Skip to content

chore(deps): update angular-cli monorepo to v21.2.5 #2382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 2 commits into
base: master
Choose a base branch
from
+79 −76
Open

chore(deps): update angular-cli monorepo to v21.2.5 #2382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e9fa1e0
chore(deps): update angular-cli monorepo to v21.2.5
renovate[bot] Mar 27, 2026
260707c
(update): known issues
iamfrankiemoran Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@
"@angular-eslint/eslint-plugin-template": "21.3.1",
"@angular-eslint/schematics": "21.3.1",
"@angular-eslint/template-parser": "21.3.1",
"@angular/build": "21.2.3",
"@angular/build": "21.2.5",
"@angular/cli": "^21.1.3",
"@angular/compiler-cli": "^21.1.3",
"@cypress/grep": "^6.0.0",
Expand Down
12 changes: 4 additions & 8 deletions yarn-audit-known-issues
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
{"value":"@angular/ssr","children":{"ID":1113509,"Issue":"Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline","URL":"https://github.com/advisories/GHSA-x288-3778-4hhx","Severity":"critical","Vulnerable Versions":">=21.0.0-next.0 <21.1.5","Tree Versions":["21.1.4"],"Dependents":["opal-frontend@workspace:."]}}
{"value":"@angular/ssr","children":{"ID":1113513,"Issue":"Angular SSR has an Open Redirect via X-Forwarded-Prefix","URL":"https://github.com/advisories/GHSA-xh43-g2fq-wjrj","Severity":"moderate","Vulnerable Versions":">=21.0.0-next.0 <21.1.5","Tree Versions":["21.1.4"],"Dependents":["opal-frontend@workspace:."]}}
{"value":"@angular/ssr","children":{"ID":1115053,"Issue":"Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR","URL":"https://github.com/advisories/GHSA-vfx2-hv2g-xj5f","Severity":"moderate","Vulnerable Versions":">=21.0.0-next.0 <21.2.3","Tree Versions":["21.1.4"],"Dependents":["opal-frontend@workspace:."]}}
{"value":"ajv","children":{"ID":1113715,"Issue":"ajv has ReDoS when using `$data` option","URL":"https://github.com/advisories/GHSA-2g4f-4pwh-qvx6","Severity":"moderate","Vulnerable Versions":">=7.0.0-alpha.0 <8.18.0","Tree Versions":["8.17.1"],"Dependents":["schema-utils@npm:4.3.3"]}}
{"value":"minimatch","children":{"ID":1113459,"Issue":"minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern","URL":"https://github.com/advisories/GHSA-3ppc-4f35-3m26","Severity":"high","Vulnerable Versions":"<3.1.3","Tree Versions":["3.1.2"],"Dependents":["find-cypress-specs@npm:1.47.2"]}}
{"value":"minimatch","children":{"ID":1113465,"Issue":"minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern","URL":"https://github.com/advisories/GHSA-3ppc-4f35-3m26","Severity":"high","Vulnerable Versions":">=9.0.0 <9.0.6","Tree Versions":["9.0.5"],"Dependents":["mocha@npm:11.7.5"]}}
Expand All @@ -10,15 +7,14 @@
{"value":"minimatch","children":{"ID":1113546,"Issue":"minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions","URL":"https://github.com/advisories/GHSA-23c5-xmqv-rm74","Severity":"high","Vulnerable Versions":"<3.1.4","Tree Versions":["3.1.2"],"Dependents":["find-cypress-specs@npm:1.47.2"]}}
{"value":"minimatch","children":{"ID":1113552,"Issue":"minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions","URL":"https://github.com/advisories/GHSA-23c5-xmqv-rm74","Severity":"high","Vulnerable Versions":">=9.0.0 <9.0.7","Tree Versions":["9.0.5"],"Dependents":["mocha@npm:11.7.5"]}}
{"value":"minimatch","children":{"ID":1113553,"Issue":"minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions","URL":"https://github.com/advisories/GHSA-23c5-xmqv-rm74","Severity":"high","Vulnerable Versions":">=10.0.0 <10.2.3","Tree Versions":["10.2.2"],"Dependents":["glob@npm:13.0.6"]}}
{"value":"picomatch","children":{"ID":1115382,"Issue":"Picomatch has a ReDoS vulnerability via extglob quantifiers","URL":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","Severity":"high","Vulnerable Versions":"<2.3.2","Tree Versions":["2.3.1"],"Dependents":["micromatch@npm:4.0.8"]}}
{"value":"picomatch","children":{"ID":1115384,"Issue":"Picomatch has a ReDoS vulnerability via extglob quantifiers","URL":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","Severity":"high","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.2"],"Dependents":["tinyglobby@npm:0.2.10"]}}
{"value":"picomatch","children":{"ID":1115394,"Issue":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","URL":"https://github.com/advisories/GHSA-3v7f-55p6-f55p","Severity":"moderate","Vulnerable Versions":"<2.3.2","Tree Versions":["2.3.1"],"Dependents":["micromatch@npm:4.0.8"]}}
{"value":"picomatch","children":{"ID":1115396,"Issue":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","URL":"https://github.com/advisories/GHSA-3v7f-55p6-f55p","Severity":"moderate","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.2"],"Dependents":["tinyglobby@npm:0.2.10"]}}
{"value":"picomatch","children":{"ID":1115490,"Issue":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","URL":"https://github.com/advisories/GHSA-3v7f-55p6-f55p","Severity":"moderate","Vulnerable Versions":"<2.3.2","Tree Versions":["2.3.1"],"Dependents":["micromatch@npm:4.0.8"]}}
{"value":"picomatch","children":{"ID":1115492,"Issue":"Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching","URL":"https://github.com/advisories/GHSA-3v7f-55p6-f55p","Severity":"moderate","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.2"],"Dependents":["tinyglobby@npm:0.2.10"]}}
{"value":"picomatch","children":{"ID":1115493,"Issue":"Picomatch has a ReDoS vulnerability via extglob quantifiers","URL":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","Severity":"high","Vulnerable Versions":"<2.3.2","Tree Versions":["2.3.1"],"Dependents":["micromatch@npm:4.0.8"]}}
{"value":"picomatch","children":{"ID":1115495,"Issue":"Picomatch has a ReDoS vulnerability via extglob quantifiers","URL":"https://github.com/advisories/GHSA-c2c7-rcm5-vvqj","Severity":"high","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.2"],"Dependents":["tinyglobby@npm:0.2.10"]}}
{"value":"serialize-javascript","children":{"ID":1113686,"Issue":"Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()","URL":"https://github.com/advisories/GHSA-5c6j-r48x-rmvq","Severity":"high","Vulnerable Versions":"<=7.0.2","Tree Versions":["6.0.2"],"Dependents":["mocha@npm:11.7.5"]}}
{"value":"undici","children":{"ID":1114591,"Issue":"Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client","URL":"https://github.com/advisories/GHSA-f269-vfmq-vjvj","Severity":"high","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}}
{"value":"undici","children":{"ID":1114593,"Issue":"Undici has an HTTP Request/Response Smuggling issue","URL":"https://github.com/advisories/GHSA-2mjp-6q6p-2qxm","Severity":"moderate","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}}
{"value":"undici","children":{"ID":1114637,"Issue":"Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression","URL":"https://github.com/advisories/GHSA-vrm6-8vpv-qv8q","Severity":"high","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}}
{"value":"undici","children":{"ID":1114639,"Issue":"Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation","URL":"https://github.com/advisories/GHSA-v9p9-hfj2-hcw8","Severity":"high","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}}
{"value":"undici","children":{"ID":1114641,"Issue":"Undici has CRLF Injection in undici via `upgrade` option","URL":"https://github.com/advisories/GHSA-4992-7rv2-5pvq","Severity":"moderate","Vulnerable Versions":">=7.0.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}}
{"value":"undici","children":{"ID":1114643,"Issue":"Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS","URL":"https://github.com/advisories/GHSA-phc3-fgpg-7m6h","Severity":"moderate","Vulnerable Versions":">=7.17.0 <7.24.0","Tree Versions":["7.22.0"],"Dependents":["@actions/http-client@npm:2.2.3"]}}
{"value":"yaml","children":{"ID":1115369,"Issue":"yaml is vulnerable to Stack Overflow via deeply nested YAML collections","URL":"https://github.com/advisories/GHSA-48c2-rrv3-qjmp","Severity":"moderate","Vulnerable Versions":">=2.0.0 <2.8.3","Tree Versions":["2.4.5"],"Dependents":["@cucumber/cucumber@npm:12.2.0"]}}
Loading
Loading