Bump the npm_and_yarn group across 1 directory with 10 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the /frontend directory:

Package	From	To
@angular/common	17.3.12	21.1.4
@angular/compiler	17.3.12	21.1.4
tmp	0.2.3	0.2.5
lodash	4.17.21	4.17.23
qs	6.13.0	6.14.2

Updates @angular/common from 17.3.12 to 21.1.4

Release notes

Sourced from @​angular/common's releases.

21.1.4

compiler

Commit	Description
	add geolocation element to schema

core

Commit	Description
	capture animation dependencies eagerly to avoid destroyed injector
	Fix flakey test due to document injection

forms

Commit	Description
	support signal-based schemas in validateStandardSchema

http

Commit	Description
	correctly parse ArrayBuffer and Blob in transfer cache

21.1.3

core

Commit	Description
	linkedSignal.update should propagate errors
	export DirectiveWithBindings
	hold constructors weakly in DepsTracker cache
	prevent element duplication with dynamic components

forms

Commit	Description
	Resolves debounce promise on abort in debounceForDuration

localize

Commit	Description
	add support for unit-test builder in ng-add schematic

router

Commit	Description
	limit UrlParser recursion depth to prevent stack overflow
	Use .bind to avoid holding other closures in memory

21.1.2

forms

Commit	Description
	only touch visible, interactive fields on submit

language-service

Commit	Description
	Detect local project version on creation

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.1.4 (2026-02-11)

compiler

Commit	Type	Description
caab23dfe6	fix	add geolocation element to schema

core

Commit	Type	Description
2b99eaa019	fix	capture animation dependencies eagerly to avoid destroyed injector
d6aeac504c	fix	Fix flakey test due to document injection

forms

Commit	Type	Description
0d1acd0165	feat	support signal-based schemas in validateStandardSchema

http

Commit	Type	Description
3905015ccc	fix	correctly parse ArrayBuffer and Blob in transfer cache

21.2.0-next.2 (2026-02-04)

core

Commit	Type	Description
8d5210c9fe	feat	add ChangeDetectionStrategy.Eager alias for Default
aff9e36a98	fix	linkedSignal.update should propagate errors
8ab433abdd	fix	export DirectiveWithBindings
cab5ddd526	fix	hold constructors weakly in DepsTracker cache
c66a19f0de	fix	prevent element duplication with dynamic components

forms

Commit	Type	Description
95ecce8334	feat	allow setting submit options at form-level
3937afc316	feat	introduce SignalFormControl for Reactive Forms compatibility
dd208ca259	feat	update submit function to accept options object
b1bf535f8e	fix	Resolves debounce promise on abort in debounceForDuration

language-service

Commit	Type	Description
496967e7b1	feat	add JSON schema for angularCompilerOptions
8c21866f49	feat	add linked editing ranges for HTML tag synchronization

localize

Commit	Type	Description
1c3b1cf18d	fix	add support for unit-test builder in ng-add schematic

router

Commit	Type	Description

... (truncated)

Commits

• 6c14e3a build: update Jasmine to 6.0.0
• 19542a3 test(common): remove zone-based testing utilities
• 3905015 fix(http): correctly parse ArrayBuffer and Blob in transfer cache
• 6f5c233 refactor(common): extract argument assertion
• 7242da2 docs: reword docs on standalone.
• 6601f06 test(common): enables zoneless change detection in tests
• 3954dc2 refactor(http): remove redundant providedIn: 'root' in XSRF_HEADER_NAME
• 03e2b36 refactor(core): update error message links to versioned docs (#66374)
• 74af7d8 refactor(core): Use the provided Document value rather than global in FakeNav...
• a2b9429 Revert "feat(router): add trailingSlash config option"
• Additional commits viewable in compare view

Updates @angular/compiler from 17.3.12 to 21.1.4

Release notes

Sourced from @​angular/compiler's releases.

21.1.4

compiler

Commit	Description
	add geolocation element to schema

core

Commit	Description
	capture animation dependencies eagerly to avoid destroyed injector
	Fix flakey test due to document injection

forms

Commit	Description
	support signal-based schemas in validateStandardSchema

http

Commit	Description
	correctly parse ArrayBuffer and Blob in transfer cache

21.1.3

core

Commit	Description
	linkedSignal.update should propagate errors
	export DirectiveWithBindings
	hold constructors weakly in DepsTracker cache
	prevent element duplication with dynamic components

forms

Commit	Description
	Resolves debounce promise on abort in debounceForDuration

localize

Commit	Description
	add support for unit-test builder in ng-add schematic

router

Commit	Description
	limit UrlParser recursion depth to prevent stack overflow
	Use .bind to avoid holding other closures in memory

21.1.2

forms

Commit	Description
	only touch visible, interactive fields on submit

language-service

Commit	Description
	Detect local project version on creation

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.1.4 (2026-02-11)

compiler

Commit	Type	Description
caab23dfe6	fix	add geolocation element to schema

core

Commit	Type	Description
2b99eaa019	fix	capture animation dependencies eagerly to avoid destroyed injector
d6aeac504c	fix	Fix flakey test due to document injection

forms

Commit	Type	Description
0d1acd0165	feat	support signal-based schemas in validateStandardSchema

http

Commit	Type	Description
3905015ccc	fix	correctly parse ArrayBuffer and Blob in transfer cache

21.2.0-next.2 (2026-02-04)

core

Commit	Type	Description
8d5210c9fe	feat	add ChangeDetectionStrategy.Eager alias for Default
aff9e36a98	fix	linkedSignal.update should propagate errors
8ab433abdd	fix	export DirectiveWithBindings
cab5ddd526	fix	hold constructors weakly in DepsTracker cache
c66a19f0de	fix	prevent element duplication with dynamic components

forms

Commit	Type	Description
95ecce8334	feat	allow setting submit options at form-level
3937afc316	feat	introduce SignalFormControl for Reactive Forms compatibility
dd208ca259	feat	update submit function to accept options object
b1bf535f8e	fix	Resolves debounce promise on abort in debounceForDuration

language-service

Commit	Type	Description
496967e7b1	feat	add JSON schema for angularCompilerOptions
8c21866f49	feat	add linked editing ranges for HTML tag synchronization

localize

Commit	Type	Description
1c3b1cf18d	fix	add support for unit-test builder in ng-add schematic

router

Commit	Type	Description

... (truncated)

Commits

• 6c14e3a build: update Jasmine to 6.0.0
• caab23d fix(compiler): add geolocation element to schema
• 3f0fbaa refactor(compiler): remove zone-based testing utilities
• 0729181 test(compiler): remove zone-based testing utilities
• ea70b00 refactor(compiler): remove unused symbols
• ded654d build: initial test of TypeScript 6
• 5326333 fix(forms): Ensure the control instruction comes after the other bindings
• 29f074a fix(forms): Rename signal form [field] to [formField]
• 0875dea refactor(compiler): switch Binary.isAssignmentOperation to type guard function
• 83bac5a refactor(compiler): tighten Unary.operator type
• Additional commits viewable in compare view

Updates esbuild from 0.20.1 to 0.27.2

Release notes

Sourced from esbuild's releases.

v0.27.2

• Allow import path specifiers starting with #/ (#4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#4357, #4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  /* Old output (with --target=chrome110) */
  main {
  mask: url(x.png) center/5rem no-repeat;
  }
  /* New output (with --target=chrome110) */
  main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#4176, #4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}
  // New output (with --minify)

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

• Fix regression with --define and import.meta (#4010, #4012, #4013)

  The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

  This fix was contributed by @​sapphi-red.

0.24.1

• Allow es2024 as a target in tsconfig.json (#4004)

  TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

  {
    "compilerOptions": {
      "target": "ES2024"
    }
  }

  As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

  This fix was contributed by @​billyjanitsch.

• Allow automatic semicolon insertion after get/set

  This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

  class Foo {
    get
    *x() {}
    set
    *y() {}
  }

  The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

• Allow quoted property names in --define and --pure (#4008)

  The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits

• cd83297 publish 0.27.2 to npm
• 2759721 additional tests for switch with break
• fd2b4b3 update release notes
• c8d93a7 fix #4357: -webkit- prefix for mask shorthand (#4358)
• 92ff12c compat table: update @types/node
• a35eceb compat table: fix a type error with the new types
• f598984 fix make compat-table to install dependencies
• f7f6df0 release notes for #4361
• 6f8ec15 fix: allow subpath imports that start with #/ (#4361)
• f7ae61f minify some switch statements to if-else statement
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates tmp from 0.2.3 to 0.2.5

Commits

• 3d2fe38 Bump up the version
• e162828 Merge pull request #309 from fflorent/fix-tmp-dir-with-dir
• b847d2f Fix use of tmp.dir() with dir option
• 08fa3ab Update version
• 1cf4ec5 Merge commit from fork
• 188b25e Fix GHSA-52f5-9888-hmc6
• 73b9fe4 Add test case for GHSA-52f5-9888-hmc6
• b8e2f29 Remove broken tests
• 2892a02 Remove outdated URL
• f592318 Reformat package.json
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates node-forge from 1.3.1 to 1.3.3

Changelog

Sourced from node-forge's changelog.

1.3.3 - 2025-12-02

Fixed

• [pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX issues introduced in 1.3.2.

1.3.2 - 2025-11-25

Security

• HIGH: ASN.1 Validator Desynchronization
  • An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
  • Reported by Hunter Wodzenski.
  • CVE ID: CVE-2025-12816
  • GHSA ID: GHSA-5gfm-wpxj-wjgq
• HIGH: ASN.1 Unbounded Recursion
  • An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.
  • Reported by Hunter Wodzenski.
  • CVE ID: CVE-2025-66031
  • GHSA ID: GHSA-554w-wpv2-vw27
• MODERATE: ASN.1 OID Integer Truncation
  • An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.
  • Reported by Hunter Wodzenski.
  • CVE ID: CVE-2025-66030
  • GHSA ID: GHSA-65ch-62r8-g69g

Fixed

• [asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.
• [asn1] Add fromDer() max recursion depth check.
  • Add a asn1.maxDepth global configurable maximum depth of 256.
  • Add a asn1.fromDer() per-call maxDepth option.
  • NOTE: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.
  • NOTE: The per-call maxDepth parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default

... (truncated)

Commits

• 1cea0af Release 1.3.3.
• 5265989 Update changelog.
• e4f3961 Fix changelog for release.
• 503979b Update changelog.
• c3b3b32 Make digestAlgorithm parameters optional
• 6f70043 Update CVE details.
• f547b0d Start 1.3.3-0.
• 235ad3e Release 1.3.2.
• 2598244 Update changelog.
• 0032dd0 Fix typos.
• Additional commits viewable in compare view

Updates qs from 6.13.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

• [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
• [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
• [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
• [Fix] parse: enforce arrayLimit on comma-parsed values
• [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
• [Robustness] avoid .push, use void
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [meta] fix changelog typo (arrayLength → arrayLimit)
• [actions] fix rebase workflow permissions

6.14.1

• [Fix] ensure arrayLimit applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

• [New] parse: add throwOnParameterLimitExceeded option (#517)
• [Refactor] parse: use utils.combine more
• [patch] parse: add explicit throwOnLimitExceeded default
• [actions] use shared action; re-add finishers
• [meta] Fix changelog formatting bug
• [Deps] update side-channel
• [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
• [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

• [Robustness] avoid .push, use void
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [actions] fix rebase workflow permissions

6.13.1

• [Fix] stringify: avoid a crash when a filter key is null
• [Fix] utils.merge: functions should not be stringified into keys
• [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
• [Fix] stringify: ensure a non-string filter does not crash
• [Refactor] use __proto__ syntax instead of Object.create for null objects
• [Refactor] misc cleanup

... (truncated)

Commits

• bdcf0c7 v6.14.2
• 294db90 [readme] document that addQueryPrefix does not add ? to empty output
• 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
• 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
• cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
• febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
• f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
• fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
• 1b9a8b4 [actions] fix rebase workflow permissions
• 2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
• Additional commits viewable in compare view

Updates tar from 6.2.1 to 7.5.9

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• 1f0c2c9 7.5.9
• fbb0851 build minified version as default export
• 6b8eba0 7.5.8
• 2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
• d18e4e1 fix: do not write linkpaths through symlinks
• 4a37eb9 7.5.7
• f4a7aa9 fix: properly sanitize hard links containing ..
• 394ece6 7.5.6
• 7d4cc17 fix race puting a Link ahead of its target File
• 26ab904 7.5.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates webpack from 5.94.0 to 5.105.0

Release notes

Sourced from webpack's releases.

v5.105.0

Minor Changes

• Allow resolving worker module by export condition name when using new Worker() (by @​hai-x in #20353)

• Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @​hai-x in #20320)

• Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @​alexander-akait in #20400)

• Support import.defer() for context modules. (by @​ahabhgk in #20399)

• Added support for array values ​​to the devtool option. (by @​hai-x in #20191)

• Improve rendering node built-in modules for ECMA module output. (by @​hai-x in #20255)

• Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @​xiaoxiaojx in #20312)

Patch Changes

• Fixed ESM default export handling for .mjs files in Module Federation (by @​y-okt in #20189)

• Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @​xiaoxiaojx in #20313)

• Respect the stats.errorStack option in stats output. (by @​samarthsinh2660 in #20258)

• Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @​xiaoxiaojx in #20265)

• Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by @​xiaoxiaojx in #20390)

• Fixed Worker self-import handling to support various URL patterns (e.g., import.meta.url, new URL(import.meta.url), new URL(import.meta.url, import.meta.url), new URL("./index.js", import.meta.url)). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by @​xiaoxiaojx in #20381)

• Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by @​xiaoxiaojx in #20345)

• Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by @​samarthsinh2660 in #20251)

• Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by @​hai-x in #20346)

• Fixed import.meta.env.xxx behavior: when accessing a non-existent property, it now returns empty object instead of full object at runtime. (by @​xiaoxiaojx in #20289)

• Improved parsing error reporting by adding a link to the loader documentation. (by @​gaurav10gg in #20244)

• Fix typescript types. (by @​alexander-akait in #20305)

• Add declaration for unused harmony import specifier. (by @​hai-x in #20286)

• Fix compressibility of modules while retaining portability. (by @​dmichon-msft in #20287)

• Optimize source map generation: only include ignoreList property when it has content, avoiding empty arrays in source maps. (by @​xiaoxiaojx in #20319)

• Preserve star exports for dependencies in ECMA module output. (by @​hai-x in #20293)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.0

Minor Changes

• Allow resolving worker module by export condition name when using new Worker() (by @​hai-x in #20353)

• Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @​hai-x in #20320)

• Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @​alexander-akait in #20400)

• Support import.defer() for context modules. (by @​ahabhgk in #20399)

• Added support for array values ​​to the devtool option. (by @​hai-x in #20191)

• Improve rendering node built-in modules for ECMA module output. (by @​hai-x in #20255)

• Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @​xiaoxiaojx in #20312)

Patch Changes

• Fixed ESM default export handling for .mjs files in Module Federation (by @​y-okt in #20189)

• Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @​xiaoxiaojx in #20313)

• Respect the stats.errorStack option in stats output. (by @​samarthsinh2660 in #20258)

• Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @​xiaoxiaojx in #20265)

• Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to...

  Description has been truncated

[coderabbitai]

Walkthrough

• Angular framework version bump from v17.x to v21.x across all core packages
• Affected dependencies: @angular/common, @angular/compiler, @angular/core, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/router updated to ^21.1.4
• DevDependencies updated: @angular-devkit/build-angular, @angular/cli, @angular/compiler-cli to ^21.1.4
• Angular ESLint schematics updated from 17.4.1 to 21.2.0
• Version declarations only; no runtime behavior or logic changes

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately describes the main change: a dependency bump of 10 packages in the npm_and_yarn group across the frontend directory.
Description check	✅ Passed	Description provides comprehensive details about the dependency updates, including a breakdown table of changes and release notes for updated packages.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/npm_and_yarn/frontend/npm_and_yarn-3c0c80a702

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: @angular/animations version mismatch with other Angular packages.

• @angular/animations remains at ^17.3.0 (line 12)
• All other @angular/* packages updated to ^21.1.4
• Angular packages must be version-aligned to avoid peer dependency conflicts and runtime errors

🐛 Proposed fix

-    "@angular/animations": "^17.3.0",
+    "@angular/animations": "^21.1.4",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"@angular/animations": "^17.3.0",
	"@angular/common": "^17.3.0",
	"@angular/compiler": "^17.3.0",
	"@angular/core": "^17.3.0",
	"@angular/forms": "^17.3.0",
	"@angular/platform-browser": "^17.3.0",
	"@angular/platform-browser-dynamic": "^17.3.0",
	"@angular/router": "^17.3.0",
	"@angular/common": "^21.1.4",
	"@angular/compiler": "^21.1.4",
	"@angular/core": "^21.1.4",
	"@angular/forms": "^21.1.4",
	"@angular/platform-browser": "^21.1.4",
	"@angular/platform-browser-dynamic": "^21.1.4",
	"@angular/router": "^21.1.4",
	"@angular/animations": "^21.1.4",
	"@angular/common": "^21.1.4",
	"@angular/compiler": "^21.1.4",
	"@angular/core": "^21.1.4",
	"@angular/forms": "^21.1.4",
	"@angular/platform-browser": "^21.1.4",
	"@angular/platform-browser-dynamic": "^21.1.4",
	"@angular/router": "^21.1.4",

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Angular 21 zone.js version requirements dependencies

💡 Result:

• Angular 21 (v21.0.0) @angular/core peer dependency on Zone.js: zone.js: "~0.15.0" (and it’s marked optional via peerDependenciesMeta). [1]
• Practical implication: Zone.js is not required for new Angular 21 apps because zoneless change detection is the default; you only install Zone.js if you choose to run “zone-full” (legacy) change detection. [2][3]
• If you do use Zone.js with Angular 21: install a compatible version (e.g. npm i zone.js@~0.15.0) and configure Angular to use zone-based change detection (and include Zone.js in polyfills as needed). [1][2][3]

---

Update zone.js to be compatible with Angular 21.

• Angular 21 peer dependency requires zone.js: ~0.15.0 (optional)
• Current ^0.14.2 is incompatible if zone.js is used; upgrade to ^0.15.0 or ~0.15.0
• Note: Zone.js is now optional in Angular 21; zoneless change detection is the default

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Major: @angular-eslint/* packages version inconsistency.

• @angular-eslint/schematics updated to 21.2.0
• Other @angular-eslint/* packages remain at 17.4.1:
  • @angular-eslint/builder
  • @angular-eslint/eslint-plugin
  • @angular-eslint/eslint-plugin-template
  • @angular-eslint/template-parser
• These packages should be version-aligned

🐛 Proposed fix

-    "@angular-eslint/builder": "17.4.1",
-    "@angular-eslint/eslint-plugin": "17.4.1",
-    "@angular-eslint/eslint-plugin-template": "17.4.1",
-    "@angular-eslint/schematics": "21.2.0",
-    "@angular-eslint/template-parser": "17.4.1"
+    "@angular-eslint/builder": "21.2.0",
+    "@angular-eslint/eslint-plugin": "21.2.0",
+    "@angular-eslint/eslint-plugin-template": "21.2.0",
+    "@angular-eslint/schematics": "21.2.0",
+    "@angular-eslint/template-parser": "21.2.0"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"@angular-eslint/builder": "17.4.1",
	"@angular-eslint/eslint-plugin": "17.4.1",
	"@angular-eslint/eslint-plugin-template": "17.4.1",
	"@angular-eslint/schematics": "17.4.1",
	"@angular-eslint/schematics": "21.2.0",
	"@angular-eslint/template-parser": "17.4.1"
	"@angular-eslint/builder": "21.2.0",
	"@angular-eslint/eslint-plugin": "21.2.0",
	"@angular-eslint/eslint-plugin-template": "21.2.0",
	"@angular-eslint/schematics": "21.2.0",
	"@angular-eslint/template-parser": "21.2.0"