Skip to content

Bump the zeppelin-web-angular-security-updates group across 1 directory with 6 updates#5221

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/zeppelin-web-angular/zeppelin-web-angular-security-updates-58fb326068
Open

Bump the zeppelin-web-angular-security-updates group across 1 directory with 6 updates#5221
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/zeppelin-web-angular/zeppelin-web-angular-security-updates-58fb326068

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026
edited
Loading

Bumps the zeppelin-web-angular-security-updates group with 6 updates in the /zeppelin-web-angular directory:

Package From To
@angular/common 13.4.0 21.2.14
@angular/compiler 13.4.0 21.2.14
@angular/core 13.4.0 21.2.14
@tootallnate/once 1.1.2 removed
rollup 0.25.8 4.60.4
follow-redirects 1.15.11 1.16.0

Updates @angular/common from 13.4.0 to 21.2.14

Release notes

Sourced from @​angular/common's releases.

21.2.14

compiler

Commit Description
fix - 68282dff9f strip namespaced SVG script elements during template compilation

core

Commit Description
fix - c0f52272ed do not insert todo when migrating void @​Output
fix - 938a7f3edd makes resource URL sanitizer lookup case-insensitive
fix - 0fb2724194 reject script element as a dynamic component host
fix - 49113ac0ef visit ICU expressions in signal migration schematics

router

Commit Description
fix - 099bf577ee skip scroll-to-top on initial navigation when hydrating

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.12

core

Commit Description
fix - fe13bb669d allow explicit read generic with signal input transforms
fix - 3430251fef i18n flags leaking on errors
fix - 1aeebbe304 respect ngSkipHydration on components with projectable nodes in LContainers
fix - 9e38ed7d57 sanitizer typings
fix - 7a05a9a71a validate security-sensitive attributes in i18n bindings
fix - c37f6ca42f visit ng-let expression value in signal migration schematics

forms

Commit Description
fix - 03ad53863b prohibit concurrent submits in signal forms

21.2.11

common

Commit Description
fix - 10ad3c0692 prevent focus from scrollToAnchor

compiler

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.14 (2026-05-20)

compiler

Commit Type Description
68282dff9f fix strip namespaced SVG script elements during template compilation

core

Commit Type Description
c0f52272ed fix do not insert todo when migrating void @​Output
938a7f3edd fix makes resource URL sanitizer lookup case-insensitive
0fb2724194 fix reject script element as a dynamic component host
49113ac0ef fix visit ICU expressions in signal migration schematics

router

Commit Type Description
099bf577ee fix skip scroll-to-top on initial navigation when hydrating

22.0.0-rc.0 (2026-05-13)

compiler

Commit Type Description
c7aef8ec5d fix enforce parentheses containing arguments for :host-context
8a1533c9ad fix preserve leading commas in animation definitions
194f723f66 fix remove dedicated support for legacy shadow DOM selectors
4c25a42e98 fix remove deprecated shadow CSS encapsulation polyfills
7dc1017e51 fix simplify handling of colon host with a selector list
ccb7d427e4 fix type check invalid for loops

platform-server

Commit Type Description
119a19e604 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

... (truncated)

Commits
  • 30cf85f refactor(common): update deprecation message
  • 42d57c3 refactor(common): fix viewport tests
  • 10ad3c0 fix(common): prevent focus from scrollToAnchor
  • 540536c fix(http): add CSP nonce support to JsonpClientBackend
  • 8102331 test(http): disable XSRF and mock location in HttpClient tests to avoid Domin...
  • 13f050d test: construct local Date objects to fix timezone flakiness
  • d0cf299 test: remove unsupported timezone from formatDate tests
  • b4ab6ba fix(common): avoid redundant image fetch on destroy with auto sizes
  • adda6c5 build: update aspect_rules_js to 3.0.2
  • 93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
  • Additional commits viewable in compare view

Updates @angular/compiler from 13.4.0 to 21.2.14

Release notes

Sourced from @​angular/compiler's releases.

21.2.14

compiler

Commit Description
fix - 68282dff9f strip namespaced SVG script elements during template compilation

core

Commit Description
fix - c0f52272ed do not insert todo when migrating void @​Output
fix - 938a7f3edd makes resource URL sanitizer lookup case-insensitive
fix - 0fb2724194 reject script element as a dynamic component host
fix - 49113ac0ef visit ICU expressions in signal migration schematics

router

Commit Description
fix - 099bf577ee skip scroll-to-top on initial navigation when hydrating

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.12

core

Commit Description
fix - fe13bb669d allow explicit read generic with signal input transforms
fix - 3430251fef i18n flags leaking on errors
fix - 1aeebbe304 respect ngSkipHydration on components with projectable nodes in LContainers
fix - 9e38ed7d57 sanitizer typings
fix - 7a05a9a71a validate security-sensitive attributes in i18n bindings
fix - c37f6ca42f visit ng-let expression value in signal migration schematics

forms

Commit Description
fix - 03ad53863b prohibit concurrent submits in signal forms

21.2.11

common

Commit Description
fix - 10ad3c0692 prevent focus from scrollToAnchor

compiler

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.14 (2026-05-20)

compiler

Commit Type Description
68282dff9f fix strip namespaced SVG script elements during template compilation

core

Commit Type Description
c0f52272ed fix do not insert todo when migrating void @​Output
938a7f3edd fix makes resource URL sanitizer lookup case-insensitive
0fb2724194 fix reject script element as a dynamic component host
49113ac0ef fix visit ICU expressions in signal migration schematics

router

Commit Type Description
099bf577ee fix skip scroll-to-top on initial navigation when hydrating

22.0.0-rc.0 (2026-05-13)

compiler

Commit Type Description
c7aef8ec5d fix enforce parentheses containing arguments for :host-context
8a1533c9ad fix preserve leading commas in animation definitions
194f723f66 fix remove dedicated support for legacy shadow DOM selectors
4c25a42e98 fix remove deprecated shadow CSS encapsulation polyfills
7dc1017e51 fix simplify handling of colon host with a selector list
ccb7d427e4 fix type check invalid for loops

platform-server

Commit Type Description
119a19e604 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

... (truncated)

Commits
  • 68282df fix(compiler): strip namespaced SVG script elements during template compilation
  • 6652ec0 refactor(core): align namespaced attribute validation and security schema con...
  • baf92da test: remove invalid css that was causing issues with the postcss parser
  • 1c6553e fix(core): disallow event attribute bindings in host bindings unconditionally
  • 4f5d8a2 fix(compiler): let declaration span not including end character
  • a4f3120 refactor(compiler): require a reference in DirectiveMeta
  • de533fe refactor(compiler-cli): move ClassPropertyMapping into compiler
  • ea1e34c refactor(compiler): move matchSource into base metadata
  • e40d378 fix(compiler): handle nested brackets in host object bindings
  • d04ddd7 fix(core): prevent binding unsafe attributes on SVG animation elements (#67797)
  • Additional commits viewable in compare view

Updates @angular/core from 13.4.0 to 21.2.14

Release notes

Sourced from @​angular/core's releases.

21.2.14

compiler

Commit Description
fix - 68282dff9f strip namespaced SVG script elements during template compilation

core

Commit Description
fix - c0f52272ed do not insert todo when migrating void @​Output
fix - 938a7f3edd makes resource URL sanitizer lookup case-insensitive
fix - 0fb2724194 reject script element as a dynamic component host
fix - 49113ac0ef visit ICU expressions in signal migration schematics

router

Commit Description
fix - 099bf577ee skip scroll-to-top on initial navigation when hydrating

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.12

core

Commit Description
fix - fe13bb669d allow explicit read generic with signal input transforms
fix - 3430251fef i18n flags leaking on errors
fix - 1aeebbe304 respect ngSkipHydration on components with projectable nodes in LContainers
fix - 9e38ed7d57 sanitizer typings
fix - 7a05a9a71a validate security-sensitive attributes in i18n bindings
fix - c37f6ca42f visit ng-let expression value in signal migration schematics

forms

Commit Description
fix - 03ad53863b prohibit concurrent submits in signal forms

21.2.11

common

Commit Description
fix - 10ad3c0692 prevent focus from scrollToAnchor

compiler

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.14 (2026-05-20)

compiler

Commit Type Description
68282dff9f fix strip namespaced SVG script elements during template compilation

core

Commit Type Description
c0f52272ed fix do not insert todo when migrating void @​Output
938a7f3edd fix makes resource URL sanitizer lookup case-insensitive
0fb2724194 fix reject script element as a dynamic component host
49113ac0ef fix visit ICU expressions in signal migration schematics

router

Commit Type Description
099bf577ee fix skip scroll-to-top on initial navigation when hydrating

22.0.0-rc.0 (2026-05-13)

compiler

Commit Type Description
c7aef8ec5d fix enforce parentheses containing arguments for :host-context
8a1533c9ad fix preserve leading commas in animation definitions
194f723f66 fix remove dedicated support for legacy shadow DOM selectors
4c25a42e98 fix remove deprecated shadow CSS encapsulation polyfills
7dc1017e51 fix simplify handling of colon host with a selector list
ccb7d427e4 fix type check invalid for loops

platform-server

Commit Type Description
119a19e604 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

... (truncated)

Commits
  • 1d6e71d docs: clarify ngDoCheck invocation behavior with OnPush strategy
  • 49113ac fix(core): visit ICU expressions in signal migration schematics
  • 68282df fix(compiler): strip namespaced SVG script elements during template compilation
  • c0f5227 fix(core): do not insert todo when migrating void @​Output
  • 0fb2724 fix(core): reject script element as a dynamic component host
  • 6652ec0 refactor(core): align namespaced attribute validation and security schema con...
  • 938a7f3 fix(core): makes resource URL sanitizer lookup case-insensitive
  • 1c6553e fix(core): disallow event attribute bindings in host bindings unconditionally
  • 9e38ed7 fix(core): sanitizer typings
  • 3430251 fix(core): i18n flags leaking on errors
  • Additional commits viewable in compare view

Removes @tootallnate/once

Updates rollup from 0.25.8 to 4.60.4

Release notes

Sourced from rollup's releases.

v4.60.4

4.60.4

2026-05-14

Bug Fixes

  • Improve stability of chunk hashes (#6362)

Pull Requests

v4.60.2

4.60.2

2026-04-18

Bug Fixes

  • Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

v4.60.1

4.60.1

... (truncated)

Changelog

Sourced from rollup's changelog.

rollup changelog

0.68.2

2018-12-23

Bug Fixes

  • Do not assume hoisted variables to have been initialized (#2607)

Pull Requests

  • #2607: Fix an issues where hoisted variables were assumed to have been initialized (@​lye)

0.68.1

2018-12-19

Bug Fixes

  • Fix an issue with UMD wrappers where a variable is used without being defined (#2600)

Pull Requests

  • #2600: Fix UMD and IIFE wrapper issues and add comprehensive functional wrapper tests (@​lukastaegert)

0.68.0

2018-12-16

Breaking Changes

  • optimizeChunks is renamed to experimentalOptimizeChunks to reflect this feature is not production-ready yet ( #2575)

Features

  • Plugins can iterate all module ids via this.moduleIds (#2565)
  • Plugins can get graph information about a module via this.getModuleInfo(id) (#2565)
  • Plugins and JS API users get more information about the generated chunks: dynamicImports, facadeModuleId, isDynamicEntry, name (#2575)
  • Tree-shaken dynamic imports will no longer create chunks or influence chunking in any way (#2575)
  • Dynamic imports will no longer follow the entryFileNames but the chunkFileNames property reflecting those are solely internally used (#2575)
  • If there are chunk naming conflicts, entry chunks will always take precedence (#2575)
  • If an entry facade is created, only the facade chunk is marked as isEntry (#2575)
  • Dynamic chunks will only be marked as isEntry if they are actually entry chunks as well; thus there is now a 1-to-1 correspondence between modules listed in input and chunks marked as isEntry (#2575)
  • Chunks no longer contain imports for variables that are tree-shaken in the chunk but used in other chunks (#2584)
  • Chunks will always import re-exported variables directly from the chunk where they are originally exported from ( #2584)
  • Null characters will be pruned from chunk ids to allow for virtually created chunks and make rollup-plugin-multi-entry compatible with code-splitting and thus the upcoming 1.0 version (#2590)
  • Simplify the UMD wrapper code as much as possible, especially if there are no exports (#2594)
  • The UMD wrapper will now work in strict mode by checking for self before this when determining the global variable (#2594)

... (truncated)

Commits
  • d311a84 4.60.4
  • 6aa3248 fix: stabilize chunk assignment across parallel file reads (#6362)
  • 82a0fe7 Resolve vulnerabilities (#6375)
  • 71f5ebc chore(deps): update dependency lru-cache to v11 (#6371)
  • af91d77 chore(deps): lock file maintenance (#6373)
  • 65e7b94 chore(deps): update react monorepo to v19 (major) (#6372)
  • 642587f fix(deps): update minor/patch updates (#6370)
  • b47bdab 4.60.3
  • 15c5f33 Add again some unneeded dev dependencies, to make some builds succeed
  • 12195dc fix: do not rename nested "exports" bindings that do not conflict (#6360)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for rollup since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates follow-redirects from 1.15.11 to 1.16.0

Commits
  • 0c23a22 Release version 1.16.0 of the npm package.
  • 844c4d3 Add sensitiveHeaders option.
  • 5e8b8d0 ci: add Node.js 24.x to the CI matrix
  • 7953e22 ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6
  • 86dc1f8 Sanitizing input.
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 23, 2026
@tbonelee
Copy link
Copy Markdown
Contributor

tbonelee commented May 24, 2026

@dependabot rebase

@dependabot
Bump the zeppelin-web-angular-security-updates group across 1 directo…
c68b41b 
…ry with 6 updates

Bumps the zeppelin-web-angular-security-updates group with 6 updates in the /zeppelin-web-angular directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `13.4.0` | `21.2.14` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `13.4.0` | `21.2.14` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `13.4.0` | `21.2.14` |
| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `removed` |
| [rollup](https://github.com/rollup/rollup) | `0.25.8` | `4.60.4` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |



Updates `@angular/common` from 13.4.0 to 21.2.14
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.14/packages/common)

Updates `@angular/compiler` from 13.4.0 to 21.2.14
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.14/packages/compiler)

Updates `@angular/core` from 13.4.0 to 21.2.14
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.14/packages/core)

Removes `@tootallnate/once`

Updates `rollup` from 0.25.8 to 4.60.4
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-0.md)
- [Commits](rollup/rollup@v0.25.8...v4.60.4)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 21.2.10
  dependency-type: direct:production
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.10
  dependency-type: direct:production
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: "@angular/core"
  dependency-version: 21.2.10
  dependency-type: direct:production
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: "@tootallnate/once"
  dependency-version:
  dependency-type: indirect
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: rollup
  dependency-version: 4.60.2
  dependency-type: indirect
  dependency-group: zeppelin-web-angular-security-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/zeppelin-web-angular/zeppelin-web-angular-security-updates-58fb326068 branch from c5af31a to c68b41b Compare May 24, 2026 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tbonelee