Bump serialize-javascript and @angular-devkit/build-angular

[dependabot]

Bumps serialize-javascript to 7.0.5 and updates ancestor dependency @angular-devkit/build-angular. These dependencies need to be updated together.

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

• Improve robustness and validation for array-like object serialization.
• Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

• release: v7.0.4 by @​okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

• fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
• build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

---

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

• ci: bump GitHub Actions to latest versions by @​okuryu in yahoo/serialize-javascript#203
• ci: setup trusted publishing workflow by @​okuryu in yahoo/serialize-javascript#204
• release: v7.0.2 by @​okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

• Add warning about using this package to send arbitrary data to worker threads by @​valadaptive in yahoo/serialize-javascript#200
• security: sanitize function bodies by @​redonkulus in yahoo/serialize-javascript#199
• docs: tweak README by @​okuryu in yahoo/serialize-javascript#201
• release: v7.0.1 by @​okuryu in yahoo/serialize-javascript#202

New Contributors

• @​redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

• requires Node.js v20+

What's Changed

• Bump mocha from 10.2.0 to 10.4.0 by @​dependabot[bot] in yahoo/serialize-javascript#178

... (truncated)

Commits

• df3f1c1 release: v7.0.5
• f147e90 Merge commit from fork
• eec32e0 release: v7.0.4
• d505715 7.0.3
• 2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
• 42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
• 44f544b release: v7.0.2 (#205)
• bba0ddd ci: setup trusted publishing workflow (#204)
• 235f6ea ci: bump GitHub Actions to latest versions (#203)
• f7fff15 release: v7.0.1 (#202)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.

Updates @angular-devkit/build-angular from 19.2.26 to 21.2.11

Release notes

Sourced from @​angular-devkit/build-angular's releases.

21.2.11

@​angular/cli

Commit	Description
	robustly parse npm manifest from array

@​angular/ssr

Commit	Description
	allow all hosts in common engine rendering options to prevent validation errors
	remove stateful flag from URL_PARAMETER_REGEXP

21.2.10

@​angular/cli

Commit	Description
	restrict MCP workspace access to allowed client roots during resolution

21.2.9

@​schematics/angular

Commit	Description
	add missing imports for focus and skip APIs in refactor-jasmine-vitest

@​angular/cli

Commit	Description
	fix broken img ref in ai-tutor
	introduce initial package manager workspace awareness
	remove standalone true ref in ai tutor

@​angular/ssr

Commit	Description
	introduce trustProxyHeaders option to safely validate and sanitize proxy headers
	add support for configuring trusted proxy headers via environment variable
	decode route segments when building and matching route tree
	use router to normalize URLs for comparison

21.2.8

@​angular/cli

Commit	Description
	dynamically resolve project Angular CLI executable inside MCP tools
	ignore EBADF file system errors during MCP project scan
	use headless option in MCP test tool

@​angular-devkit/build-angular

Commit	Description
	ensure route has leading slash in prerender builder
	fix app-shell route format and

@​angular/build

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

21.2.11 (2026-05-13)

@​angular/cli

Commit	Type	Description
bbd63b7a5	fix	robustly parse npm manifest from array

@​angular/ssr

Commit	Type	Description
eafe1a719	fix	allow all hosts in common engine rendering options to prevent validation errors
7a116a80d	fix	remove stateful flag from URL_PARAMETER_REGEXP

20.3.26 (2026-05-13)

@​angular/ssr

Commit	Type	Description
7cc1871ee	fix	allow all hosts in common engine rendering options to prevent validation errors

Commits

• 00e3663 release: cut the v21.2.11 release
• eafe1a7 fix(@​angular/ssr): allow all hosts in common engine rendering options to prev...
• 7a116a8 fix(@​angular/ssr): remove stateful flag from URL_PARAMETER_REGEXP
• a7705fb build: update cross-repo angular dependencies
• 453ed5b build: update github/codeql-action action to v4.35.4
• f0f9b2d refactor(@​angular/cli): add validation and logging to npm manifest parsing
• bbd63b7 fix(@​angular/cli): robustly parse npm manifest from array
• 64cbd62 release: cut the v21.2.10 release
• 6f26f4f build: lock file maintenance
• 111dcc3 refactor(@​angular/cli): re-add resolveModule for find examples tool
• Additional commits viewable in compare view

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​angular-devkit/​build-angular@​19.2.26 ⏵ 21.2.11			+1	+1
	typescript@​5.7.3

View full report