Skip to content

chore(deps): bump the angular-framework group in /booklore-ui with 13 updates#80

Merged
github-actions[bot] merged 1 commit into
developfrom
dependabot/npm_and_yarn/booklore-ui/angular-framework-34e461462d
May 14, 2026
Merged

chore(deps): bump the angular-framework group in /booklore-ui with 13 updates#80
github-actions[bot] merged 1 commit into
developfrom
dependabot/npm_and_yarn/booklore-ui/angular-framework-34e461462d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the angular-framework group in /booklore-ui with 13 updates:

Package From To
@angular/animations 21.2.12 21.2.13
@angular/cdk 21.2.10 21.2.11
@angular/common 21.2.12 21.2.13
@angular/compiler 21.2.12 21.2.13
@angular/core 21.2.12 21.2.13
@angular/forms 21.2.12 21.2.13
@angular/platform-browser 21.2.12 21.2.13
@angular/platform-browser-dynamic 21.2.12 21.2.13
@angular/router 21.2.12 21.2.13
@angular/service-worker 21.2.12 21.2.13
@angular/build 21.2.10 21.2.11
@angular/cli 21.2.10 21.2.11
@angular/compiler-cli 21.2.12 21.2.13

Updates @angular/animations from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/animations's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/animations's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits

Updates @angular/cdk from 21.2.10 to 21.2.11

Release notes

Sourced from @​angular/cdk's releases.

21.2.11

No user facing changes in this release

Changelog

Sourced from @​angular/cdk's changelog.

21.2.11 "crystal ball" (2026-05-13)

No user facing changes in this release

22.0.0-next.8 "plastic-wallaby" (2026-05-06)

Breaking Changes

aria

  • The legacy combobox and autocomplete implementations have been removed. Use the new standalone combobox instead.

    • feat(aria/combobox): promote simple-combobox to stable un-prefixed combobox
    • Relocates public, private, and example directories to clean combobox entry points.
    • Renames internal layout symbols, selectors, and uppercase tokens (SIMPLE_COMBOBOX_POPUP -> COMBOBOX_POPUP).
    • Establishes full documentation extraction parity with the json_api Bazel rule target.
    • Standardizes the accompanying toolbar component showcase into the clean aria-toolbar path.
    • Re-routes dev-app navigation links and migrates public API golden records.

  • SimpleCombobox has been promoted to Combobox. All simple-combobox prefixed symbols, selectors, and tokens have been renamed to use the combobox prefix.

    • refactor(aria/combobox): relocate and restructure autocomplete and toolbar examples Relocate the autocomplete examples to src/components-examples/aria/autocomplete and toolbar examples to src/components-examples/aria/toolbar.
    • Restore naming continuity with the historical codebase by stripping redundant prefixes from example filenames and component selectors.
    • Sync dev-app preview routing layout paths and strict Bazel target dependency links.

cdk

    • CDK_DESCRIBEDBY_HOST_ATTRIBUTE has been removed.
    • CDK_DESCRIBEDBY_ID_PREFIX has been removed.
    • The injector parameter of the ConfigurableFocusTrap and FocusTrap constructors is now required.
    • The boolean parameter of ConfigurableFocusTrapFactory.create has been replaced with a config object.
    • MESSAGES_CONTAINER_ID has been removed.
    • The event parameter of DropListRef.drop is now required.
    • ContextMenuTracker has been renamed to MenuTracker.

material

    • MatListOption.checkboxPosition has been removed. use togglePosition instead.
    • MatListOptionCheckboxPosition has been renamed to MatListOptionTogglePosition.
    • ArrowViewState has been removed.
    • ArrowViewStateTransition has been removed.

google-maps

Commit Type Description
b8201edee fix deprecate heatmap layer (#33208)

material

Commit Type Description
add8f16c0 fix list: breaking changes for v22
9d73c98b5 fix menu: missing panelClass getter (#33191)
75718e4fb fix sort: breaking changes for v22

cdk

Commit Type Description

... (truncated)

Commits

Updates @angular/common from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/common's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/common's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits

Updates @angular/compiler from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/compiler's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/compiler's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits
  • baf92da test: remove invalid css that was causing issues with the postcss parser
  • 1c6553e fix(core): disallow event attribute bindings in host bindings unconditionally
  • See full diff in compare view

Updates @angular/core from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/core's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/core's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits
  • 1c6553e fix(core): disallow event attribute bindings in host bindings unconditionally
  • See full diff in compare view

Updates @angular/forms from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/forms's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/forms's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits

Updates @angular/platform-browser from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/platform-browser's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/platform-browser's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits

Updates @angular/platform-browser-dynamic from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/platform-browser-dynamic's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/platform-browser-dynamic's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits

Updates @angular/router from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/router's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/router's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits

Updates @angular/service-worker from 21.2.12 to 21.2.13

Release notes

Sourced from @​angular/service-worker's releases.

21.2.13

core

Commit Description
fix - 1c6553e97d disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Description
fix - 629905d537 add allowedHosts option to renderModule and renderApplication
fix - 0b7192f441 forward BEFORE_APP_SERIALIZED errors to ErrorHandler
Changelog

Sourced from @​angular/service-worker's changelog.

21.2.13 (2026-05-13)

core

Commit Type Description
1c6553e97d fix disallow event attribute bindings in host bindings unconditionally

platform-server

Commit Type Description
629905d537 fix add allowedHosts option to renderModule and renderApplication
0b7192f441 fix forward BEFORE_APP_SERIALIZED errors to ErrorHandler

19.2.22 (2026-05-12)

core

Commit Type Description
83a640516f fix disallow event attribute bindings in host bindings unconditionally (#68469)
24a0103a98 fix validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Type Description
8569db8875 fix add allowedHosts option to renderModule and renderApplication
837a710217 fix ensure origin has a trailing slash when parsing url (#68469)

20.3.21 (2026-05-12)

platform-server

Commit Type Description
f584840e2e fix add allowedHosts option to renderModule and renderApplication

22.0.0-next.12 (2026-05-08)

core

Commit Type Description
8ebae1de33 fix allow service with factory on abstract classes
6f525245cd fix disallow event attribute bindings in host bindings unconditionally

migrations

Commit Type Description
0f2160c410 fix remove compiler import from safe optional chaining migration

platform-server

| Commit | Type | Description |

... (truncated)

Commits

Updates @angular/build from 21.2.10 to 21.2.11

Release notes

Sourced from @​angular/build's releases.

21.2.11

@​angular/cli

Commit Description
fix - bbd63b7a5 robustly parse npm manifest from array

@​angular/ssr

Commit Description
fix - eafe1a719 allow all hosts in common engine rendering options to prevent validation errors
fix - 7a116a80d remove stateful flag from URL_PARAMETER_REGEXP
Changelog

Sourced from @​angular/build's changelog.

21.2.11 (2026-05-13)

@​angular/cli

Commit Type Description
bbd63b7a5 fix robustly parse npm manifest from array

@​angular/ssr

Commit Type Description
eafe1a719 fix allow all hosts in common engine rendering options to prevent validation errors
7a116a80d fix remove stateful flag from URL_PARAMETER_REGEXP

20.3.26 (2026-05-13)

@​angular/ssr

Commit Type Description
7cc1871ee fix allow all hosts in common engine rendering options to prevent validation errors

19.2.26 (2026-05-13)

@​angular/ssr

Commit Type Description
842fee029 fix allow all hosts in common engine rendering options to prevent validation errors

Commits
  • 00e3663 release: cut the v21.2.11 release
  • eafe1a7 fix(@​angular/ssr): allow all hosts in common engine rendering options to prev...
  • 7a116a8 fix(@​angular/ssr): remove stateful flag from URL_PARAMETER_REGEXP
  • a7705fb build: update cross-repo angular dependencies
  • 453ed5b build: update github/codeql-action action to v4.35.4
  • f0f9b2d refactor(@​angular/cli): add validation and logging to npm manifest parsing
  • bbd63b7 fix(@​angular/cli): robustly parse npm manifest from array
  • See full diff in compare view

Updates @angular/cli from 21.2.10 to 21.2.11

Release notes

Sourced from @​angular/cli's releases.

21.2.11

@​angular/cli

Commit De...

Description has been truncated

@dependabot
chore(deps): bump the angular-framework group
93b2496 
Bumps the angular-framework group in /booklore-ui with 13 updates:

| Package | From | To |
| --- | --- | --- |
| [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `21.2.12` | `21.2.13` |
| [@angular/cdk](https://github.com/angular/components) | `21.2.10` | `21.2.11` |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `21.2.12` | `21.2.13` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `21.2.12` | `21.2.13` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.2.12` | `21.2.13` |
| [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `21.2.12` | `21.2.13` |
| [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `21.2.12` | `21.2.13` |
| [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `21.2.12` | `21.2.13` |
| [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `21.2.12` | `21.2.13` |
| [@angular/service-worker](https://github.com/angular/angular/tree/HEAD/packages/service-worker) | `21.2.12` | `21.2.13` |
| [@angular/build](https://github.com/angular/angular-cli) | `21.2.10` | `21.2.11` |
| [@angular/cli](https://github.com/angular/angular-cli) | `21.2.10` | `21.2.11` |
| [@angular/compiler-cli](https://github.com/angular/angular/tree/HEAD/packages/compiler-cli) | `21.2.12` | `21.2.13` |


Updates `@angular/animations` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/animations)

Updates `@angular/cdk` from 21.2.10 to 21.2.11
- [Release notes](https://github.com/angular/components/releases)
- [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md)
- [Commits](angular/components@v21.2.10...v21.2.11)

Updates `@angular/common` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/common)

Updates `@angular/compiler` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/compiler)

Updates `@angular/core` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/core)

Updates `@angular/forms` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/forms)

Updates `@angular/platform-browser` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/platform-browser)

Updates `@angular/platform-browser-dynamic` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/platform-browser-dynamic)

Updates `@angular/router` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/router)

Updates `@angular/service-worker` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/service-worker)

Updates `@angular/build` from 21.2.10 to 21.2.11
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@v21.2.10...v21.2.11)

Updates `@angular/cli` from 21.2.10 to 21.2.11
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@v21.2.10...v21.2.11)

Updates `@angular/compiler-cli` from 21.2.12 to 21.2.13
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.13/packages/compiler-cli)

---
updated-dependencies:
- dependency-name: "@angular/animations"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/cdk"
  dependency-version: 21.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/common"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/core"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/forms"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/platform-browser"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/platform-browser-dynamic"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/router"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/service-worker"
  dependency-version: 21.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/build"
  dependency-version: 21.2.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/cli"
  dependency-version: 21.2.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: angular-framework
- dependency-name: "@angular/compiler-cli"
  dependency-version: 21.2.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: angular-framework
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions github-actions Bot added the dependabot:automerge Dependabot PR is approved for unattended merge after CI label May 14, 2026
@github-actions

github-actions Bot commented May 14, 2026

Copy link
Copy Markdown
Contributor

Backend Test Results

  499 files  ±0    499 suites  ±0   2m 35s ⏱️ ±0s
3 561 tests ±0  3 546 ✅ ±0  15 💤 ±0  0 ❌ ±0 
3 618 runs  ±0  3 603 ✅ ±0  15 💤 ±0  0 ❌ ±0 

Results for commit 93b2496. ± Comparison against base commit b133183.

@github-actions

github-actions Bot commented May 14, 2026

Copy link
Copy Markdown
Contributor

Frontend Test Results

736 tests  ±0   736 ✅ ±0   20s ⏱️ ±0s
 65 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 93b2496. ± Comparison against base commit b133183.

@github-actions github-actions Bot merged commit 88bcb92 into develop May 14, 2026
9 of 10 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/booklore-ui/angular-framework-34e461462d branch May 14, 2026 17:02
opensourcefan added a commit that referenced this pull request May 31, 2026
@opensourcefan
fix: resolve 19 CodeQL security alerts (ReDoS, workflow permissions, …
8939b42 
…stack trace exposure, clear-text storage)

- Workflow permissions: add contents: read to 7 jobs across master/develop/tag/migrations pipelines (#1-5, #76-77)
- ReDoS prevention: add input length guards (500-1000 chars) before regex operations in FilenamePatternExtractor, ComicvineBookParser, OidcDiagnosticService, BookUtils (#91-99, #137)
- Stack trace exposure: sanitize _load_error in AI panel /v1/status endpoint (#6)
- Clear-text storage: move isDefaultPassword from localStorage to sessionStorage (#80)

Backend tests: all pass (0 failures across 200+ test classes)
opensourcefan added a commit that referenced this pull request May 31, 2026
@opensourcefan
fix: add sessionStorage cleanup to auth service tests
97199de 
The isDefaultPassword flag was moved from localStorage to sessionStorage
for security (#80). The test setup only cleared localStorage, causing
the 'clears stale persisted auth state' test to fail because stale
sessionStorage values leaked between tests.
opensourcefan added a commit that referenced this pull request May 31, 2026
@opensourcefan
fix: critical regression - resolveInitialInternalAccessToken and clea…
ec022d2 
…rStoredSessionData still reading isDefaultPassword from localStorage instead of sessionStorage

The original fix for alert #80 moved isDefaultPassword storage from localStorage
to sessionStorage in saveInternalTokens() and getInternalDefaultPassword(), but
two methods were missed:

1. resolveInitialInternalAccessToken() used this.readStoredBoolean() which reads
   from localStorage — would always return null, causing users to be logged out
   on every page refresh.

2. clearStoredSessionData() used localStorage.removeItem() — stale flag left
   behind on logout.

Both now correctly use sessionStorage.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot:automerge Dependabot PR is approved for unattended merge after CI dependencies frontend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants