Skip to content

Bump the zeppelin-web-angular-security-updates group across 1 directory with 6 updates#5221

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/zeppelin-web-angular/zeppelin-web-angular-security-updates-58fb326068
Open

Bump the zeppelin-web-angular-security-updates group across 1 directory with 6 updates#5221
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/zeppelin-web-angular/zeppelin-web-angular-security-updates-58fb326068

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Bumps the zeppelin-web-angular-security-updates group with 6 updates in the /zeppelin-web-angular directory:

Package From To
@angular/common 13.4.0 21.2.10
@angular/compiler 13.4.0 21.2.10
@angular/core 13.4.0 21.2.10
@tootallnate/once 1.1.2 removed
rollup 0.25.8 4.60.2
follow-redirects 1.15.11 1.16.0

Updates @angular/common from 13.4.0 to 21.2.10

Release notes

Sourced from @​angular/common's releases.

21.2.10

docs

Commit Description
fix - 0d5ee9ae1b link formatting in "Animating your Application with CSS"

migrations

Commit Description
fix - 5533ab4f56 fix NgClass leaving trailing comma after removal

router

Commit Description
fix - 580212c995 restore internal URL on popstate when browserUrl is used

21.2.9

core

Commit Description
fix - f603d4714f escape forward slashes in transfer state to prevent crawler indexing

http

Commit Description
fix - 540536c386 add CSP nonce support to JsonpClientBackend
fix - 63a857b874 Don't on Passthru outside of reactive context

platform-server

Commit Description
fix - e0b5078cf2 prevent SSRF bypasses via protocol-relative and backslash URLs

router

Commit Description
fix - 684e9fd53d normalize multiple leading slashes in URL parser

21.2.8

compiler

Commit Description
fix - e40d378f3e handle nested brackets in host object bindings

compiler-cli

Commit Description
fix - 2c6781071f error for type parameter declarations

core

Commit Description
fix - 82192deda9 handle missing serialized container hydration data
fix - 057cc6d09d remove obsolete iOS cursor pointer hack in event delegation

language-service

Commit Description

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.10 (2026-04-22)

docs

Commit Type Description
0d5ee9ae1b fix link formatting in "Animating your Application with CSS"

migrations

Commit Type Description
5533ab4f56 fix fix NgClass leaving trailing comma after removal

router

Commit Type Description
580212c995 fix restore internal URL on popstate when browserUrl is used

19.2.21 (2026-04-15)

platform-server

Commit Type Description
f3a5bfb949 fix prevent SSRF bypasses via protocol-relative and backslash URLs

20.3.19 (2026-04-15)

platform-server

Commit Type Description
303d4cd580 fix prevent SSRF bypasses via protocol-relative and backslash URLs

22.0.0-next.8 (2026-04-15)

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.

compiler

Commit Type Description
47fcbc4704 feat allow safe navigation to correctly narrow down nullables
2c5aabb9da fix don't escape dollar sign in literal expression

compiler-cli

Commit Type Description
e5f96c2d88 fix animation events not type checked properly when bound through HostListener decorator

core

... (truncated)

Commits
  • 540536c fix(http): add CSP nonce support to JsonpClientBackend
  • 8102331 test(http): disable XSRF and mock location in HttpClient tests to avoid Domin...
  • 13f050d test: construct local Date objects to fix timezone flakiness
  • d0cf299 test: remove unsupported timezone from formatDate tests
  • b4ab6ba fix(common): avoid redundant image fetch on destroy with auto sizes
  • adda6c5 build: update aspect_rules_js to 3.0.2
  • 93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
  • 76431ed Revert "fix(http): correctly cache blob responses in transfer cache (#67002)"
  • 277ade9 fix(http): correctly cache blob responses in transfer cache (#67002)
  • aeb9b81 refactor(http): Improves base64 encoding/decoding with feature detection (#67...
  • Additional commits viewable in compare view

Updates @angular/compiler from 13.4.0 to 21.2.10

Release notes

Sourced from @​angular/compiler's releases.

21.2.10

docs

Commit Description
fix - 0d5ee9ae1b link formatting in "Animating your Application with CSS"

migrations

Commit Description
fix - 5533ab4f56 fix NgClass leaving trailing comma after removal

router

Commit Description
fix - 580212c995 restore internal URL on popstate when browserUrl is used

21.2.9

core

Commit Description
fix - f603d4714f escape forward slashes in transfer state to prevent crawler indexing

http

Commit Description
fix - 540536c386 add CSP nonce support to JsonpClientBackend
fix - 63a857b874 Don't on Passthru outside of reactive context

platform-server

Commit Description
fix - e0b5078cf2 prevent SSRF bypasses via protocol-relative and backslash URLs

router

Commit Description
fix - 684e9fd53d normalize multiple leading slashes in URL parser

21.2.8

compiler

Commit Description
fix - e40d378f3e handle nested brackets in host object bindings

compiler-cli

Commit Description
fix - 2c6781071f error for type parameter declarations

core

Commit Description
fix - 82192deda9 handle missing serialized container hydration data
fix - 057cc6d09d remove obsolete iOS cursor pointer hack in event delegation

language-service

Commit Description

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.10 (2026-04-22)

docs

Commit Type Description
0d5ee9ae1b fix link formatting in "Animating your Application with CSS"

migrations

Commit Type Description
5533ab4f56 fix fix NgClass leaving trailing comma after removal

router

Commit Type Description
580212c995 fix restore internal URL on popstate when browserUrl is used

19.2.21 (2026-04-15)

platform-server

Commit Type Description
f3a5bfb949 fix prevent SSRF bypasses via protocol-relative and backslash URLs

20.3.19 (2026-04-15)

platform-server

Commit Type Description
303d4cd580 fix prevent SSRF bypasses via protocol-relative and backslash URLs

22.0.0-next.8 (2026-04-15)

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.

compiler

Commit Type Description
47fcbc4704 feat allow safe navigation to correctly narrow down nullables
2c5aabb9da fix don't escape dollar sign in literal expression

compiler-cli

Commit Type Description
e5f96c2d88 fix animation events not type checked properly when bound through HostListener decorator

core

... (truncated)

Commits
  • a4f3120 refactor(compiler): require a reference in DirectiveMeta
  • de533fe refactor(compiler-cli): move ClassPropertyMapping into compiler
  • ea1e34c refactor(compiler): move matchSource into base metadata
  • e40d378 fix(compiler): handle nested brackets in host object bindings
  • d04ddd7 fix(core): prevent binding unsafe attributes on SVG animation elements (#67797)
  • fea25d1 fix(compiler): register SVG animation attributes in URL security context (#67...
  • 880a57d fix(compiler): prevent shimCssText from adding extra blank lines per CSS comment
  • 23ea431 fix(compiler): parse named HTML entities containing digits
  • 334ae10 fix(compiler): ensure generated code compiles
  • ed2d324 fix(compiler): disallow translations of iframe src
  • Additional commits viewable in compare view

Updates @angular/core from 13.4.0 to 21.2.10

Release notes

Sourced from @​angular/core's releases.

21.2.10

docs

Commit Description
fix - 0d5ee9ae1b link formatting in "Animating your Application with CSS"

migrations

Commit Description
fix - 5533ab4f56 fix NgClass leaving trailing comma after removal

router

Commit Description
fix - 580212c995 restore internal URL on popstate when browserUrl is used

21.2.9

core

Commit Description
fix - f603d4714f escape forward slashes in transfer state to prevent crawler indexing

http

Commit Description
fix - 540536c386 add CSP nonce support to JsonpClientBackend
fix - 63a857b874 Don't on Passthru outside of reactive context

platform-server

Commit Description
fix - e0b5078cf2 prevent SSRF bypasses via protocol-relative and backslash URLs

router

Commit Description
fix - 684e9fd53d normalize multiple leading slashes in URL parser

21.2.8

compiler

Commit Description
fix - e40d378f3e handle nested brackets in host object bindings

compiler-cli

Commit Description
fix - 2c6781071f error for type parameter declarations

core

Commit Description
fix - 82192deda9 handle missing serialized container hydration data
fix - 057cc6d09d remove obsolete iOS cursor pointer hack in event delegation

language-service

Commit Description

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.10 (2026-04-22)

docs

Commit Type Description
0d5ee9ae1b fix link formatting in "Animating your Application with CSS"

migrations

Commit Type Description
5533ab4f56 fix fix NgClass leaving trailing comma after removal

router

Commit Type Description
580212c995 fix restore internal URL on popstate when browserUrl is used

19.2.21 (2026-04-15)

platform-server

Commit Type Description
f3a5bfb949 fix prevent SSRF bypasses via protocol-relative and backslash URLs

20.3.19 (2026-04-15)

platform-server

Commit Type Description
303d4cd580 fix prevent SSRF bypasses via protocol-relative and backslash URLs

22.0.0-next.8 (2026-04-15)

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.

compiler

Commit Type Description
47fcbc4704 feat allow safe navigation to correctly narrow down nullables
2c5aabb9da fix don't escape dollar sign in literal expression

compiler-cli

Commit Type Description
e5f96c2d88 fix animation events not type checked properly when bound through HostListener decorator

core

... (truncated)

Commits
  • 750af5b build: update cross-repo angular dependencies to v21.2.8
  • 5533ab4 fix(migrations): fix NgClass leaving trailing comma after removal
  • 2b9954f fix(migrations): fix NgClass leaving trailing comma after removal
  • c9215b3 Revert "refactor(core): complete removal of deprecated createNgModuleRef al...
  • d88d6ed refactor(core): complete removal of deprecated createNgModuleRef alias
  • b24ead5 refactor: Improve hydration mismatch errors for third-party scripts
  • 17cae6a docs: fix bootstraping link
  • f603d47 fix(core): escape forward slashes in transfer state to prevent crawler indexing
  • 05d9b97 build: update cross-repo angular dependencies
  • d4c8a9a refactor(compiler-cli): decouple SymbolBuilder from BoundTarget and minimize ...
  • Additional commits viewable in compare view

Removes @tootallnate/once

Updates rollup from 0.25.8 to 4.60.2

Release notes

Sourced from rollup's releases.

v4.60.2

4.60.2

2026-04-18

Bug Fixes

  • Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

v4.60.1

4.60.1

2026-03-30

Bug Fixes

  • Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

rollup changelog

0.68.2

2018-12-23

Bug Fixes

  • Do not assume hoisted variables to have been initialized (#2607)

Pull Requests

  • #2607: Fix an issues where hoisted variables were assumed to have been initialized (@​lye)

0.68.1

2018-12-19

Bug Fixes

  • Fix an issue with UMD wrappers where a variable is used without being defined (#2600)

Pull Requests

  • #2600: Fix UMD and IIFE wrapper issues and add comprehensive functional wrapper tests (@​lukastaegert)

0.68.0

2018-12-16

Breaking Changes

  • optimizeChunks is renamed to experimentalOptimizeChunks to reflect this feature is not production-ready yet ( #2575)

Features

  • Plugins can iterate all module ids via this.moduleIds (#2565)
  • Plugins can get graph information about a module via this.getModuleInfo(id) (#2565)
  • Plugins and JS API users get more information about the generated chunks: dynamicImports, facadeModuleId, isDynamicEntry, name (#2575)
  • Tree-shaken dynamic imports will no longer create chunks or influence chunking in any way (#2575)
  • Dynamic imports will no longer follow the entryFileNames but the chunkFileNames property reflecting those are solely internally used (#2575)
  • If there are chunk naming conflicts, entry chunks will always take precedence (#2575)
  • If an entry facade is created, only the facade chunk is marked as isEntry (#2575)
  • Dynamic chunks will only be marked as isEntry if they are actually entry chunks as well; thus there is now a 1-to-1 correspondence between modules listed in input and chunks marked as isEntry (#2575)
  • Chunks no longer contain imports for variables that are tree-shaken in the chunk but used in other chunks (#2584)
  • Chunks will always import re-exported variables directly from the chunk where they are originally exported from ( #2584)
  • Null characters will be pruned from chunk ids to allow for virtually created chunks and make rollup-plugin-multi-entry compatible with code-splitting and thus the upcoming 1.0 version (#2590)
  • Simplify the UMD wrapper code as much as possible, especially if there are no exports (#2594)
  • The UMD wrapper will now work in strict mode by checking for self before this when determining the global variable (#2594)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for rollup since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates follow-redirects from 1.15.11 to 1.16.0

Commits
  • 0c23a22 Release version 1.16.0 of the npm package.
  • 844c4d3 Add sensitiveHeaders option.
  • 5e8b8d0 ci: add Node.js 24.x to the CI matrix
  • 7953e22 ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6
  • 86dc1f8 Sanitizing input.
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the zeppelin-web-angular-security-updates group across 1 directo…
c5af31a 
…ry with 6 updates

Bumps the zeppelin-web-angular-security-updates group with 6 updates in the /zeppelin-web-angular directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `13.4.0` | `21.2.10` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `13.4.0` | `21.2.10` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `13.4.0` | `21.2.10` |
| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `removed` |
| [rollup](https://github.com/rollup/rollup) | `0.25.8` | `4.60.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |



Updates `@angular/common` from 13.4.0 to 21.2.10
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.10/packages/common)

Updates `@angular/compiler` from 13.4.0 to 21.2.10
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.10/packages/compiler)

Updates `@angular/core` from 13.4.0 to 21.2.10
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.10/packages/core)

Removes `@tootallnate/once`

Updates `rollup` from 0.25.8 to 4.60.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-0.md)
- [Commits](rollup/rollup@v0.25.8...v4.60.2)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 21.2.10
  dependency-type: direct:production
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.10
  dependency-type: direct:production
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: "@angular/core"
  dependency-version: 21.2.10
  dependency-type: direct:production
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: "@tootallnate/once"
  dependency-version: 
  dependency-type: indirect
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: rollup
  dependency-version: 4.60.2
  dependency-type: indirect
  dependency-group: zeppelin-web-angular-security-updates
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: zeppelin-web-angular-security-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants