /src/adminWeb#27
Conversation
Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 21.0.9 to 21.2.17. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/common) --- updated-dependencies: - dependency-name: "@angular/common" dependency-version: 21.2.17 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
|
|
| "@angular/animations": "~21.0.0", | ||
| "@angular/aria": "~21.1.0", | ||
| "@angular/common": "~21.0.0", | ||
| "@angular/common": "~21.2.17", |
There was a problem hiding this comment.
🔴 Angular package version mismatch: @angular/common at ~21.2.17 while all other @angular/ packages are at ~21.0.0*
@angular/common was bumped to ~21.2.17 but every other @angular/* package in the file remains at ~21.0.0 (e.g., @angular/core, @angular/compiler, @angular/forms, @angular/router, @angular/platform-browser, etc.). Angular requires all its core framework packages to be on the same minor version. With the tilde (~) operator, ~21.0.0 resolves to >=21.0.0 <21.1.0 while ~21.2.17 resolves to >=21.2.17 <21.3.0, making it impossible for these packages to align. This will cause peer dependency errors during npm install and can lead to runtime incompatibilities. If the intent was to upgrade Angular, all @angular/* packages should be updated together.
| "@angular/common": "~21.2.17", | |
| "@angular/common": "~21.0.0", |
Was this helpful? React with 👍 or 👎 to provide feedback.
| @@ -23,7 +23,7 @@ | |||
| "@abp/ng.theme.shared": "~10.2.0", | |||
| "@angular/animations": "~21.0.0", | |||
| "@angular/aria": "~21.1.0", | |||
There was a problem hiding this comment.
🚩 @angular/aria is also on a different minor version (~21.1.0)
While auditing the Angular version consistency, note that @angular/aria at line 25 is already at ~21.1.0, which is also misaligned with the ~21.0.0 used by the other core Angular packages. This pre-existing inconsistency wasn't introduced by this PR but compounds the version mismatch problem. If the intent is to keep all Angular packages aligned, @angular/aria should also be reviewed.
Was this helpful? React with 👍 or 👎 to provide feedback.
Bumps @angular/common from 21.0.9 to 21.2.17.
Release notes
Sourced from @angular/common's releases.
... (truncated)
Changelog
Sourced from @angular/common's changelog.
... (truncated)
Commits
86a56dcfix(common): Limits date format string lengthbcb1b7efix(http): preserve empty referrer option in HttpRequesta810a31fix(http): Rejects non-HTTP(S) URLs in JSONP requestsbc55749fix(common): use cryptographically secure SHA-256 for transfer cache key gene...d846326fix(common): skip transfer cache for uncacheable HTTP traffice245d40fix(http): skip transfer cache for fetch credentialed requestsf6d8e64fix(common): only strip a literal /index.html suffix from URLs582a417fix(http): exclude withCredentials requests from transfer cache5c6d6dffix(http): skip TransferCache for cookie-bearing requests by default300f61ffix(common): sanitize placeholderDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.