Skip to content

chore(deps): bump @angular/core from 21.2.8 to 21.2.10#22

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/angular/core-21.2.10
Open

chore(deps): bump @angular/core from 21.2.8 to 21.2.10#22
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/angular/core-21.2.10

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Bumps @angular/core from 21.2.8 to 21.2.10.

Release notes

Sourced from @​angular/core's releases.

21.2.10

docs

Commit Description
fix - 0d5ee9ae1b link formatting in "Animating your Application with CSS"

migrations

Commit Description
fix - 5533ab4f56 fix NgClass leaving trailing comma after removal

router

Commit Description
fix - 580212c995 restore internal URL on popstate when browserUrl is used

21.2.9

core

Commit Description
fix - f603d4714f escape forward slashes in transfer state to prevent crawler indexing

http

Commit Description
fix - 540536c386 add CSP nonce support to JsonpClientBackend
fix - 63a857b874 Don't on Passthru outside of reactive context

platform-server

Commit Description
fix - e0b5078cf2 prevent SSRF bypasses via protocol-relative and backslash URLs

router

Commit Description
fix - 684e9fd53d normalize multiple leading slashes in URL parser
Changelog

Sourced from @​angular/core's changelog.

21.2.10 (2026-04-22)

docs

Commit Type Description
0d5ee9ae1b fix link formatting in "Animating your Application with CSS"

migrations

Commit Type Description
5533ab4f56 fix fix NgClass leaving trailing comma after removal

router

Commit Type Description
580212c995 fix restore internal URL on popstate when browserUrl is used

19.2.21 (2026-04-15)

platform-server

Commit Type Description
f3a5bfb949 fix prevent SSRF bypasses via protocol-relative and backslash URLs

20.3.19 (2026-04-15)

platform-server

Commit Type Description
303d4cd580 fix prevent SSRF bypasses via protocol-relative and backslash URLs

22.0.0-next.8 (2026-04-15)

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.

compiler

Commit Type Description
47fcbc4704 feat allow safe navigation to correctly narrow down nullables
2c5aabb9da fix don't escape dollar sign in literal expression

compiler-cli

Commit Type Description
e5f96c2d88 fix animation events not type checked properly when bound through HostListener decorator

core

... (truncated)

Commits
  • 750af5b build: update cross-repo angular dependencies to v21.2.8
  • 5533ab4 fix(migrations): fix NgClass leaving trailing comma after removal
  • 2b9954f fix(migrations): fix NgClass leaving trailing comma after removal
  • c9215b3 Revert "refactor(core): complete removal of deprecated createNgModuleRef al...
  • d88d6ed refactor(core): complete removal of deprecated createNgModuleRef alias
  • b24ead5 refactor: Improve hydration mismatch errors for third-party scripts
  • 17cae6a docs: fix bootstraping link
  • f603d47 fix(core): escape forward slashes in transfer state to prevent crawler indexing
  • 05d9b97 build: update cross-repo angular dependencies
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump @angular/core from 21.2.8 to 21.2.10
4a9463f 
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 21.2.8 to 21.2.10.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.10/packages/core)

---
updated-dependencies:
- dependency-name: "@angular/core"
  dependency-version: 21.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants