Bump ajv, @angular-devkit/build-angular and @angular/cli

[dependabot]

Bumps ajv to 6.15.0 and updates ancestor dependencies ajv, @angular-devkit/build-angular and @angular/cli. These dependencies need to be updated together.

Updates ajv from 6.12.6 to 6.15.0

Commits

• 184bc32 6.15.0
• fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

Updates @angular-devkit/build-angular from 0.10.7 to 21.2.14

Release notes

Sourced from @​angular-devkit/build-angular's releases.

21.2.14

@​angular/cli

Commit	Description
	expand package groups for newly added peer dependencies in update schematic

@​angular/build

Commit	Description
	prevent esbuild service child process leakage

21.2.13

@​angular-devkit/build-angular

Commit	Description
	remove unconditional CORS wildcard from webpack dev-server

@​angular/build

Commit	Description
	assert that asset input paths are within workspace root

21.2.12

@​angular/build

Commit	Description
	ignore virtual esbuild paths with (disabled):

21.2.11

@​angular/cli

Commit	Description
	robustly parse npm manifest from array

@​angular/ssr

Commit	Description
	allow all hosts in common engine rendering options to prevent validation errors
	remove stateful flag from URL_PARAMETER_REGEXP

21.2.10

@​angular/cli

Commit	Description
	restrict MCP workspace access to allowed client roots during resolution

21.2.9

@​schematics/angular

Commit	Description
	add missing imports for focus and skip APIs in refactor-jasmine-vitest

@​angular/cli

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

21.2.14 (2026-06-03)

@​angular/cli

Commit	Type	Description
aed448748	fix	expand package groups for newly added peer dependencies in update schematic

@​angular/build

Commit	Type	Description
d46c082fb	fix	prevent esbuild service child process leakage

20.3.27 (2026-06-02)

@​angular/ssr

Commit	Type	Description
07c6c96ba	fix	add support for configuring trusted proxy headers via environment variable

19.2.27 (2026-06-02)

@​angular/ssr

Commit	Type	Description
2c0dfc2ac	fix	add support for configuring trusted proxy headers via environment variable

21.2.13 (2026-05-27)

@​angular-devkit/build-angular

Commit	Type	Description
3c6d26a31	fix	remove unconditional CORS wildcard from webpack dev-server

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular-devkit/build-angular since your current version.

Updates @angular/cli from 7.0.7 to 22.0.0

Release notes

Sourced from @​angular/cli's releases.

22.0.0

@​schematics/angular

Commit	Description
	add migrate-karma-to-vitest update migration
	add migration to add istanbul-lib-instrument
	conditionally install istanbul coverage provider for Vitest migration
	migrate fake async to Vitest fake timers
	migrate fakeAsync's flush behavior when used in beforeEach
	rely on strict template default in generated workspaces
	set up fake timers in beforeEach instead of beforeAll
	stabilize refactor-jasmine-vitest schematic
	update TSConfig globals during karma to vitest migration
	add istanbul-lib-instrument to application/library generator dependencies
	add trusted-proxy-headers migration
	default components to OnPush change detection
	defer karma config deletion in Karma to Vitest migration
	preserve Jasmine stub-by-default semantics for bare spies
	replace deprecated ChangeDetectionStrategy.Default with Eager
	support spy call arguments migration in refactor-jasmine-vitest
	use service decorator in ng generate

@​angular/cli

Commit	Description
	add support for Node.js 26.0.0
	reflect new minimum supported Node version in ng.js
	update odd-numbered Node.js version warning condition for future releases
	update zoneless migration tool to handle ChangeDetectionStrategy.Eager
	cache root manifest and resolve restricted package exports in ng add

Commit	Description
	update minimum supported Node.js versions
	remove @angular-devkit/architect-cli package
	remove experimental Jest and Web Test Runner builders

@​angular-devkit/build-angular

Commit	Description
	deprecate Webpack builders

@​angular-devkit/build-webpack

Commit	Description
	deprecate webpack and webpack-dev-server builders

@​angular/build

Commit	Description
	add isolate option to unit-test builder
	add process.env.PORT support to the dev server
	add quiet option to suppress build noise in unit tests
	enable chunk optimization by default with heuristics

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

22.0.0 (2026-06-03)

Breaking Changes

• Node.js v20 is no longer supported. The minimum supported Node.js versions are now v22.22.0 and v24.13.1.
• The @angular-devkit/architect-cli package is no longer available. The architect CLI tool has been moved to the @angular-devkit/architect package.
• The experimental @angular-devkit/build-angular:jest and @angular-devkit/build-angular:web-test-runner builders have been removed.

@​angular/build

• The @angular/build:dev-server (ng serve) now assigns the highest priority to the PORT environment variable. This value will override any port configurations specified in angular.json or via the --port command-line flag. This includes the default port 4200.
• istanbul-lib-instrument is now an optional peer dependency. Projects using karma with code coverage enabled will need to ensure that istanbul-lib-instrument is installed. Note: ng update will automatically add this dependency during the update process.

@​angular/ssr

• The server no longer falls back to Client-Side Rendering (CSR) when a request fails host validation. Requests with unrecognized 'Host' headers will now return a 400 Bad Request status code. Users must ensure all valid hosts are correctly configured in the 'allowedHosts' option.

Deprecations

@​angular-devkit/build-angular

• Webpack builders in build-angular are deprecated. Use @​angular/build builders instead.

@​angular-devkit/build-webpack

• Webpack builders in build-webpack are deprecated. Use @​angular/build builders instead.

@​angular/ssr

• CommonEngine APIs are deprecated in favor of AngularNodeAppEngine or AngularAppEngine.

@​ngtools/webpack

• @​ngtools/webpack loader and plugin are deprecated. Use @​angular/build instead.

@​angular/cli

Commit	Type	Description
58c0978f6	feat	add support for Node.js 26.0.0
a5c7c0b5f	fix	reflect new minimum supported Node version in ng.js
a5e1e48db	fix	update odd-numbered Node.js version warning condition for future releases
93c3eb8fb	fix	update zoneless migration tool to handle ChangeDetectionStrategy.Eager
a39a33128	perf	cache root manifest and resolve restricted package exports in ng add

@​schematics/angular

... (truncated)

Commits

• 9b15fa6 release: cut the v22.0.0 release
• 4d30ed2 build: update Angular framework and ng-packagr versions to 22.0.0
• 04b2353 release: cut the v22.0.0-rc.3 release
• dea19c8 build: update pnpm to v10.34.1
• d9d8cf3 refactor(@​schematics/angular): decompose transformSpies into modular helper f...
• 4fbc608 fix(@​schematics/angular): preserve Jasmine stub-by-default semantics for bare...
• 418abd8 fix(@​angular/build): prevent esbuild service child process leakage
• f05343a fix(@​angular/cli): expand package groups for newly added peer dependencies in...
• 8471ba6 fix(@​angular/ssr): support server-side rendering configuration options
• 7b15742 build: update github/codeql-action action to v4.36.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/cli since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.