build(deps): bump the angular group with 12 updates

[dependabot]

Bumps the angular group with 12 updates:

Package	From	To
@angular/animations	19.2.20	21.2.12
@angular/cdk	19.2.19	21.2.10
@angular/common	19.2.20	21.2.12
@angular/compiler	19.2.20	21.2.12
@angular/core	19.2.20	21.2.12
@angular/forms	19.2.20	21.2.12
@angular/material	19.2.19	21.2.10
@angular/material-date-fns-adapter	19.2.19	21.2.10
@angular/platform-browser	19.2.20	21.2.12
@angular/platform-browser-dynamic	19.2.20	21.2.12
@angular/router	19.2.20	21.2.12
@angular/compiler-cli	19.2.20	21.2.12

Updates @angular/animations from 19.2.20 to 21.2.12

Release notes

Sourced from @​angular/animations's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/animations's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• 7907e98 test: remove duplicate tests
• 81cabc1 feat(core): add support for TypeScript 6
• abb1794 refactor(core): mark VERSION exports as pure for better tree-shaking
• 26fed34 build: format md files
• b9e2ccd refactor(common): remove unused import (#64699)
• 70332b0 fix(core): pass element removal property through in all locations (#64565)
• 2b257b3 fix(animations): account for Element.animate exceptions (#64506)
• dde5bad fix(core): prevent animations renderer from impacting animate.leave (#63921)
• c357650 refactor(core): Update tests for zoneless by default (#63668)
• 021ead5 refactor(animations): remove dependency on @angular/common (#63248)
• Additional commits viewable in compare view

Updates @angular/cdk from 19.2.19 to 21.2.10

Release notes

Sourced from @​angular/cdk's releases.

21.2.10

aria

Commit	Description
	menu: do not set default aria-label (#33202)

21.2.9

material

Commit	Description
	stepper: allow stepper to be labelled (#33137)

cdk

Commit	Description
	tree: enter/space key on child node should not toggle parent node expansion (#33125)

aria

Commit	Description
	menu: use computed for menu item patterns, with trigger on visible (#33118)

21.2.8

No user facing changes in this release

21.2.7

material

Commit	Description
	sort: deprecate MatSortHeaderIntl and hide from docs (#33089)

21.2.6

material

Commit	Description
	select: wrong transform origin when opening upwards inside another overlay (#33032)

21.2.5

material

Commit	Description
	sidenav: not resetting margin if transition does not start (#33001)
	slider: not picking up static direction (#33006)
	tooltip: allow hover detection logic to be customized (#33018)

cdk

Commit	Description
	stepper: linear updates not reflected in the DOM (#33007)

21.2.4

material

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/cdk's changelog.

21.2.10 "metal-wallaby" (2026-05-06)

aria

Commit	Type	Description
48973661e	fix	menu: do not set default aria-label (#33202)

22.0.0-next.7 "astatine-agriculture" (2026-04-29)

aria

Commit	Type	Description
6ec07bc0c	feat	grid: add test harnesses (#33081)
05419c552	fix	menu: use computed for menu item patterns, with trigger on visible (#33118)

cdk

Commit	Type	Description
1a5d5d101	feat	dialog: add the ability to pass bindings
b916ef907	fix	tree: enter/space key on child node should not toggle parent node expansion (#33125)

material

Commit	Type	Description
867ba993b	feat	bottom-sheet: add the ability to pass bindings
bf3596b53	feat	dialog: add the ability to pass bindings
cb9148dca	fix	stepper: allow stepper to be labelled (#33137)

google-maps

Commit	Type	Description
e44ff8318	feat	Add support for the gmp-click event (#33147)

21.2.9 "astatine-astronaut" (2026-04-29)

aria

Commit	Type	Description
bf14cc9d9	fix	menu: use computed for menu item patterns, with trigger on visible (#33118)

cdk

Commit	Type	Description
3a3852d45	fix	tree: enter/space key on child node should not toggle parent node expansion (#33125)

material

Commit	Type	Description
51271c619	fix	stepper: allow stepper to be labelled (#33137)

... (truncated)

Commits

• 583da8a release: cut the v21.2.10 release
• babfbb7 build: update cross-repo angular dependencies (#33205)
• e08fdf2 build: fix failing test (#33212)
• 09e89fa build: lock file maintenance (#33201)
• 4897366 fix(aria/menu): do not set default aria-label (#33202)
• a6c5b72 build: update cross-repo angular dependencies (#33181)
• b7c34e3 build: update cross-repo angular dependencies (#33160)
• 58e29cf build: update dependency bazel_lib to v3.3.1 (#33177)
• e2f16ac build: update pnpm to v10.33.2 (#33165)
• d17f95d release: cut the v21.2.9 release
• Additional commits viewable in compare view

Updates @angular/common from 19.2.20 to 21.2.12

Release notes

Sourced from @​angular/common's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• 30cf85f refactor(common): update deprecation message
• 42d57c3 refactor(common): fix viewport tests
• 10ad3c0 fix(common): prevent focus from scrollToAnchor
• 540536c fix(http): add CSP nonce support to JsonpClientBackend
• 8102331 test(http): disable XSRF and mock location in HttpClient tests to avoid Domin...
• 13f050d test: construct local Date objects to fix timezone flakiness
• d0cf299 test: remove unsupported timezone from formatDate tests
• b4ab6ba fix(common): avoid redundant image fetch on destroy with auto sizes
• adda6c5 build: update aspect_rules_js to 3.0.2
• 93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
• Additional commits viewable in compare view

Updates @angular/compiler from 19.2.20 to 21.2.12

Release notes

Sourced from @​angular/compiler's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• 4f5d8a2 fix(compiler): let declaration span not including end character
• a4f3120 refactor(compiler): require a reference in DirectiveMeta
• de533fe refactor(compiler-cli): move ClassPropertyMapping into compiler
• ea1e34c refactor(compiler): move matchSource into base metadata
• e40d378 fix(compiler): handle nested brackets in host object bindings
• d04ddd7 fix(core): prevent binding unsafe attributes on SVG animation elements (#67797)
• fea25d1 fix(compiler): register SVG animation attributes in URL security context (#67...
• 880a57d fix(compiler): prevent shimCssText from adding extra blank lines per CSS comment
• 23ea431 fix(compiler): parse named HTML entities containing digits
• 334ae10 fix(compiler): ensure generated code compiles
• Additional commits viewable in compare view

Updates @angular/core from 19.2.20 to 21.2.12

Release notes

Sourced from @​angular/core's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• 9e38ed7 fix(core): sanitizer typings
• 3430251 fix(core): i18n flags leaking on errors
• c37f6ca fix(core): visit ng-let expression value in signal migration schematics
• fe13bb6 fix(core): allow explicit read generic with signal input transforms
• 7a05a9a fix(core): validate security-sensitive attributes in i18n bindings

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud