Bump the npm_and_yarn group across 2 directories with 9 updates by dependabot[bot] · Pull Request #2989 · google/nomulus

dependabot · 2026-03-26T18:58:50Z

Bumps the npm_and_yarn group with 7 updates in the /console-webapp directory:

Package	From	To
@angular/core	`21.1.5`	`21.2.4`
minimatch	`3.1.2`	`3.1.5`
@hono/node-server	`1.19.9`	`1.19.11`
hono	`4.12.0`	`4.12.9`
immutable	`5.1.4`	`5.1.5`
rollup	`4.58.0`	`4.60.0`
tar	`7.5.9`	`7.5.13`

Bumps the npm_and_yarn group with 2 updates in the /docs/console-endpoints directory: qs and lodash.

Updates @angular/core from 21.1.5 to 21.2.4

Release notes

Sourced from @angular/core's releases.

21.2.4

compiler

Commit Description

disallow translations of iframe src

core

Commit Description

reverts "feat(core): add support for nested animations"

sanitize translated form attributes

VSCode Extension: 21.2.3

This release contains internal refactorings only.

21.2.3

core

Commit Description

ensure definitions compile

include signal debug names in their toString() representation

sanitize translated attribute bindings with interpolations

VSCode Extension: 21.2.2

fix(extension): bundle TypeScript 5.9 internally (da57d1af73)

21.2.2

compiler

Commit Description

prevent mutation of children array in RecursiveVisitor

compiler-cli

Commit Description

always parenthesize object literals in TCB

ignore generated ngDevMode signal branch for code coverage

forms

Commit Description

add 'blur' option to debounce rule

VSCode Extension: 21.2.1

perf(language-service): use lightweight project warmup for Angular analysis (d2137928e8)

21.2.1

core

Commit Description

adds transfer cache to httpResource to fix hydration

prevent child animation elements from being orphaned

Prevent removal of elements during drag and drop

... (truncated)

Changelog

Sourced from @angular/core's changelog.

21.2.4 (2026-03-12)

compiler

Commit Type Description

ed2d324f9c fix disallow translations of iframe src

core

Commit Type Description

abbd8797bb fix reverts "feat(core): add support for nested animations"

d1dcd16c5b fix sanitize translated form attributes

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

createNgModuleRef was removed, use createNgModule instead

core

Commit Type Description

b918beda32 feat allow debouncing signals

f9ede9ec98 fix ensure definitions compile

b401c18674 fix include signal debug names in their toString() representation

8630319f74 fix sanitize translated attribute bindings with interpolations

36936872c9 refactor remove createNgModuleRef

forms

Commit Type Description

3e7ce0dafc fix restrict SignalFormsConfig to a readonly API

language-service

Commit Type Description

5a6d88626b feat add angular template inlay hints support

21.2.3 (2026-03-11)

core

Commit Type Description

62a97f7e4b fix ensure definitions compile

21b1c3b2ee fix include signal debug names in their toString() representation

224e60ecb1 fix sanitize translated attribute bindings with interpolations

21.2.2 (2026-03-09)

... (truncated)

Commits

d1dcd16 fix(core): sanitize translated form attributes
abbd879 fix(core): reverts "feat(core): add support for nested animations"
7907e98 test: remove duplicate tests
21b1c3b fix(core): include signal debug names in their toString() representation
6c73aac refactor(common): Removes unused generic type parameters from KeyValueDiffers
c98eab7 refactor(core): remove old resource params
7513558 docs: combine multiple documentation improvements into one PR
575f302 refactor(core): interface cleanup
224e60e fix(core): sanitize translated attribute bindings with interpolations
09638ec docs(core): clarify provideZoneChangeDetection usage in v21+
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates @hono/node-server from 1.19.9 to 1.19.11

Release notes

Sourced from @hono/node-server's releases.

v1.19.11

What's Changed

fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

ecd4d6b 1.19.11
c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
2f8ca36 1.19.10
455015b Merge commit from fork
cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
58c4412 chore: Adding LICENSE file with MIT license referenced in README.md (#297)
b1daa4c docs(readme): add @usualoma as an author (#300)
See full diff in compare view

Updates hono from 4.12.0 to 4.12.9

Release notes

Sourced from hono's releases.

v4.12.9

What's Changed

fix(request): remove parseBody from bodyCache to prevent TypeError by @yusukebe in honojs/hono#4807

feat(client): add PickResponseByStatusCode type by @yusukebe in honojs/hono#4791

fix(ssg): pass SSG_CONTEXT to forGetInfoURLRequest by @yuintei in honojs/hono#4810

fix(service-worker): make fire() fallback behavior consistent with handle() by @yusukebe in honojs/hono#4821

fix(cors): reflect request origin when credentials is true with wildcard by @ctonneslan in honojs/hono#4813

New Contributors

@yuintei made their first contribution in honojs/hono#4810

@ctonneslan made their first contribution in honojs/hono#4813

Full Changelog: honojs/hono@v4.12.8...v4.12.9

v4.12.8

What's Changed

fix(utils/mime): Normalize input extension to lowercase before MIME check by @TheEssem in honojs/hono#4800

fix(bearer-auth): escape regex metacharacters in bearer auth prefix option by @otoneko1102 in honojs/hono#4750

New Contributors

@TheEssem made their first contribution in honojs/hono#4800

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

fix(accept): replace regex split to mitigate ReDoS by @EdamAme-x in honojs/hono#4758

fix(jsx): align link hoisting and dedupe with React 19 by @usualoma in honojs/hono#4792

chore(builld): tsconfig project references by @BarryThePenguin in honojs/hono#4797

chore: add tsconfig.spec.json by @yusukebe in honojs/hono#4798

feat(jsx-renderer): support function-based options by @3w36zj6 in honojs/hono#4780

fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @t0waxx in honojs/hono#4782

New Contributors

@t0waxx made their first contribution in honojs/hono#4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

v4.12.5

What's Changed

fix(request): return string | undefined from param() when path type is any by @andrewdamelio in honojs/hono#4723

... (truncated)

Commits

e1ae0eb 4.12.9
66fe9fe fix(cors): reflect request origin when credentials is true with wildcard (#4813)
50e2611 fix(service-worker): make fire() fallback behavior consistent with `handle(...
be85106 fix(ssg): pass SSG_CONTEXT to forGetInfoURLRequest (#4810)
d1722e3 feat(client): add PickResponseByStatusCode type (#4791)
8bd9ddd fix(request): remove parseBody from bodyCache to prevent TypeError (#4807)
fe689ec 4.12.8
0c0bf8d fix(bearer-auth): escape regex metacharacters in bearer auth prefix option (#...
488ea6a fix(utils/mime): Normalize input extension to lowercase before MIME check (#4...
b0aba5b 4.12.7
Additional commits viewable in compare view

Updates immutable from 5.1.4 to 5.1.5

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Upgrade devtools and use immutable version by @jdeniau in immutable-js/immutable-js#2158

Full Changelog: immutable-js/immutable-js@v5.1.4...v5.1.5

Changelog

Sourced from immutable's changelog.

5.1.5

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Commits

b37b855 5.1.5
16b3313 Merge commit from fork
fd2ef49 fix new proto key injection
6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
5f3dc61 Bump rollup from 4.34.8 to 4.59.0
049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
2481a77 Merge pull request #2172 from mrazauskas/update-tstyche
eb04779 Bump lodash from 4.17.21 to 4.17.23
b973bf3 format
Additional commits viewable in compare view

Updates rollup from 4.58.0 to 4.60.0

Release notes

Sourced from rollup's releases.

v4.60.0

4.60.0

2026-03-22

Features

Support source phase imports as long as they are external (#6279)

Pull Requests

#6279: feat: external only Source Phase imports support (@guybedford, @lukastaegert)

v4.59.1

4.59.1

2026-03-21

Bug Fixes

Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

#6281: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6282: chore(deps): update github artifact actions (major) (@renovate[bot], @lukastaegert)

#6283: chore(deps): update dependency nyc to v18 (@renovate[bot], @lukastaegert)

#6284: fix(deps): update swc monorepo (major) (@renovate[bot])

#6285: chore(deps): lock file maintenance (@renovate[bot])

#6290: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6291: chore(deps): update dependency @shikijs/vitepress-twoslash to v4 (@renovate[bot])

#6292: chore(deps): lock file maintenance (@renovate[bot])

#6297: chore(deps): update minor/patch updates (@renovate[bot])

#6298: chore(deps): lock file maintenance (@renovate[bot])

#6299: chore(deps): lock file maintenance (@renovate[bot])

#6300: docs: update packagephobia link (@bluwy)

#6301: chore(deps): update dependency lint-staged to ^16.3.3 (@renovate[bot])

#6306: fix: fix chunk assignment for deoptimized module with dynamic import (@JoaoBrlt, @lukastaegert)

#6307: chore(deps): update minor/patch updates (@renovate[bot])

#6308: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6309: chore(deps): update dependency vite to v8 (@renovate[bot])

#6310: chore(deps): lock file maintenance (@renovate[bot])

#6311: chore(deps): lock file maintenance (@renovate[bot])

#6312: chore(deps): lock file maintenance (@renovate[bot])

v4.59.0

4.59.0

2026-02-22

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.0

2026-03-22

Features

Support source phase imports as long as they are external (#6279)

Pull Requests

#6279: feat: external only Source Phase imports support (@guybedford, @lukastaegert)

4.59.1

2026-03-21

Bug Fixes

Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

#6281: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6282: chore(deps): update github artifact actions (major) (@renovate[bot], @lukastaegert)

#6283: chore(deps): update dependency nyc to v18 (@renovate[bot], @lukastaegert)

#6284: fix(deps): update swc monorepo (major) (@renovate[bot])

#6285: chore(deps): lock file maintenance (@renovate[bot])

#6290: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6291: chore(deps): update dependency @shikijs/vitepress-twoslash to v4 (@renovate[bot])

#6292: chore(deps): lock file maintenance (@renovate[bot])

#6297: chore(deps): update minor/patch updates (@renovate[bot])

#6298: chore(deps): lock file maintenance (@renovate[bot])

#6299: chore(deps): lock file maintenance (@renovate[bot])

#6300: docs: update packagephobia link (@bluwy)

#6301: chore(deps): update dependency lint-staged to ^16.3.3 (@renovate[bot])

#6306: fix: fix chunk assignment for deoptimized module with dynamic import (@JoaoBrlt, @lukastaegert)

#6307: chore(deps): update minor/patch updates (@renovate[bot])

#6308: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6309: chore(deps): update dependency vite to v8 (@renovate[bot])

#6310: chore(deps): lock file maintenance (@renovate[bot])

#6311: chore(deps): lock file maintenance (@renovate[bot])

#6312: chore(deps): lock file maintenance (@renovate[bot])

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

... (truncated)

Commits

6ecd69f 4.60.0
6b725b9 feat: external only Source Phase imports support (#6279)
0cba9e0 4.59.1
4eeea29 Pin Vite
1cd49ae fix: fix chunk assignment for deoptimized module with dynamic import (#6306)
c9dabc3 Downgrade Vite
d46200f chore(deps): update dependency vite to v8 (#6309)
aa6c853 chore(deps): update dependency lru-cache to v11 (#6308)
4208811 chore(deps): lock file maintenance (#6312)
5348a82 chore(deps): lock file maintenance (#6311)
Additional commits viewable in compare view

Updates tar from 7.5.9 to 7.5.13

Commits

d6611ae 7.5.13
119c401 fix(extract): prevent raced symlink writes outside cwd
2a294d3 7.5.12
01082a4 fix: reject top promise on floating addFilesAsync rejections
dd1c36a linting
35a1ffe doc: more clarity in security warning
bf776f6 7.5.11
f48b5fa prevent escaping symlinks with drive-relative paths
97cff15 docs: more security info
2b72abc 7.5.10
Additional commits viewable in compare view

Updates qs from 6.11.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

... (truncated)

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates qs from 6.11.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

... (truncated)

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

This change is

Bumps the npm_and_yarn group with 7 updates in the /console-webapp directory: | Package | From | To | | --- | --- | --- | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.1.5` | `21.2.4` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.11` | | [hono](https://github.com/honojs/hono) | `4.12.0` | `4.12.9` | | [immutable](https://github.com/immutable-js/immutable-js) | `5.1.4` | `5.1.5` | | [rollup](https://github.com/rollup/rollup) | `4.58.0` | `4.60.0` | | [tar](https://github.com/isaacs/node-tar) | `7.5.9` | `7.5.13` | Bumps the npm_and_yarn group with 2 updates in the /docs/console-endpoints directory: [qs](https://github.com/ljharb/qs) and [lodash](https://github.com/lodash/lodash). Updates `@angular/core` from 21.1.5 to 21.2.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.4/packages/core) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `@hono/node-server` from 1.19.9 to 1.19.11 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.11) Updates `hono` from 4.12.0 to 4.12.9 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.0...v4.12.9) Updates `immutable` from 5.1.4 to 5.1.5 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v5.1.4...v5.1.5) Updates `rollup` from 4.58.0 to 4.60.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.58.0...v4.60.0) Updates `tar` from 7.5.9 to 7.5.13 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.9...v7.5.13) Updates `qs` from 6.11.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.1...v6.15.0) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `qs` from 6.11.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.1...v6.15.0) --- updated-dependencies: - dependency-name: "@angular/core" dependency-version: 21.2.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 5.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.60.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 26, 2026

dependabot bot mentioned this pull request Mar 26, 2026

Bump the npm_and_yarn group across 2 directories with 9 updates #2980

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 9 updates#2989

Bump the npm_and_yarn group across 2 directories with 9 updates#2989
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/console-webapp/npm_and_yarn-088f4a6f2e

dependabot bot commented on behalf of github Mar 26, 2026 •

edited by gbrodman

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Description
	reverts "feat(core): add support for nested animations"
	sanitize translated form attributes

Commit	Description
	ensure definitions compile
	include signal debug names in their `toString()` representation
	sanitize translated attribute bindings with interpolations

Commit	Description
	always parenthesize object literals in TCB
	ignore generated ngDevMode signal branch for code coverage

Commit	Description
	adds transfer cache to httpResource to fix hydration
	prevent child animation elements from being orphaned
	Prevent removal of elements during drag and drop

Commit	Type	Description
abbd8797bb	fix	reverts "feat(core): add support for nested animations"
d1dcd16c5b	fix	sanitize translated form attributes

Commit	Type	Description
b918beda32	feat	allow debouncing signals
f9ede9ec98	fix	ensure definitions compile
b401c18674	fix	include signal debug names in their `toString()` representation
8630319f74	fix	sanitize translated attribute bindings with interpolations
36936872c9	refactor	remove `createNgModuleRef`

Commit	Type	Description
62a97f7e4b	fix	ensure definitions compile
21b1c3b2ee	fix	include signal debug names in their `toString()` representation
224e60ecb1	fix	sanitize translated attribute bindings with interpolations

Conversation

dependabot bot commented on behalf of github Mar 26, 2026 • edited by gbrodman Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

21.2.4

compiler

core

VSCode Extension: 21.2.3

21.2.3

core

VSCode Extension: 21.2.2

21.2.2

compiler

compiler-cli

forms

VSCode Extension: 21.2.1

21.2.1

core

21.2.4 (2026-03-12)

compiler

core

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

core

forms

language-service

21.2.3 (2026-03-11)

core

21.2.2 (2026-03-09)

v1.19.11

What's Changed

v1.19.10

Security Fix

v4.12.9

What's Changed

New Contributors

v4.12.8

What's Changed

New Contributors

v4.12.7

Security hardening

v4.12.6

What's Changed

New Contributors

v4.12.5

What's Changed

v5.1.5

What's Changed

5.1.5

v4.60.0

4.60.0

Features

Pull Requests

v4.59.1

4.59.1

Bug Fixes

Pull Requests

v4.59.0

4.59.0

4.60.0

Features

Pull Requests

4.59.1

Bug Fixes

Pull Requests

4.59.0

Features

6.15.0

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

6.13.1

6.15.0

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

dependabot bot commented on behalf of github Mar 26, 2026 •

edited by gbrodman

Loading