deps(web): bump @angular/core from 21.0.6 to 21.1.6 in /web

[dependabot]

Bumps @angular/core from 21.0.6 to 21.1.6.

Release notes

Sourced from @​angular/core's releases.

21.1.6

common

Commit	Description
	fix LCP image detection with duplicate URLs

compiler-cli

Commit	Description
	detect uninvoked functions in defer trigger expressions

core

Commit	Description
	block creation of sensitive URI attributes from ICU messages

Breaking Changes

core

• Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

  (cherry picked from commit 306f367899dfc2e04238fecd3455547b5d54075d)

21.1.5

No user facing changes in this release

21.1.4

compiler

Commit	Description
	add geolocation element to schema

core

Commit	Description
	capture animation dependencies eagerly to avoid destroyed injector
	Fix flakey test due to document injection

forms

Commit	Description
	support signal-based schemas in validateStandardSchema

http

Commit	Description
	correctly parse ArrayBuffer and Blob in transfer cache

21.1.3

core

Commit	Description
	linkedSignal.update should propagate errors
	export DirectiveWithBindings
	hold constructors weakly in DepsTracker cache
	prevent element duplication with dynamic components

forms

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.1.6 (2026-02-25)

Breaking Changes

core

• Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

  (cherry picked from commit 306f367899dfc2e04238fecd3455547b5d54075d)

common

Commit	Type	Description
31d3d56496	fix	fix LCP image detection with duplicate URLs

compiler-cli

Commit	Type	Description
24b578ce90	fix	detect uninvoked functions in defer trigger expressions

core

Commit	Type	Description
b858309532	fix	block creation of sensitive URI attributes from ICU messages

21.1.5 (2026-02-18)

No user facing changes in this release

21.1.4 (2026-02-11)

compiler

Commit	Type	Description
caab23dfe6	fix	add geolocation element to schema

core

Commit	Type	Description
2b99eaa019	fix	capture animation dependencies eagerly to avoid destroyed injector
d6aeac504c	fix	Fix flakey test due to document injection

forms

Commit	Type	Description
0d1acd0165	feat	support signal-based schemas in validateStandardSchema

http

Commit	Type	Description
3905015ccc	fix	correctly parse ArrayBuffer and Blob in transfer cache

... (truncated)

Commits

• b858309 fix(core): block creation of sensitive URI attributes from ICU messages
• a8dcb28 refactor(core): remove outdated TODO comments
• 31d3d56 fix(common): fix LCP image detection with duplicate URLs
• 866da08 docs: add new debugging and troubleshooting di guide
• 58eba77 refactor(core): remove outdated TODO comments referencing TypeScript 2.1
• 9c3022d refactor(platform-server): split zone/zoneless tests.
• 7150df2 build: update cross-repo angular dependencies to v21.1.4
• 2b99eaa fix(core): capture animation dependencies eagerly to avoid destroyed injector
• d9ec23e test: add test about mapped attributes to input
• 6c14e3a build: update Jasmine to 6.0.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Labels

The following labels could not be found: web. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

📊 Benchmark Results

Benchmark	Time	Throughput

arena

| | 10.642 ns | - |
| | 5.4885 ns | - |
| | 407.71 ns | - |
| | 373.16 ns | - |
| | 627.40 ns | - |
| | 42.461 ns | - |
| | 643.87 ns | - |
| | 69.704 ns | - |
| | | - |
| | | - |
| | 376.77 ns | - |
| | 40.597 ns | - |
| | | - |
| | | - |
| | | - |
| | | - |
| | 48.554 ns | - |
| | 50.149 ns | - |

body

| | 22.024 ns | - |
| | 60.863 ns | - |
| | 21.889 ns | - |
| | 863.51 ps | - |
| | 47.051 ns | - |
| | 21.911 ns | - |
| | 113.27 ns | - |
| | 85.843 ns | - |
| | 47.874 ns | - |
| | 41.605 ns | - |
| | 52.913 ns | - |
| | 29.662 ns | - |
| | 133.16 ns | - |
| | 863.67 ps | - |
| | 67.288 ns | - |
| | 35.769 ns | - |
| | 118.42 ns | - |
| | 91.268 ns | - |
| | 16.126 ns | - |
| | 16.126 ns | - |
| | 16.125 ns | - |

json

| json_info/library_check | 288.17 ps | - |
| json_serialize/small | 53.631 ns | - |
| json_serialize/medium | 292.78 ns | - |
| json_serialize/large | | - |
| json_deserialize/small | 110.19 ns | - |
| json_deserialize/medium | 986.64 ns | - |
| json_deserialize/large | | - |
| json_roundtrip/small | 173.40 ns | - |
| json_roundtrip/medium | | - |
| json_roundtrip/large | | - |
| http_json/request_parse | | - |
| http_json/response_json | 400.58 ns | - |
| http_json/full_cycle | | - |

routing

| | 36.344 ns | - |
| | 96.356 ns | - |
| | 198.46 ns | - |
| | 197.38 ns | - |
| | 111.72 ns | - |
| | 1.3509 ns | - |
| | 288.22 ps | - |
| | 117.44 ns | - |
| | 300.83 ns | - |
| | | - |
| | 160.25 ns | - |
| | 30.567 ns | - |
| | 206.04 ns | - |
| | | - |
| | 59.644 ns | - |
| | 388.84 ns | - |
| | | - |
| routing/match_first/10 | 95.959 ns | - |
| routing/match_middle/10 | 265.06 ns | - |
| routing/match_last/10 | 266.78 ns | - |
| | 181.67 ns | - |
| routing/match_first/50 | 95.589 ns | - |
| routing/match_middle/50 | 820.19 ns | - |
| routing/match_last/50 | 263.89 ns | - |
| | | - |
| routing/match_first/100 | 97.936 ns | - |
| | 704.63 ns | - |
| routing/match_last/100 | 970.90 ns | - |
| | | - |
| routing/match_first/500 | 96.330 ns | - |
| | 655.81 ns | - |
| routing/match_last/500 | 902.95 ns | - |
| | | - |
| | 288.05 ps | - |
| | 31.578 ns | - |
| | 344.91 ns | - |
| | 149.55 ns | - |
| | 303.94 ns | - |
| | 327.05 ns | - |
| | 16.509 ns | - |
| | 29.376 ns | - |
| | 163.33 ns | - |
| | 178.92 ns | - |
| | 311.08 ns | - |
| | 526.39 ns | - |
| | 937.62 ns | - |
| full_cycle/health_check | 672.37 ns | - |
| | | - |
| | | - |
| | 10.397 ns | - |
| | 10.198 ns | - |
| allocations/vec_small | 9.6130 ns | - |
| allocations/vec_large | 21.654 ns | - |
| | 56.189 ns | - |
| | | - |

security

| jwt/sign | 801.36 ns | - |
| jwt/verify | | - |
| jwt/sign_HS256 | 807.67 ns | - |
| jwt/sign_HS384 | | - |
| jwt/sign_HS512 | | - |

simd_parser

| query_string/small/simd | 193.74 ns | - |
| | 173.99 ns | - |
| | 636.50 ns | - |
| | 951.92 ns | - |
| query_string/large/simd | | - |
| | | - |
| url_decode/plain/simd | 24.174 ns | - |
| url_decode/encoded/simd | 62.333 ns | - |
| | 86.283 ns | - |
| | 5.1956 ns | - |
| | 13.920 ns | - |
| | 4.3370 ns | - |
| | 10.726 ns | - |
| | 88.481 ns | - |
| | 88.544 ns | - |
| | 106.48 ns | - |
| path_split/short/simd | 36.360 ns | - |
| path_split/medium/simd | 125.84 ns | - |
| path_split/long/simd | 209.38 ns | - |
| | 128.45 ns | - |
| | 442.84 ns | - |

Summary

• Commit: 69955e2148ac8bd38f59b9e79150954b5ea0c9c0
• Branch: 144/merge
• Runner: Linux

---

Benchmark run triggered by commit 69955e2

[dependabot]

Superseded by #154.