Skip to content

Bump @angular/common, @angular/cdk, @angular/forms, @angular/material, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router in /todo-ai#1036

Open
dependabot[bot] wants to merge 1 commit into
gh-pagesfrom
dependabot/npm_and_yarn/todo-ai/multi-7ecabbee1c
Open

Bump @angular/common, @angular/cdk, @angular/forms, @angular/material, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router in /todo-ai#1036
dependabot[bot] wants to merge 1 commit into
gh-pagesfrom
dependabot/npm_and_yarn/todo-ai/multi-7ecabbee1c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/common, @angular/cdk, @angular/forms, @angular/material, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router. These dependencies needed to be updated together.
Updates @angular/common from 19.2.16 to 22.0.2

Release notes

Sourced from @​angular/common's releases.

22.0.2

common

Commit Description
fix - 94ea403563 escape anchor fragment in shadow DOM name selector
fix - 6c1f3e9d49 skip transfer cache for uncacheable HTTP traffic (#69316)

compiler

Commit Description
fix - 6f1171991a restrict possible event handler check to property names longer than 2 characters

core

Commit Description
fix - 528a34f766 avoid caching missing locale data
fix - e17e8d5422 escape overlapping comment delimiters in escapeCommentText
fix - 59dea13f80 guard against DOM clobbering in declareExperimentalWebMcpTool
fix - 3a48abc15c preserve leave animation for sibling instances sharing a TNode
fix - 93d0a5f95c prevent unsubscribe during emit from throwing off other listeners
fix - b32ee7ceb3 treat iframe credentialless as security-sensitive
perf - f902d1d35e detect existing signal dependency without checking all producer links

http

Commit Description
fix - 6867f77ec7 distinguish repeated transfer cache params
fix - 7ef1399068 skip transfer cache for fetch credentialed requests (#69316)

migrations

Commit Description
fix - 15314c1736 migration skip any target are not build or test

22.0.1

common

Commit Description
fix - c4b5fa3c92 escape CSS string-terminating characters in escapeCssUrl
fix - dfff57ede9 Limits date format string length
fix - 3c2892c8df prevent prototype pollution in formatDateTime
fix - 1d87c49f6e use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - 1ee224ca30 disallow i18n event attributes
fix - a56f1cdf8f more robust logic to check if regex can be optimized
fix - 5946c18275 sanitize href/xlink:href attributes of any element of the MathML namespace
fix - 393b84caf8 sanitize two-way properties

compiler-cli

Commit Description
fix - 3d9ca2f173 bind switch exhaustive check expressions

core

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

22.0.2 (2026-06-17)

common

Commit Type Description
94ea403563 fix escape anchor fragment in shadow DOM name selector
6c1f3e9d49 fix skip transfer cache for uncacheable HTTP traffic (#69316)

compiler

Commit Type Description
6f1171991a fix restrict possible event handler check to property names longer than 2 characters

core

Commit Type Description
528a34f766 fix avoid caching missing locale data
e17e8d5422 fix escape overlapping comment delimiters in escapeCommentText
59dea13f80 fix guard against DOM clobbering in declareExperimentalWebMcpTool
3a48abc15c fix preserve leave animation for sibling instances sharing a TNode
93d0a5f95c fix prevent unsubscribe during emit from throwing off other listeners
b32ee7ceb3 fix treat iframe credentialless as security-sensitive
f902d1d35e perf detect existing signal dependency without checking all producer links

http

Commit Type Description
6867f77ec7 fix distinguish repeated transfer cache params
7ef1399068 fix skip transfer cache for fetch credentialed requests (#69316)

migrations

Commit Type Description
15314c1736 fix migration skip any target are not build or test

22.1.0-next.0 (2026-06-10)

Deprecations

http

  • HttpClient.jsonp, HttpClientJsonpModule, and related JSONP classes/functions are deprecated. Use standard HTTP requests instead.

common

Commit Type Description
1ad6824d0d fix skip transfer cache for uncacheable HTTP traffic (#69017)

compiler

Commit Type Description
25c744c4d0 fix support foreign components defined outside top-level scope

compiler-cli

Commit Type Description
aeb55c8bc1 fix allow passing uninvoked signals as foreign component props
7c60a98b3c fix support import aliases in foreignImports (#68674)

... (truncated)

Commits
  • 6867f77 fix(http): distinguish repeated transfer cache params
  • 6c1f3e9 fix(common): skip transfer cache for uncacheable HTTP traffic (#69316)
  • 7ef1399 fix(http): skip transfer cache for fetch credentialed requests (#69316)
  • 94ea403 fix(common): escape anchor fragment in shadow DOM name selector
  • 2dd65d2 fix(http): pass down the reportUploadProgress and reportDownloadProgress ...
  • 1bd5a56 docs: deprecate XHR support for server-side rendering in HTTP docs and recomm...
  • 3c2892c fix(common): prevent prototype pollution in formatDateTime
  • c4b5fa3 fix(common): escape CSS string-terminating characters in escapeCssUrl
  • 4254eb4 fix(http): preserve empty referrer option in HttpRequest
  • 167bd4c fix(http): Rejects non-HTTP(S) URLs in JSONP requests
  • Additional commits viewable in compare view

Updates @angular/cdk from 19.0.2 to 22.0.2

Release notes

Sourced from @​angular/cdk's releases.

22.0.2

material

Commit Description
fix - fb4478bff3 bottom-sheet: ensure animation event comes from container
fix - e4f7f3498b chips: correct focus management on chip destruction (#33329)
fix - 766b7aceee chips: wrong padding when chip only has edit icon (#33407)
fix - ebca801ee5 grid-list: always validate colspan
fix - 30942bcd36 stepper: validate animation durations

cdk

Commit Description
fix - e8f3419060 layout: avoid CSS injection attacks in media matcher
fix - 9dc2b2b2ed platform: account for composedPath error during event replay (#33409)

multiple

Commit Description
fix - 2995797ded improve dark theme visibility in menu, overlay, and portal examples (#33367)

22.0.1

youtube-player

Commit Description
fix - d75a22d69 avoid errors with clobbered variables
fix - fe0a96ce6 validate ID before attaching them to placeholder

material

Commit Description
fix - d7a8cb963 dialog: ignore clicks on aria-disabled close buttons (#33373)
fix - bde3c7621 timepicker: do not allow intervals less than a second (#33354)

cdk

Commit Description
fix - 629aea403 a11y: avoid prototype conflicts in id generator (#33356)
fix - 49aeb676c clipboard: avoid infinite attempt loop (#33366)

aria

Commit Description
fix - 7581b0592 combobox: avoid error for synthetic events (#33360)
fix - 1c4706155 combobox: prevent re-dispatching keyboard event on control target change (#33362)
fix - 96e9ce10c tree: recursive textDirection getter (#33337)

22.0.0

aria

Commit Description
feat - d91f46b4c accordion: introduce accordion harness (#33046)
feat - e3d84f2e0 combobox: add test harnesses (#33194)
feat - 0ca47b4a0 combobox: migrate simple-combobox directly into primary entrypoints (#33206)
feat - 6ec07bc0c grid: add test harnesses (#33081)

... (truncated)

Changelog

Sourced from @​angular/cdk's changelog.

22.0.2 "plastic lion" (2026-06-17)

cdk

Commit Type Description
e8f3419060 fix layout: avoid CSS injection attacks in media matcher
9dc2b2b2ed fix platform: account for composedPath error during event replay (#33409)

material

Commit Type Description
fb4478bff3 fix bottom-sheet: ensure animation event comes from container
e4f7f3498b fix chips: correct focus management on chip destruction (#33329)
766b7aceee fix chips: wrong padding when chip only has edit icon (#33407)
ebca801ee5 fix grid-list: always validate colspan
30942bcd36 fix stepper: validate animation durations

multiple

Commit Type Description
2995797ded fix improve dark theme visibility in menu, overlay, and portal examples (#33367)

22.1.0-next.0 "argon-pineapple" (2026-06-10)

No user facing changes in this release

22.0.1 "argon-apple" (2026-06-10)

aria

Commit Type Description
7581b0592 fix combobox: avoid error for synthetic events (#33360)
1c4706155 fix combobox: prevent re-dispatching keyboard event on control target change (#33362)
96e9ce10c fix tree: recursive textDirection getter (#33337)

cdk

Commit Type Description
629aea403 fix a11y: avoid prototype conflicts in id generator (#33356)
49aeb676c fix clipboard: avoid infinite attempt loop (#33366)

material

Commit Type Description
d7a8cb963 fix dialog: ignore clicks on aria-disabled close buttons (#33373)
bde3c7621 fix timepicker: do not allow intervals less than a second (#33354)

youtube-player

Commit Type Description
d75a22d69 fix avoid errors with clobbered variables
fe0a96ce6 fix validate ID before attaching them to placeholder

... (truncated)

Commits
  • 9b9d0ea release: cut the v22.0.2 release
  • 7b54e95 build: update cross-repo angular dependencies (#33398)
  • b77a829 docs(google-maps): Document the behavior of using the clusterClick output in ...
  • 605f200 build: update pnpm to v10.34.3 (#33392)
  • 0309150 build: lock file maintenance (#33406)
  • 9dc2b2b fix(cdk/platform): account for composedPath error during event replay (#33409)
  • 766b7ac fix(material/chips): wrong padding when chip only has edit icon (#33407)
  • f7170b9 build: fix build failure (#33408)
  • e4f7f34 fix(material/chips): correct focus management on chip destruction (#33329)
  • 9ad7964 build: update review config (#33394)
  • Additional commits viewable in compare view

Updates @angular/forms from 19.0.3 to 22.0.2

Release notes

Sourced from @​angular/forms's releases.

22.0.2

common

Commit Description
fix - 94ea403563 escape anchor fragment in shadow DOM name selector
fix - 6c1f3e9d49 skip transfer cache for uncacheable HTTP traffic (#69316)

compiler

Commit Description
fix - 6f1171991a restrict possible event handler check to property names longer than 2 characters

core

Commit Description
fix - 528a34f766 avoid caching missing locale data
fix - e17e8d5422 escape overlapping comment delimiters in escapeCommentText
fix - 59dea13f80 guard against DOM clobbering in declareExperimentalWebMcpTool
fix - 3a48abc15c preserve leave animation for sibling instances sharing a TNode
fix - 93d0a5f95c prevent unsubscribe during emit from throwing off other listeners
fix - b32ee7ceb3 treat iframe credentialless as security-sensitive
perf - f902d1d35e detect existing signal dependency without checking all producer links

http

Commit Description
fix - 6867f77ec7 distinguish repeated transfer cache params
fix - 7ef1399068 skip transfer cache for fetch credentialed requests (#69316)

migrations

Commit Description
fix - 15314c1736 migration skip any target are not build or test

22.0.1

common

Commit Description
fix - c4b5fa3c92 escape CSS string-terminating characters in escapeCssUrl
fix - dfff57ede9 Limits date format string length
fix - 3c2892c8df prevent prototype pollution in formatDateTime
fix - 1d87c49f6e use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - 1ee224ca30 disallow i18n event attributes
fix - a56f1cdf8f more robust logic to check if regex can be optimized
fix - 5946c18275 sanitize href/xlink:href attributes of any element of the MathML namespace
fix - 393b84caf8 sanitize two-way properties

compiler-cli

Commit Description
fix - 3d9ca2f173 bind switch exhaustive check expressions

core

... (truncated)

Changelog

Sourced from @​angular/forms's changelog.

22.0.2 (2026-06-17)

common

Commit Type Description
94ea403563 fix escape anchor fragment in shadow DOM name selector
6c1f3e9d49 fix skip transfer cache for uncacheable HTTP traffic (#69316)

compiler

Commit Type Description
6f1171991a fix restrict possible event handler check to property names longer than 2 characters

core

Commit Type Description
528a34f766 fix avoid caching missing locale data
e17e8d5422 fix escape overlapping comment delimiters in escapeCommentText
59dea13f80 fix guard against DOM clobbering in declareExperimentalWebMcpTool
3a48abc15c fix preserve leave animation for sibling instances sharing a TNode
93d0a5f95c fix prevent unsubscribe during emit from throwing off other listeners
b32ee7ceb3 fix treat iframe credentialless as security-sensitive
f902d1d35e perf detect existing signal dependency without checking all producer links

http

Commit Type Description
6867f77ec7 fix distinguish repeated transfer cache params
7ef1399068 fix skip transfer cache for fetch credentialed requests (#69316)

migrations

Commit Type Description
15314c1736 fix migration skip any target are not build or test

22.1.0-next.0 (2026-06-10)

Deprecations

http

  • HttpClient.jsonp, HttpClientJsonpModule, and related JSONP classes/functions are deprecated. Use standard HTTP requests instead.

common

Commit Type Description
1ad6824d0d fix skip transfer cache for uncacheable HTTP traffic (#69017)

compiler

Commit Type Description
25c744c4d0 fix support foreign components defined outside top-level scope

compiler-cli

Commit Type Description
aeb55c8bc1 fix allow passing uninvoked signals as foreign component props
7c60a98b3c fix support import aliases in foreignImports (#68674)

... (truncated)

Commits
  • 3f05543 refactor(forms): fix initWebMcpForm description to be required
  • 11836a6 fix(forms): delay mcp reading the form model by a tick
  • e51ad37 fix(forms): remove animationstart listener on component destroy to prevent me...
  • 85d2d10 fix(forms): harden FormGroup control lookups against prototype shadowing
  • cdcea80 fix(core): require WebMCP tool descriptions
  • 55b7b5a fix(forms): set additionalProperties: false on generated WebMCP form
  • e81c7e8 refactor(forms): type built-in getError results
  • eb600aa refactor(forms): mark date and limit signal forms APIs public
  • a97d5ec build: update minimum supported Node.js versions
  • 3b4ef1e perf(forms): avoid redundant invalidations in parser errors signal
  • Additional commits viewable in compare view

Updates @angular/material from 19.0.2 to 22.0.2

Release notes

Sourced from @​angular/material's releases.

22.0.2

material

Commit Description
fix - fb4478bff3 bottom-sheet: ensure animation event comes from container
fix - e4f7f3498b chips: correct focus management on chip destruction (#33329)
fix - 766b7aceee chips: wrong padding when chip only has edit icon (#33407)
fix - ebca801ee5 grid-list: always validate colspan
fix - 30942bcd36 stepper: validate animation durations

cdk

Commit Description
fix - e8f3419060 layout: avoid CSS injection attacks in media matcher
fix - 9dc2b2b2ed platform: account for composedPath error during event replay (#33409)

multiple

Commit Description
fix - 2995797ded improve dark theme visibility in menu, overlay, and portal examples (#33367)

22.0.1

youtube-player

Commit Description
fix - d75a22d69 avoid errors with clobbered variables
fix - fe0a96ce6 validate ID before attaching them to placeholder

material

Commit Description
fix - d7a8cb963 dialog: ignore clicks on aria-disabled close buttons (#33373)
fix - bde3c7621 timepicker: do not allow intervals less than a second (#33354)

cdk

Commit Description
fix - 629aea403 a11y: avoid prototype conflicts in id generator (#33356)
fix - 49aeb676c clipboard: avoid infinite attempt loop (#33366)

aria

Commit Description
fix - 7581b0592 combobox: avoid error for synthetic events (#33360)
fix - 1c4706155 combobox: prevent re-dispatching keyboard event on control target change (#33362)
fix - 96e9ce10c tree: recursive textDirection getter (#33337)

22.0.0

aria

Commit Description
feat - d91f46b4c accordion: introduce accordion harness (#33046)
feat - e3d84f2e0 combobox: add test harnesses (#33194)
feat - 0ca47b4a0 combobox: migrate simple-combobox directly into primary entrypoints (#33206)
feat - 6ec07bc0c grid: add test harnesses (#33081)

... (truncated)

Changelog

Sourced from @​angular/material's changelog.

22.0.2 "plastic lion" (2026-06-17)

cdk

Commit Type Description
e8f3419060 fix layout: avoid CSS injection attacks in media matcher
9dc2b2b2ed fix platform: account for composedPath error during event replay (#33409)

material

Commit Type Description
fb4478bff3 fix bottom-sheet: ensure animation event comes from container
e4f7f3498b fix chips: correct focus management on chip destruction (#33329)
766b7aceee fix chips: wrong padding when chip only has edit icon (#33407)
ebca801ee5 fix grid-list: always validate colspan
30942bcd36 fix stepper: validate animation durations

multiple

Commit Type Description
2995797ded fix improve dark theme visibility in menu, overlay, and portal examples (#33367)

22.1.0-next.0 "argon-pineapple" (2026-06-10)

No user facing changes in this release

22.0.1 "argon-apple" (2026-06-10)

aria

Commit Type Description
7581b0592 fix combobox: avoid error for synthetic events (#33360)
1c4706155 fix combobox: prevent re-dispatching keyboard event on control target change (#33362)
96e9ce10c fix tree: recursive textDirection getter (#33337)

cdk

Commit Type Description
629aea403 fix a11y: avoid prototype conflicts in id generator (#33356)
49aeb676c fix clipboard: avoid infinite attempt loop (#33366)

material

Commit Type Description
d7a8cb963 fix dialog: ignore clicks on aria-disabled close buttons (#33373)
bde3c7621 fix timepicker: do not allow intervals less than a second (#33354)

youtube-player

Commit Type Description
d75a22d69 fix avoid errors with clobbered variables
fe0a96ce6 fix validate ID before attaching them to placeholder

... (truncated)

Commits
  • 9b9d0ea release: cut the v22.0.2 release
  • 7b54e95 build: update cross-repo angular dependencies (#33398)
  • b77a829 docs(google-maps): Document the behavior of using the clusterClick output in ...
  • 605f200 build: update pnpm to v10.34.3 (#33392)
  • 0309150 build: lock file maintenance (#33406)
  • 9dc2b2b fix(cdk/platform): account for composedPath error during event replay (#33409)
  • 766b7ac fix(material/chips): wrong padding when chip only has edit icon (#33407)
  • f7170b9 build: fix build failure (#33408)
  • e4f7f34 fix(material/chips): correct focus management on chip destruction (#33329)
  • 9ad7964 build: update review config (#33394)
  • Additional commits viewable in compare view

Updates @angular/platform-browser from 19.0.3 to 22.0.2

Release notes

Sourced from @​angular/platform-browser's releases.

22.0.2

common

Commit Description
fix - 94ea403563 escape anchor fragment in shadow DOM name selector
Description has been truncated

@dependabot
Bump @angular/common, @angular/cdk, @angular/forms, @angular/material…
df2dbba 
…, @angular/platform-browser, @angular/platform-browser-dynamic and @angular/router

Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common), [@angular/cdk](https://github.com/angular/components), [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms), [@angular/material](https://github.com/angular/components), [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser), [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) and [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router). These dependencies needed to be updated together.

Updates `@angular/common` from 19.2.16 to 22.0.2
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.2/packages/common)

Updates `@angular/cdk` from 19.0.2 to 22.0.2
- [Release notes](https://github.com/angular/components/releases)
- [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md)
- [Commits](angular/components@19.0.2...v22.0.2)

Updates `@angular/forms` from 19.0.3 to 22.0.2
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.2/packages/forms)

Updates `@angular/material` from 19.0.2 to 22.0.2
- [Release notes](https://github.com/angular/components/releases)
- [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md)
- [Commits](angular/components@19.0.2...v22.0.2)

Updates `@angular/platform-browser` from 19.0.3 to 22.0.2
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.2/packages/platform-browser)

Updates `@angular/platform-browser-dynamic` from 19.0.3 to 22.0.2
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.2/packages/platform-browser-dynamic)

Updates `@angular/router` from 19.0.3 to 22.0.2
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.2/packages/router)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 22.0.2
  dependency-type: direct:production
- dependency-name: "@angular/cdk"
  dependency-version: 22.0.2
  dependency-type: direct:production
- dependency-name: "@angular/forms"
  dependency-version: 22.0.2
  dependency-type: direct:production
- dependency-name: "@angular/material"
  dependency-version: 22.0.2
  dependency-type: direct:production
- dependency-name: "@angular/platform-browser"
  dependency-version: 22.0.2
  dependency-type: direct:production
- dependency-name: "@angular/platform-browser-dynamic"
  dependency-version: 22.0.2
  dependency-type: direct:production
- dependency-name: "@angular/router"
  dependency-version: 22.0.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants