Skip to content

Bump @angular/core, @angular/animations, @angular/cdk, @angular/common, @angular/forms, @angular/material, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router in /todo-ai#1024

Open
dependabot[bot] wants to merge 1 commit into
gh-pagesfrom
dependabot/npm_and_yarn/todo-ai/multi-3d5a4bc099
Open

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/core, @angular/animations, @angular/cdk, @angular/common, @angular/forms, @angular/material, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router. These dependencies needed to be updated together.
Updates @angular/core from 19.0.3 to 22.0.1

Release notes

Sourced from @​angular/core's releases.

22.0.1

common

Commit Description
fix - c4b5fa3c92 escape CSS string-terminating characters in escapeCssUrl
fix - dfff57ede9 Limits date format string length
fix - 3c2892c8df prevent prototype pollution in formatDateTime
fix - 1d87c49f6e use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - 1ee224ca30 disallow i18n event attributes
fix - a56f1cdf8f more robust logic to check if regex can be optimized
fix - 5946c18275 sanitize href/xlink:href attributes of any element of the MathML namespace
fix - 393b84caf8 sanitize two-way properties

compiler-cli

Commit Description
fix - 3d9ca2f173 bind switch exhaustive check expressions

core

Commit Description
fix - 669146b0e7 disable WebMCP during SSR
fix - 562a566ead Handle synchronous errors in PendingTasks.run function
fix - fa546f382d harden TransferState restoration against DOM clobbering
fix - 29fdb98684 prevent dangling prevConsumer reference from leaking destroyed views (#68681)
fix - cdcea80327 require WebMCP tool descriptions
fix - 4289c4c840 update comment for Default change detection
fix - 3dd433b39a use Object.hasOwn to handle null-prototype objects in toStylingKeyValueArray
fix - 045bb736b3 validate lowercase SVG animation attribute names

forms

Commit Description
fix - 11836a670a delay mcp reading the form model by a tick
fix - 85d2d100e3 harden FormGroup control lookups against prototype shadowing
fix - e51ad374ea remove animationstart listener on component destroy to prevent memory leak
fix - 55b7b5a6b6 set additionalProperties: false on generated WebMCP form

http

Commit Description
fix - ffb06c0514 ensure query parameters are inserted before URL fragments
fix - 2dd65d21e6 pass down the reportUploadProgress and reportDownloadProgress on post/patch requests
fix - 4254eb416c preserve empty referrer option in HttpRequest
fix - 167bd4c162 Rejects non-HTTP(S) URLs in JSONP requests

language-service

Commit Description
fix - 43a0e28729 prevent external template inlay hints from appearing in TS files

platform-server

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

22.0.1 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead. (cherry picked from commit 8446e46f8bc33bd4419fa7f6106b8d117ca2e099)

common

Commit Type Description
c4b5fa3c92 fix escape CSS string-terminating characters in escapeCssUrl
dfff57ede9 fix Limits date format string length
3c2892c8df fix prevent prototype pollution in formatDateTime
1d87c49f6e fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
1ee224ca30 fix disallow i18n event attributes
a56f1cdf8f fix more robust logic to check if regex can be optimized
5946c18275 fix sanitize href/xlink:href attributes of any element of the MathML namespace
393b84caf8 fix sanitize two-way properties

compiler-cli

Commit Type Description
3d9ca2f173 fix bind switch exhaustive check expressions

core

Commit Type Description
669146b0e7 fix disable WebMCP during SSR
562a566ead fix Handle synchronous errors in PendingTasks.run function
fa546f382d fix harden TransferState restoration against DOM clobbering
29fdb98684 fix prevent dangling prevConsumer reference from leaking destroyed views (#68681)
cdcea80327 fix require WebMCP tool descriptions
4289c4c840 fix update comment for Default change detection
3dd433b39a fix use Object.hasOwn to handle null-prototype objects in toStylingKeyValueArray
045bb736b3 fix validate lowercase SVG animation attribute names

forms

Commit Type Description
11836a670a fix delay mcp reading the form model by a tick
85d2d100e3 fix harden FormGroup control lookups against prototype shadowing
e51ad374ea fix remove animationstart listener on component destroy to prevent memory leak
55b7b5a6b6 fix set additionalProperties: false on generated WebMCP form

http

Commit Type Description
ffb06c0514 fix ensure query parameters are inserted before URL fragments
2dd65d21e6 fix pass down the reportUploadProgress and reportDownloadProgress on post/patch requests
4254eb416c fix preserve empty referrer option in HttpRequest
167bd4c162 fix Rejects non-HTTP(S) URLs in JSONP requests

language-service

| Commit | Type | Description |

... (truncated)

Commits
  • 4b0c3b8 refactor(core): Update registerNgModuleType to support codegen typechecking
  • dbf64c8 test(core): fix AI tools test flake
  • 045bb73 fix(core): validate lowercase SVG animation attribute names
  • 1ee224c fix(compiler): disallow i18n event attributes
  • 5946c18 fix(compiler): sanitize href/xlink:href attributes of any element of the ...
  • b1f02eb refactor(core): add internal utility
  • 85d2d10 fix(forms): harden FormGroup control lookups against prototype shadowing
  • 6e3d51d refactor(migrations): Improve safeNavigationMigration heuristic
  • 01ea640 refactor(core): Fix DirectiveDefinition interface to allow abstract classes
  • a704b08 docs: add Signal Forms and v22 guidance to AI best-practices and llms.txt
  • Additional commits viewable in compare view

Updates @angular/animations from 19.0.3 to 22.0.1

Release notes

Sourced from @​angular/animations's releases.

22.0.1

common

Commit Description
fix - c4b5fa3c92 escape CSS string-terminating characters in escapeCssUrl
fix - dfff57ede9 Limits date format string length
fix - 3c2892c8df prevent prototype pollution in formatDateTime
fix - 1d87c49f6e use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - 1ee224ca30 disallow i18n event attributes
fix - a56f1cdf8f more robust logic to check if regex can be optimized
fix - 5946c18275 sanitize href/xlink:href attributes of any element of the MathML namespace
fix - 393b84caf8 sanitize two-way properties

compiler-cli

Commit Description
fix - 3d9ca2f173 bind switch exhaustive check expressions

core

Commit Description
fix - 669146b0e7 disable WebMCP during SSR
fix - 562a566ead Handle synchronous errors in PendingTasks.run function
fix - fa546f382d harden TransferState restoration against DOM clobbering
fix - 29fdb98684 prevent dangling prevConsumer reference from leaking destroyed views (#68681)
fix - cdcea80327 require WebMCP tool descriptions
fix - 4289c4c840 update comment for Default change detection
fix - 3dd433b39a use Object.hasOwn to handle null-prototype objects in toStylingKeyValueArray
fix - 045bb736b3 validate lowercase SVG animation attribute names

forms

Commit Description
fix - 11836a670a delay mcp reading the form model by a tick
fix - 85d2d100e3 harden FormGroup control lookups against prototype shadowing
fix - e51ad374ea remove animationstart listener on component destroy to prevent memory leak
fix - 55b7b5a6b6 set additionalProperties: false on generated WebMCP form

http

Commit Description
fix - ffb06c0514 ensure query parameters are inserted before URL fragments
fix - 2dd65d21e6 pass down the reportUploadProgress and reportDownloadProgress on post/patch requests
fix - 4254eb416c preserve empty referrer option in HttpRequest
fix - 167bd4c162 Rejects non-HTTP(S) URLs in JSONP requests

language-service

Commit Description
fix - 43a0e28729 prevent external template inlay hints from appearing in TS files

platform-server

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/animations's changelog.

22.0.1 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead. (cherry picked from commit 8446e46f8bc33bd4419fa7f6106b8d117ca2e099)

common

Commit Type Description
c4b5fa3c92 fix escape CSS string-terminating characters in escapeCssUrl
dfff57ede9 fix Limits date format string length
3c2892c8df fix prevent prototype pollution in formatDateTime
1d87c49f6e fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
1ee224ca30 fix disallow i18n event attributes
a56f1cdf8f fix more robust logic to check if regex can be optimized
5946c18275 fix sanitize href/xlink:href attributes of any element of the MathML namespace
393b84caf8 fix sanitize two-way properties

compiler-cli

Commit Type Description
3d9ca2f173 fix bind switch exhaustive check expressions

core

Commit Type Description
669146b0e7 fix disable WebMCP during SSR
562a566ead fix Handle synchronous errors in PendingTasks.run function
fa546f382d fix harden TransferState restoration against DOM clobbering
29fdb98684 fix prevent dangling prevConsumer reference from leaking destroyed views (#68681)
cdcea80327 fix require WebMCP tool descriptions
4289c4c840 fix update comment for Default change detection
3dd433b39a fix use Object.hasOwn to handle null-prototype objects in toStylingKeyValueArray
045bb736b3 fix validate lowercase SVG animation attribute names

forms

Commit Type Description
11836a670a fix delay mcp reading the form model by a tick
85d2d100e3 fix harden FormGroup control lookups against prototype shadowing
e51ad374ea fix remove animationstart listener on component destroy to prevent memory leak
55b7b5a6b6 fix set additionalProperties: false on generated WebMCP form

http

Commit Type Description
ffb06c0514 fix ensure query parameters are inserted before URL fragments
2dd65d21e6 fix pass down the reportUploadProgress and reportDownloadProgress on post/patch requests
4254eb416c fix preserve empty referrer option in HttpRequest
167bd4c162 fix Rejects non-HTTP(S) URLs in JSONP requests

language-service

| Commit | Type | Description |

... (truncated)

Commits
  • a97d5ec build: update minimum supported Node.js versions
  • ad717df refactor(core): use the @Service decorator where possible.
  • b8d3f36 feat(compiler-cli): add support for Node.js 26.0.0
  • 6672192 test: remove duplicate tests (#67518)
  • d550bf7 build: update minimum supported Node.js versions
  • 81cabc1 feat(core): add support for TypeScript 6
  • abb1794 refactor(core): mark VERSION exports as pure for better tree-shaking
  • 26fed34 build: format md files
  • b9e2ccd refactor(common): remove unused import (#64699)
  • 70332b0 fix(core): pass element removal property through in all locations (#64565)
  • Additional commits viewable in compare view

Updates @angular/cdk from 19.0.2 to 22.0.1

Release notes

Sourced from @​angular/cdk's releases.

22.0.1

youtube-player

Commit Description
fix - d75a22d69 avoid errors with clobbered variables
fix - fe0a96ce6 validate ID before attaching them to placeholder

material

Commit Description
fix - d7a8cb963 dialog: ignore clicks on aria-disabled close buttons (#33373)
fix - bde3c7621 timepicker: do not allow intervals less than a second (#33354)

cdk

Commit Description
fix - 629aea403 a11y: avoid prototype conflicts in id generator (#33356)
fix - 49aeb676c clipboard: avoid infinite attempt loop (#33366)

aria

Commit Description
fix - 7581b0592 combobox: avoid error for synthetic events (#33360)
fix - 1c4706155 combobox: prevent re-dispatching keyboard event on control target change (#33362)
fix - 96e9ce10c tree: recursive textDirection getter (#33337)

22.0.0

aria

Commit Description
feat - d91f46b4c accordion: introduce accordion harness (#33046)
feat - e3d84f2e0 combobox: add test harnesses (#33194)
feat - 0ca47b4a0 combobox: migrate simple-combobox directly into primary entrypoints (#33206)
feat - 6ec07bc0c grid: add test harnesses (#33081)
feat - 1885d3534 listbox: introduce listbox harness (#33064)
feat - 75fae5275 menu: introduce menu harness (#33067)
feat - c25e6252e tabs: add test harnesses (#33079)
feat - a49508bac toolbar: add test harnesses (#33068)
feat - 30f223972 tree: add test harnesses (#33066)
fix - 91a4932f6 combobox: increases autocomplete demo's placeholder text c… (#33084)
fix - 218a77cf9 combobox: separates placeholder prefixes (#33163)
fix - ce1d9a728 menu: allow menu item role override (#33264)
fix - 196b7064d menu: defer menu item focus in case menus in cdk overlay (#33258)
fix - 6443b79f9 menu: unable to set softDisabled (#33265)

cdk

Commit Description
feat - 1a5d5d101 dialog: add the ability to pass bindings
feat - 24115c021 portal: add directives support to ComponentPortal (#33142)
fix - 7426334c5 a11y: breaking changes for v22
fix - 81c6bbd89 drag-drop: breaking changes for v22
fix - ffb23f6f8 menu: breaking changes for v22
fix - 4c298970e scrolling: make it easier to provide custom scrollable (#33269)

... (truncated)

Changelog

Sourced from @​angular/cdk's changelog.

22.0.1 "argon-apple" (2026-06-10)

aria

Commit Type Description
7581b0592 fix combobox: avoid error for synthetic events (#33360)
1c4706155 fix combobox: prevent re-dispatching keyboard event on control target change (#33362)
96e9ce10c fix tree: recursive textDirection getter (#33337)

cdk

Commit Type Description
629aea403 fix a11y: avoid prototype conflicts in id generator (#33356)
49aeb676c fix clipboard: avoid infinite attempt loop (#33366)

material

Commit Type Description
d7a8cb963 fix dialog: ignore clicks on aria-disabled close buttons (#33373)
bde3c7621 fix timepicker: do not allow intervals less than a second (#33354)

youtube-player

Commit Type Description
d75a22d69 fix avoid errors with clobbered variables
fe0a96ce6 fix validate ID before attaching them to placeholder

22.0.0 "aurostibite-ambulance" (2026-06-03)

Breaking Changes

aria

  • The legacy combobox and autocomplete implementations have been removed. Use the new standalone combobox instead.

    • feat(aria/combobox): promote simple-combobox to stable un-prefixed combobox
    • Relocates public, private, and example directories to clean combobox entry points.
    • Renames internal layout symbols, selectors, and uppercase tokens (SIMPLE_COMBOBOX_POPUP -> COMBOBOX_POPUP).
    • Establishes full documentation extraction parity with the json_api Bazel rule target.
    • Standardizes the accompanying toolbar component showcase into the clean aria-toolbar path.
    • Re-routes dev-app navigation links and migrates public API golden records.

  • SimpleCombobox has been promoted to Combobox. All simple-combobox prefixed symbols, selectors, and tokens have been renamed to use the combobox prefix.

    • refactor(aria/combobox): relocate and restructure autocomplete and toolbar examples Relocate the autocomplete examples to src/components-examples/aria/autocomplete and toolbar examples to src/components-examples/aria/toolbar.
    • Restore naming continuity with the historical codebase by stripping redundant prefixes from example filenames and component selectors.
    • Sync dev-app preview routing layout paths and strict Bazel target dependency links.

cdk

    • CDK_DESCRIBEDBY_HOST_ATTRIBUTE has been removed.
    • CDK_DESCRIBEDBY_ID_PREFIX has been removed.
    • The injector parameter of the ConfigurableFocusTrap and FocusTrap constructors is now required.
    • The boolean parameter of ConfigurableFocusTrapFactory.create has been replaced with a config object.
    • MESSAGES_CONTAINER_ID has been removed.

... (truncated)

Commits

Updates @angular/common from 19.2.16 to 22.0.1

Release notes

Sourced from @​angular/common's releases.

22.0.1

common

Commit Description
fix - c4b5fa3c92 escape CSS string-terminating characters in escapeCssUrl
fix - dfff57ede9 Limits date format string length
fix - 3c2892c8df prevent prototype pollution in formatDateTime
fix - 1d87c49f6e use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - 1ee224ca30 disallow i18n event attributes
fix - a56f1cdf8f more robust logic to check if regex can be optimized
fix - 5946c18275 sanitize href/xlink:href attributes of any element of the MathML namespace
fix - 393b84caf8 sanitize two-way properties

compiler-cli

Commit Description
fix - 3d9ca2f173 bind switch exhaustive check expressions

core

Commit Description
fix - 669146b0e7 disable WebMCP during SSR
fix - 562a566ead Handle synchronous errors in PendingTasks.run function
fix - fa546f382d harden TransferState restoration against DOM clobbering
fix - 29fdb98684 prevent dangling prevConsumer reference from leaking destroyed views (#68681)
fix - cdcea80327 require WebMCP tool descriptions
fix - 4289c4c840 update comment for Default change detection
fix - 3dd433b39a use Object.hasOwn to handle null-prototype objects in toStylingKeyValueArray
fix - 045bb736b3 validate lowercase SVG animation attribute names

forms

Commit Description
fix - 11836a670a delay mcp reading the form model by a tick
fix - 85d2d100e3 harden FormGroup control lookups against prototype shadowing
fix - e51ad374ea remove animationstart listener on component destroy to prevent memory leak
fix - 55b7b5a6b6 set additionalProperties: false on generated WebMCP form

http

Commit Description
fix - ffb06c0514 ensure query parameters are inserted before URL fragments
fix - 2dd65d21e6 pass down the reportUploadProgress and reportDownloadProgress on post/patch requests
fix - 4254eb416c preserve empty referrer option in HttpRequest
fix - 167bd4c162 Rejects non-HTTP(S) URLs in JSONP requests

language-service

Commit Description
fix - 43a0e28729 prevent external template inlay hints from appearing in TS files

platform-server

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

22.0.1 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead. (cherry picked from commit 8446e46f8bc33bd4419fa7f6106b8d117ca2e099)

common

Commit Type Description
c4b5fa3c92 fix escape CSS string-terminating characters in escapeCssUrl
dfff57ede9 fix Limits date format string length
3c2892c8df fix prevent prototype pollution in formatDateTime
1d87c49f6e fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
1ee224ca30 fix disallow i18n event attributes
a56f1cdf8f fix more robust logic to check if regex can be optimized
5946c18275 fix sanitize href/xlink:href attributes of any element of the MathML namespace
393b84caf8 fix sanitize two-way properties

compiler-cli

Commit Type Description
3d9ca2f173 fix bind switch exhaustive check expressions

core

Commit Type Description
669146b0e7 fix disable WebMCP during SSR
562a566ead fix Handle synchronous errors in PendingTasks.run function

@dependabot
Bump @angular/core, @angular/animations, @angular/cdk, @angular/commo…
14af876 
…n, @angular/forms, @angular/material, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router

Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core), [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations), [@angular/cdk](https://github.com/angular/components), [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common), [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms), [@angular/material](https://github.com/angular/components), [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser), [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) and [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router). These dependencies needed to be updated together.

Updates `@angular/core` from 19.0.3 to 22.0.1
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.1/packages/core)

Updates `@angular/animations` from 19.0.3 to 22.0.1
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.1/packages/animations)

Updates `@angular/cdk` from 19.0.2 to 22.0.1
- [Release notes](https://github.com/angular/components/releases)
- [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md)
- [Commits](angular/components@19.0.2...v22.0.1)

Updates `@angular/common` from 19.2.16 to 22.0.1
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.1/packages/common)

Updates `@angular/forms` from 19.0.3 to 22.0.1
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.1/packages/forms)

Updates `@angular/material` from 19.0.2 to 22.0.1
- [Release notes](https://github.com/angular/components/releases)
- [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md)
- [Commits](angular/components@19.0.2...v22.0.1)

Updates `@angular/platform-browser` from 19.0.3 to 22.0.1
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.1/packages/platform-browser)

Updates `@angular/platform-browser-dynamic` from 19.0.3 to 22.0.1
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.1/packages/platform-browser-dynamic)

Updates `@angular/router` from 19.0.3 to 22.0.1
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.1/packages/router)

---
updated-dependencies:
- dependency-name: "@angular/core"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/animations"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/cdk"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/common"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/forms"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/material"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/platform-browser"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/platform-browser-dynamic"
  dependency-version: 22.0.1
  dependency-type: direct:production
- dependency-name: "@angular/router"
  dependency-version: 22.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants