Bump the npm_and_yarn group across 1 directory with 37 updates

[dependabot]

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
@angular/common	13.1.3	21.2.14
@angular/compiler	13.1.3	21.2.14
@angular/core	13.1.3	21.2.14
uplot	1.6.22	1.6.31
cookie	0.4.2	0.7.2
socket.io	4.5.1	4.8.3
flatted	3.2.7	3.4.2
follow-redirects	1.15.1	1.16.0
tmp	0.2.1	0.2.5
lodash	4.17.21	4.18.1
picomatch	2.3.1	2.3.2

Updates @angular/common from 13.1.3 to 21.2.14

Release notes

Sourced from @​angular/common's releases.

21.2.14

compiler

Commit	Description
	strip namespaced SVG script elements during template compilation

core

Commit	Description
	do not insert todo when migrating void @​Output
	makes resource URL sanitizer lookup case-insensitive
	reject script element as a dynamic component host
	visit ICU expressions in signal migration schematics

router

Commit	Description
	skip scroll-to-top on initial navigation when hydrating

21.2.13

core

Commit	Description
	disallow event attribute bindings in host bindings unconditionally

platform-server

Commit	Description
	add allowedHosts option to renderModule and renderApplication
	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.14 (2026-05-20)

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

22.0.0-rc.0 (2026-05-13)

compiler

Commit	Type	Description
c7aef8ec5d	fix	enforce parentheses containing arguments for :host-context
8a1533c9ad	fix	preserve leading commas in animation definitions
194f723f66	fix	remove dedicated support for legacy shadow DOM selectors
4c25a42e98	fix	remove deprecated shadow CSS encapsulation polyfills
7dc1017e51	fix	simplify handling of colon host with a selector list
ccb7d427e4	fix	type check invalid for loops

platform-server

Commit	Type	Description
119a19e604	fix	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.13 (2026-05-13)

core

Commit	Type	Description
1c6553e97d	fix	disallow event attribute bindings in host bindings unconditionally

platform-server

Commit	Type	Description
629905d537	fix	add allowedHosts option to renderModule and renderApplication
0b7192f441	fix	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

... (truncated)

Commits

• 30cf85f refactor(common): update deprecation message
• 42d57c3 refactor(common): fix viewport tests
• 10ad3c0 fix(common): prevent focus from scrollToAnchor
• 540536c fix(http): add CSP nonce support to JsonpClientBackend
• 8102331 test(http): disable XSRF and mock location in HttpClient tests to avoid Domin...
• 13f050d test: construct local Date objects to fix timezone flakiness
• d0cf299 test: remove unsupported timezone from formatDate tests
• b4ab6ba fix(common): avoid redundant image fetch on destroy with auto sizes
• adda6c5 build: update aspect_rules_js to 3.0.2
• 93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
• Additional commits viewable in compare view

Updates @angular/compiler from 13.1.3 to 21.2.14

Release notes

Sourced from @​angular/compiler's releases.

21.2.14

compiler

Commit	Description
	strip namespaced SVG script elements during template compilation

core

Commit	Description
	do not insert todo when migrating void @​Output
	makes resource URL sanitizer lookup case-insensitive
	reject script element as a dynamic component host
	visit ICU expressions in signal migration schematics

router

Commit	Description
	skip scroll-to-top on initial navigation when hydrating

21.2.13

core

Commit	Description
	disallow event attribute bindings in host bindings unconditionally

platform-server

Commit	Description
	add allowedHosts option to renderModule and renderApplication
	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.14 (2026-05-20)

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

22.0.0-rc.0 (2026-05-13)

compiler

Commit	Type	Description
c7aef8ec5d	fix	enforce parentheses containing arguments for :host-context
8a1533c9ad	fix	preserve leading commas in animation definitions
194f723f66	fix	remove dedicated support for legacy shadow DOM selectors
4c25a42e98	fix	remove deprecated shadow CSS encapsulation polyfills
7dc1017e51	fix	simplify handling of colon host with a selector list
ccb7d427e4	fix	type check invalid for loops

platform-server

Commit	Type	Description
119a19e604	fix	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.13 (2026-05-13)

core

Commit	Type	Description
1c6553e97d	fix	disallow event attribute bindings in host bindings unconditionally

platform-server

Commit	Type	Description
629905d537	fix	add allowedHosts option to renderModule and renderApplication
0b7192f441	fix	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

... (truncated)

Commits

• 68282df fix(compiler): strip namespaced SVG script elements during template compilation
• 6652ec0 refactor(core): align namespaced attribute validation and security schema con...
• baf92da test: remove invalid css that was causing issues with the postcss parser
• 1c6553e fix(core): disallow event attribute bindings in host bindings unconditionally
• 4f5d8a2 fix(compiler): let declaration span not including end character
• a4f3120 refactor(compiler): require a reference in DirectiveMeta
• de533fe refactor(compiler-cli): move ClassPropertyMapping into compiler
• ea1e34c refactor(compiler): move matchSource into base metadata
• e40d378 fix(compiler): handle nested brackets in host object bindings
• d04ddd7 fix(core): prevent binding unsafe attributes on SVG animation elements (#67797)
• Additional commits viewable in compare view

Updates @angular/core from 13.1.3 to 21.2.14

Release notes

Sourced from @​angular/core's releases.

21.2.14

compiler

Commit	Description
	strip namespaced SVG script elements during template compilation

core

Commit	Description
	do not insert todo when migrating void @​Output
	makes resource URL sanitizer lookup case-insensitive
	reject script element as a dynamic component host
	visit ICU expressions in signal migration schematics

router

Commit	Description
	skip scroll-to-top on initial navigation when hydrating

21.2.13

core

Commit	Description
	disallow event attribute bindings in host bindings unconditionally

platform-server

Commit	Description
	add allowedHosts option to renderModule and renderApplication
	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.14 (2026-05-20)

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

22.0.0-rc.0 (2026-05-13)

compiler

Commit	Type	Description
c7aef8ec5d	fix	enforce parentheses containing arguments for :host-context
8a1533c9ad	fix	preserve leading commas in animation definitions
194f723f66	fix	remove dedicated support for legacy shadow DOM selectors
4c25a42e98	fix	remove deprecated shadow CSS encapsulation polyfills
7dc1017e51	fix	simplify handling of colon host with a selector list
ccb7d427e4	fix	type check invalid for loops

platform-server

Commit	Type	Description
119a19e604	fix	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

21.2.13 (2026-05-13)

core

Commit	Type	Description
1c6553e97d	fix	disallow event attribute bindings in host bindings unconditionally

platform-server

Commit	Type	Description
629905d537	fix	add allowedHosts option to renderModule and renderApplication
0b7192f441	fix	forward BEFORE_APP_SERIALIZED errors to ErrorHandler

... (truncated)

Commits

• 1d6e71d docs: clarify ngDoCheck invocation behavior with OnPush strategy
• 49113ac fix(core): visit ICU expressions in signal migration schematics
• 68282df fix(compiler): strip namespaced SVG script elements during template compilation
• c0f5227 fix(core): do not insert todo when migrating void @​Output
• 0fb2724 fix(core): reject script element as a dynamic component host
• 6652ec0 refactor(core): align namespaced attribute validation and security schema con...
• 938a7f3 fix(core): makes resource URL sanitizer lookup case-insensitive
• 1c6553e fix(core): disallow event attribute bindings in host bindings unconditionally
• 9e38ed7 fix(core): sanitizer typings
• 3430251 fix(core): i18n flags leaking on errors
• Additional commits viewable in compare view

Updates uplot from 1.6.22 to 1.6.31

Release notes

Sourced from uplot's releases.

1.6.31

leeoniya/uPlot@1.6.30...1.6.31

1.6.30

leeoniya/uPlot@1.6.29...1.6.30

1.6.29

leeoniya/uPlot@1.6.28...1.6.29

1.6.28

leeoniya/uPlot@1.6.27...1.6.28

1.6.27

leeoniya/uPlot@1.6.26...1.6.27

1.6.26

leeoniya/uPlot@1.6.25...1.6.26

1.6.25

leeoniya/uPlot@1.6.24...1.6.25

1.6.24

leeoniya/uPlot@1.6.23...1.6.24

this release implements the ability to set custom legend value(s) when the plot is un-hovered (leeoniya/uPlot#644).

as a consequence, it will now call any user-supplied series.value or series.values legend callbacks with value=null and dataIdx=null whenever the mouse cursor leaves the plotting area. previously, uPlot did not invoke these callbacks during mouseleave and simply put -- into the legend values.

therefore, if you neglected to handle null values in these user-supplied callbacks, your code may need to be updated.

1.6.23

leeoniya/uPlot@1.6.22...1.6.23

Commits

• f98d1d3 1.6.31
• efc3a3f demo fix
• 41b96d1 bump rollup
• a4edb29 don't flatten linear ranging until < 1e-24 (follow-up to b2433b4)
• 91de800 fix cursor sync when x keys don't match. close #967.
• 3a448dc fix wind direction math. close #970.
• e6fcc60 Add Svelte integration to readme (#948)
• 2d13780 implement custom scales
• b2433b4 better handling for values < 1e-14 with log y axis
• e579947 timeseries-discrete demo. close #939.
• Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates @babel/plugin-transform-modules-systemjs from 7.18.9 to 7.29.4

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser
  • #17782 Improve trailing comma comment handling (@​JLHwung)

📝 Documentation

• #17847 Replace npmjs.com links with npmx.dev (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules
  • #17818 Load async Wasm and JSON imports in parallel (@​nicolo-ribaudo)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.29.2 (2026-03-16)

👓 Spec Compliance

• babel-parser
  • #17840 [7.x backport] async x => {} must be in leading pos (@​JLHwung)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • #17805 [7.x backport] fix: Properly handle await in finally (@​liuxingbaoyu)
• babel-preset-env

... (truncated)

Commits

• a458f66 v7.29.4
• 32ebd5a [7.x backport]fix(systemjs): improve module string name support (#17974)
• aa8394e v7.29.0
• 0053db6 Update polyfill packages (#17727)
• 61647ae v7.28.5
• a177d55 [Babel 8] Use t.traverseFast to replace some path.traverse (#17518)
• eebd3a0 v7.27.1
• 317e332 Enforce node protocol import (#17207)
• fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
• cd24cc0 chore: Update TS 5.7 (#17053)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/plugin-transform-modules-systemjs since your current version.

Updates @babel/traverse from 7.18.13 to 7.29.0

Release notes

Sourced from @​babel/traverse's releases.

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

• babel-types
  • #17750 [7.x backport] Add attributes import declaration builder (@​JLHwung)
• babel-standalone
  • #17663 [7.x backport] feat(standalone): export async transform (@​JLHwung)
  • #17725 [7.x backport] feat: read standalone targets from data-targets (@​JLHwung)

🐛 Bug Fix

• babel-parser
  • #17765 fix(parser): correctly parse type assertions in extends clause (@​nicolo-ribaudo)
  • #17723 [7.x backport] fix(parser): improve super type argument parsing (@​JLHwung)
• babel-traverse
  • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • #17642 [Babel 7] Improve generator performance (@​liuxingbaoyu)

Committers: 6

• David (@​simbahax)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• @​magic-akari

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

• babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • #17589 Improve Unicode handling in code-frame tokenizer (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17556 fix: transform-regenerator correctly handles scope (@​liuxingbaoyu)
• babel-plugin-transform-react-jsx
  • #17538 fix: Keep jsx comments (@​liuxingbaoyu)

💅 Polish

• babel-core, babel-standalone
  • #17606 Polish(standalone): improve message on invalid preset/plugin (@​JLHwung)

🏠 Internal

• babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex
  • #17580 Allow Babel 8 in compatible Babel 7 plugins (@​nicolo-ribaudo)

... (truncated)

Commits

• aa8394e v7.29.0
• 84366a8 fix(traverse): provide a hub when traversing a File or Program and no parentP...
• 229eb45 [7.x backport] fix: Rename switch discriminant references when body creates s...
• d7f4008 v7.28.6
• 905bc22 fix: lint errors in main branch (#17612)
• a03e2b6 fix: path.evaluate correctly returns confident (#17584)
• aac2c37 chore: Use Gulpfile.mts (#17579)
• 65c4a6b [Babel 8] fix: Improve traverse types (#17574)
• 99dcba5 chore: enable some ts-eslint rules (#17592)
• c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/traverse since your current version.

Updates loader-utils from 1.4.0 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c9...

  Description has been truncated

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}