Bump @angular/common, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router by dependabot[bot] · Pull Request #462 · ng2-ui/auto-complete

dependabot · 2026-05-10T19:53:34Z

Bumps @angular/common, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router. These dependencies needed to be updated together.
Updates @angular/common from 18.2.4 to 21.2.12

Release notes

Sourced from @angular/common's releases.

21.2.12

core

Commit Description

allow explicit read generic with signal input transforms

i18n flags leaking on errors

respect ngSkipHydration on components with projectable nodes in LContainers

sanitizer typings

validate security-sensitive attributes in i18n bindings

visit ng-let expression value in signal migration schematics

forms

Commit Description

prohibit concurrent submits in signal forms

21.2.11

common

Commit Description

prevent focus from scrollToAnchor

compiler

Commit Description

let declaration span not including end character

core

Commit Description

fix ordering of view queries metadata in JIT mode

guard against non-object events and avoid listener wrapper identity mismatch

prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit Description

ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit Description

link formatting in "Animating your Application with CSS"

migrations

Commit Description

fix NgClass leaving trailing comma after removal

router

Commit Description

restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @angular/common's changelog.

21.2.12 (2026-05-06)

core

Commit Type Description

fe13bb669d fix allow explicit read generic with signal input transforms

3430251fef fix i18n flags leaking on errors

1aeebbe304 fix respect ngSkipHydration on components with projectable nodes in LContainers

9e38ed7d57 fix sanitizer typings

7a05a9a71a fix validate security-sensitive attributes in i18n bindings

c37f6ca42f fix visit ng-let expression value in signal migration schematics

forms

Commit Type Description

03ad53863b fix prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit Type Description

a9bcffdbc7 fix disallow event attribute bindings in host bindings unconditionally (#68468)

97eeb45cfa fix validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit Type Description

25e4e07238 fix ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit Type Description

97cac1cf4d fix prevent focus from scrollToAnchor

compiler

Commit Type Description

2896c93cc1 feat Angular expressions with optional chaining returns undefined

6bd1721662 fix let declaration span not including end character

core

Commit Type Description

444b024d49 feat Add a injectAsync helper function

8c11816490 fix fix ordering of view queries metadata in JIT mode

3583c01bf9 fix guard against non-object events and avoid listener wrapper identity mismatch

d5fd51e956 fix prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

30cf85f refactor(common): update deprecation message
42d57c3 refactor(common): fix viewport tests
10ad3c0 fix(common): prevent focus from scrollToAnchor
540536c fix(http): add CSP nonce support to JsonpClientBackend
8102331 test(http): disable XSRF and mock location in HttpClient tests to avoid Domin...
13f050d test: construct local Date objects to fix timezone flakiness
d0cf299 test: remove unsupported timezone from formatDate tests
b4ab6ba fix(common): avoid redundant image fetch on destroy with auto sizes
adda6c5 build: update aspect_rules_js to 3.0.2
93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
Additional commits viewable in compare view

Updates @angular/forms from 18.2.4 to 21.2.12

Release notes

Sourced from @angular/forms's releases.

21.2.12

core

Commit Description

allow explicit read generic with signal input transforms

i18n flags leaking on errors

respect ngSkipHydration on components with projectable nodes in LContainers

sanitizer typings

validate security-sensitive attributes in i18n bindings

visit ng-let expression value in signal migration schematics

forms

Commit Description

prohibit concurrent submits in signal forms

21.2.11

common

Commit Description

prevent focus from scrollToAnchor

compiler

Commit Description

let declaration span not including end character

core

Commit Description

fix ordering of view queries metadata in JIT mode

guard against non-object events and avoid listener wrapper identity mismatch

prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit Description

ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit Description

link formatting in "Animating your Application with CSS"

migrations

Commit Description

fix NgClass leaving trailing comma after removal

router

Commit Description

restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @angular/forms's changelog.

21.2.12 (2026-05-06)

core

Commit Type Description

fe13bb669d fix allow explicit read generic with signal input transforms

3430251fef fix i18n flags leaking on errors

1aeebbe304 fix respect ngSkipHydration on components with projectable nodes in LContainers

9e38ed7d57 fix sanitizer typings

7a05a9a71a fix validate security-sensitive attributes in i18n bindings

c37f6ca42f fix visit ng-let expression value in signal migration schematics

forms

Commit Type Description

03ad53863b fix prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit Type Description

a9bcffdbc7 fix disallow event attribute bindings in host bindings unconditionally (#68468)

97eeb45cfa fix validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit Type Description

25e4e07238 fix ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit Type Description

97cac1cf4d fix prevent focus from scrollToAnchor

compiler

Commit Type Description

2896c93cc1 feat Angular expressions with optional chaining returns undefined

6bd1721662 fix let declaration span not including end character

core

Commit Type Description

444b024d49 feat Add a injectAsync helper function

8c11816490 fix fix ordering of view queries metadata in JIT mode

3583c01bf9 fix guard against non-object events and avoid listener wrapper identity mismatch

d5fd51e956 fix prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

03ad538 fix(forms): prohibit concurrent submits in signal forms
ce7a43a refactor(forms): improve clarity in SelectMultipleControlValueAccessor.writeV...
600da64 docs(forms): add NG01902 error reference and link to docs
dc95814 docs: add documentation for NG1002
b0dc2fb docs(forms): clarify disabled FormArray value behavior
895c576 refactor(forms): use strict equality for pending status getter
b658acc docs: fix js doc of signal forms ignoreValidators option.
7907e98 test: remove duplicate tests
4a9b715 test(forms): cover transformedValue without FormField context
670d166 feat(forms): add 'blur' option to debounce rule
Additional commits viewable in compare view

Updates @angular/platform-browser from 18.2.4 to 21.2.12

Release notes

Sourced from @angular/platform-browser's releases.

21.2.12

core

Commit Description

allow explicit read generic with signal input transforms

i18n flags leaking on errors

respect ngSkipHydration on components with projectable nodes in LContainers

sanitizer typings

validate security-sensitive attributes in i18n bindings

visit ng-let expression value in signal migration schematics

forms

Commit Description

prohibit concurrent submits in signal forms

21.2.11

common

Commit Description

prevent focus from scrollToAnchor

compiler

Commit Description

let declaration span not including end character

core

Commit Description

fix ordering of view queries metadata in JIT mode

guard against non-object events and avoid listener wrapper identity mismatch

prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit Description

ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit Description

link formatting in "Animating your Application with CSS"

migrations

Commit Description

fix NgClass leaving trailing comma after removal

router

Commit Description

restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @angular/platform-browser's changelog.

21.2.12 (2026-05-06)

core

Commit Type Description

fe13bb669d fix allow explicit read generic with signal input transforms

3430251fef fix i18n flags leaking on errors

1aeebbe304 fix respect ngSkipHydration on components with projectable nodes in LContainers

9e38ed7d57 fix sanitizer typings

7a05a9a71a fix validate security-sensitive attributes in i18n bindings

c37f6ca42f fix visit ng-let expression value in signal migration schematics

forms

Commit Type Description

03ad53863b fix prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit Type Description

a9bcffdbc7 fix disallow event attribute bindings in host bindings unconditionally (#68468)

97eeb45cfa fix validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit Type Description

25e4e07238 fix ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit Type Description

97cac1cf4d fix prevent focus from scrollToAnchor

compiler

Commit Type Description

2896c93cc1 feat Angular expressions with optional chaining returns undefined

6bd1721662 fix let declaration span not including end character

core

Commit Type Description

444b024d49 feat Add a injectAsync helper function

8c11816490 fix fix ordering of view queries metadata in JIT mode

3583c01bf9 fix guard against non-object events and avoid listener wrapper identity mismatch

d5fd51e956 fix prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

76431ed Revert "fix(http): correctly cache blob responses in transfer cache (#67002)"
277ade9 fix(http): correctly cache blob responses in transfer cache (#67002)
11767ca build: update Jasmine to 6.0.0
85122cb docs: update bootstrapApplication docs
f4469ad refactor(core): update error message links to versioned docs (#66374)
99ad18a feat(core): Add stability debugging utility
6270bba ci: reformat files
2ccdf50 refactor(platform-browser): remove unused platformIsServer flag from renderer
b4f584c fix(core): return StaticProvider for providePlatformInitializer
96b79fc refactor(core): correct all typeof ngDevMode comparison patterns introduced...
Additional commits viewable in compare view

Updates @angular/platform-browser-dynamic from 18.2.4 to 21.2.12

Release notes

Sourced from @angular/platform-browser-dynamic's releases.

21.2.12

core

Commit Description

allow explicit read generic with signal input transforms

i18n flags leaking on errors

respect ngSkipHydration on components with projectable nodes in LContainers

sanitizer typings

validate security-sensitive attributes in i18n bindings

visit ng-let expression value in signal migration schematics

forms

Commit Description

prohibit concurrent submits in signal forms

21.2.11

common

Commit Description

prevent focus from scrollToAnchor

compiler

Commit Description

let declaration span not including end character

core

Commit Description

fix ordering of view queries metadata in JIT mode

guard against non-object events and avoid listener wrapper identity mismatch

prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit Description

ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit Description

link formatting in "Animating your Application with CSS"

migrations

Commit Description

fix NgClass leaving trailing comma after removal

router

Commit Description

restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @angular/platform-browser-dynamic's changelog.

21.2.12 (2026-05-06)

core

Commit Type Description

fe13bb669d fix allow explicit read generic with signal input transforms

3430251fef fix i18n flags leaking on errors

1aeebbe304 fix respect ngSkipHydration on components with projectable nodes in LContainers

9e38ed7d57 fix sanitizer typings

7a05a9a71a fix validate security-sensitive attributes in i18n bindings

c37f6ca42f fix visit ng-let expression value in signal migration schematics

forms

Commit Type Description

03ad53863b fix prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit Type Description

a9bcffdbc7 fix disallow event attribute bindings in host bindings unconditionally (#68468)

97eeb45cfa fix validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit Type Description

25e4e07238 fix ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit Type Description

97cac1cf4d fix prevent focus from scrollToAnchor

compiler

Commit Type Description

2896c93cc1 feat Angular expressions with optional chaining returns undefined

6bd1721662 fix let declaration span not including end character

core

Commit Type Description

444b024d49 feat Add a injectAsync helper function

8c11816490 fix fix ordering of view queries metadata in JIT mode

3583c01bf9 fix guard against non-object events and avoid listener wrapper identity mismatch

d5fd51e956 fix prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

d3f67f6 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
26fed34 build: format md files
c357650 refactor(core): Update tests for zoneless by default (#63668)
2fcafb6 build: rename defaults2.bzl to defaults.bzl (#63383)
fa8d8b8 build: migrate all npm packages to use new rules_js based npm_package rule (#...
cbc258e build: remove ts_project_interop infrastructure (#62908)
793ff35 build: move http_server and generate_api_docs into defaults2.bzl (#62878)
8bf97d1 build: remove all usages of the interop_deps attr for ts_project and ng_proje...
23d5877 build: migrate to new toolchain usage for api goldens (#62688)
b848590 build: migrate to use web test runner rules (#62292)
Additional commits viewable in compare view

Updates @angular/router from 18.2.4 to 21.2.12

Release notes

Sourced from @angular/router's releases.

21.2.12

core

Commit Description

allow explicit read generic with signal input transforms

i18n flags leaking on errors

respect ngSkipHydration on components with projectable nodes in LContainers

sanitizer typings

validate security-sensitive attributes in i18n bindings

visit ng-let expression value in signal migration schematics

forms

Commit Description

prohibit concurrent submits in signal forms

21.2.11

common

Commit Description

prevent focus from scrollToAnchor

compiler

Commit Description

let declaration span not including end character

core

Commit Description

fix ordering of view queries metadata in JIT mode

guard against non-object events and avoid listener wrapper identity mismatch

prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit Description

ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit Description

link formatting in "Animating your Application with CSS"

migrations

Commit Description

fix NgClass leaving trailing comma after removal

router

Commit Description

restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @angular/router's changelog.

21.2.12 (2026-05-06)

core

Commit Type Description

fe13bb669d fix allow explicit read generic with signal input transforms

3430251fef fix i18n flags leaking on errors

1aeebbe304 fix respect ngSkipHydration on components with projectable nodes in LContainers

9e38ed7d57 fix sanitizer typings

7a05a9a71a fix validate security-sensitive attributes in i18n bindings

c37f6ca42f fix visit ng-let expression value in signal migration schematics

forms

Commit Type Description

03ad53863b fix prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit Type Description

a9bcffdbc7 fix disallow event attribute bindings in host bindings unconditionally (#68468)

97eeb45cfa fix validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit Type Description

25e4e07238 fix ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit Type Description

97cac1cf4d fix prevent focus from scrollToAnchor

compiler

Commit Type Description

2896c93cc1 feat Angular expressions with optional chaining returns undefined

6bd1721662 fix let declaration span not including end character

core

Commit Type Description

444b024d49 feat Add a injectAsync helper function

8c11816490 fix fix ordering of view queries metadata in JIT mode

3583c01bf9 fix guard against non-object events and avoid listener wrapper identity mismatch

d5fd51e956 fix prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

161d98e docs: correct "Angular JS" to "AngularJS"
fbe080f docs(router): Fix method name for retrieving stored handles
1be52ad docs: Align Router API docs with inject based DI
fa4eff3 docs(docs-infra): Validate case-sensitive API symbol links in @link
580212c fix(router): restore internal URL on popstate when browserUrl is used
684e9fd fix(router): normalize multiple leading slashes in URL parser
0960592 fix(router): pass outlet context ...
Description has been truncated

…ular/platform-browser-dynamic and @angular/router Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common), [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms), [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser), [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) and [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router). These dependencies needed to be updated together. Updates `@angular/common` from 18.2.4 to 21.2.12 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.12/packages/common) Updates `@angular/forms` from 18.2.4 to 21.2.12 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.12/packages/forms) Updates `@angular/platform-browser` from 18.2.4 to 21.2.12 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.12/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 18.2.4 to 21.2.12 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.12/packages/platform-browser-dynamic) Updates `@angular/router` from 18.2.4 to 21.2.12 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.12/packages/router) --- updated-dependencies: - dependency-name: "@angular/common" dependency-version: 21.2.12 dependency-type: direct:production - dependency-name: "@angular/forms" dependency-version: 21.2.12 dependency-type: direct:production - dependency-name: "@angular/platform-browser" dependency-version: 21.2.12 dependency-type: direct:production - dependency-name: "@angular/platform-browser-dynamic" dependency-version: 21.2.12 dependency-type: direct:production - dependency-name: "@angular/router" dependency-version: 21.2.12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 10, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump @angular/common, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router#462

Bump @angular/common, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router#462
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-5b66e07418

dependabot Bot commented on behalf of github May 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns `undefined`
6bd1721662	fix	let declaration span not including end character

Commit	Type	Description
444b024d49	feat	Add a `injectAsync` helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

Conversation

dependabot Bot commented on behalf of github May 10, 2026

21.2.12

core

forms

21.2.11

common

compiler

core

platform-server

21.2.10

docs

migrations

router

21.2.9

21.2.12 (2026-05-06)

core

forms

20.3.20 (2026-05-06)

core

platform-server

22.0.0-next.10 (2026-04-29)

common

compiler

core

migrations

21.2.12

core

forms

21.2.11

common

compiler

core

platform-server

21.2.10

docs

migrations

router

21.2.9

21.2.12 (2026-05-06)

core

forms

20.3.20 (2026-05-06)

core

platform-server

22.0.0-next.10 (2026-04-29)

common

compiler

core

migrations

21.2.12

core

forms

21.2.11

common

compiler

core

platform-server

21.2.10

docs

migrations

router

21.2.9

21.2.12 (2026-05-06)

core

forms

20.3.20 (2026-05-06)

core

platform-server

22.0.0-next.10 (2026-04-29)

common

compiler

core

migrations

21.2.12

core

forms

21.2.11

common

compiler