chore(deps): bump @angular/compiler from 21.1.1 to 21.2.4 in /src by dependabot[bot] · Pull Request #693 · ikemtz/AngularMonoRepo

dependabot · 2026-03-14T02:09:52Z

Bumps @angular/compiler from 21.1.1 to 21.2.4.

Release notes

Sourced from @angular/compiler's releases.

21.2.4

compiler

Commit Description

disallow translations of iframe src

core

Commit Description

reverts "feat(core): add support for nested animations"

sanitize translated form attributes

VSCode Extension: 21.2.3

This release contains internal refactorings only.

21.2.3

core

Commit Description

ensure definitions compile

include signal debug names in their toString() representation

sanitize translated attribute bindings with interpolations

VSCode Extension: 21.2.2

fix(extension): bundle TypeScript 5.9 internally (da57d1af73)

21.2.2

compiler

Commit Description

prevent mutation of children array in RecursiveVisitor

compiler-cli

Commit Description

always parenthesize object literals in TCB

ignore generated ngDevMode signal branch for code coverage

forms

Commit Description

add 'blur' option to debounce rule

VSCode Extension: 21.2.1

perf(language-service): use lightweight project warmup for Angular analysis (d2137928e8)

21.2.1

core

Commit Description

adds transfer cache to httpResource to fix hydration

prevent child animation elements from being orphaned

Prevent removal of elements during drag and drop

... (truncated)

Changelog

Sourced from @angular/compiler's changelog.

21.2.4 (2026-03-12)

compiler

Commit Type Description

ed2d324f9c fix disallow translations of iframe src

core

Commit Type Description

abbd8797bb fix reverts "feat(core): add support for nested animations"

d1dcd16c5b fix sanitize translated form attributes

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

createNgModuleRef was removed, use createNgModule instead

core

Commit Type Description

b918beda32 feat allow debouncing signals

f9ede9ec98 fix ensure definitions compile

b401c18674 fix include signal debug names in their toString() representation

8630319f74 fix sanitize translated attribute bindings with interpolations

36936872c9 refactor remove createNgModuleRef

forms

Commit Type Description

3e7ce0dafc fix restrict SignalFormsConfig to a readonly API

language-service

Commit Type Description

5a6d88626b feat add angular template inlay hints support

21.2.3 (2026-03-11)

core

Commit Type Description

62a97f7e4b fix ensure definitions compile

21b1c3b2ee fix include signal debug names in their toString() representation

224e60ecb1 fix sanitize translated attribute bindings with interpolations

21.2.2 (2026-03-09)

... (truncated)

Commits

ed2d324 fix(compiler): disallow translations of iframe src
1df1697 fix(compiler): prevent mutation of children array in RecursiveVisitor
95b3f37 feat(compiler): Exhaustive checks for switch blocks
9c5658a refactor(compiler): clean up pipeline compatibility distinction
6e0d783 refactor(compiler): Add info about unclosed element.
06d94ac Revert "refactor(compiler): Add info about unclosed element."
0972084 refactor(compiler): Add info about unclosed element.
b386f95 Revert "refactor(compiler): Add info about unclosed element."
9b69e29 refactor(compiler): Add info about unclosed element.
11834a4 fix(compiler): add geolocation element to schema
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 21.1.1 to 21.2.4. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v21.2.4/packages/compiler) --- updated-dependencies: - dependency-name: "@angular/compiler" dependency-version: 21.2.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-03-14T02:11:39Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/@nx/angular@22.5.4` → `npm/entities@4.5.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@4.5.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `svgo` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/@nx/angular@22.5.4` → `npm/svgo@3.3.3` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/svgo@3.3.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 14, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump @angular/compiler from 21.1.1 to 21.2.4 in /src#693

chore(deps): bump @angular/compiler from 21.1.1 to 21.2.4 in /src#693
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/src/angular/compiler-21.2.4

dependabot bot commented on behalf of github Mar 14, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Mar 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Description
	reverts "feat(core): add support for nested animations"
	sanitize translated form attributes

Commit	Description
	ensure definitions compile
	include signal debug names in their `toString()` representation
	sanitize translated attribute bindings with interpolations

Commit	Description
	always parenthesize object literals in TCB
	ignore generated ngDevMode signal branch for code coverage

Commit	Description
	adds transfer cache to httpResource to fix hydration
	prevent child animation elements from being orphaned
	Prevent removal of elements during drag and drop

Commit	Type	Description
abbd8797bb	fix	reverts "feat(core): add support for nested animations"
d1dcd16c5b	fix	sanitize translated form attributes

Commit	Type	Description
b918beda32	feat	allow debouncing signals
f9ede9ec98	fix	ensure definitions compile
b401c18674	fix	include signal debug names in their `toString()` representation
8630319f74	fix	sanitize translated attribute bindings with interpolations
36936872c9	refactor	remove `createNgModuleRef`

Commit	Type	Description
62a97f7e4b	fix	ensure definitions compile
21b1c3b2ee	fix	include signal debug names in their `toString()` representation
224e60ecb1	fix	sanitize translated attribute bindings with interpolations

Conversation

dependabot bot commented on behalf of github Mar 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

21.2.4

compiler

core

VSCode Extension: 21.2.3

21.2.3

core

VSCode Extension: 21.2.2

21.2.2

compiler

compiler-cli

forms

VSCode Extension: 21.2.1

21.2.1

core

21.2.4 (2026-03-12)

compiler

core

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

core

forms

language-service

21.2.3 (2026-03-11)

core

21.2.2 (2026-03-09)

Uh oh!

socket-security bot commented Mar 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 14, 2026 •

edited

Loading