build(deps): bump the npm_and_yarn group across 42 directories with 7 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
next	14.0.3	15.5.14
@angular/compiler	16.2.12	19.2.18
@angular/core	16.2.12	19.2.20
fast-xml-parser	4.4.1	4.5.4
flatted	3.2.9	3.4.2
h3	1.9.0	1.15.9
socket.io-parser	4.2.4	4.2.6

Bumps the npm_and_yarn group with 4 updates in the /examples/angular-gen1 directory: @angular/compiler, @angular/core, flatted and socket.io-parser.
Bumps the npm_and_yarn group with 4 updates in the /examples/angular-universal directory: @angular/compiler, @angular/core, flatted and socket.io-parser.
Bumps the npm_and_yarn group with 1 update in the /examples/embed-starter-kit/admin directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/embed-starter-kit/site directory: next.
Bumps the npm_and_yarn group with 3 updates in the /examples/gatsby-minimal-starter directory: next, flatted and socket.io-parser.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js-amp directory: next.
Bumps the npm_and_yarn group with 2 updates in the /examples/next-js-app-router directory: next and flatted.
Bumps the npm_and_yarn group with 2 updates in the /examples/next-js-builder-site directory: next and flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js-cms-blog directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js-localized directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js-on-demand-isr directory: next.
Bumps the npm_and_yarn group with 2 updates in the /examples/next-js-sdk-gen-2-experimental-app-directory directory: next and flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js-simple directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js-theme-ui directory: next.
Bumps the npm_and_yarn group with 2 updates in the /examples/nextjs-app-dir-v2 directory: next and flatted.
Bumps the npm_and_yarn group with 2 updates in the /examples/nextjs-pages-dir-v2 directory: next and flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/react directory: flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/react-design-system directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/react-multipage-funnel directory: flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/remix-minimal-starter directory: flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/svelte-design-system directory: flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/svelte/localized-sveltekit directory: flatted.
Bumps the npm_and_yarn group with 1 update in the /examples/svelte/svelte-vite directory: flatted.
Bumps the npm_and_yarn group with 2 updates in the /examples/vue/nuxt-3 directory: flatted and h3.
Bumps the npm_and_yarn group with 2 updates in the /examples/vue/nuxt-3-catchall directory: flatted and h3.
Bumps the npm_and_yarn group with 3 updates in the /packages/angular directory: @angular/core, flatted and socket.io-parser.
Bumps the npm_and_yarn group with 2 updates in the /packages/gatsby directory: flatted and socket.io-parser.
Bumps the npm_and_yarn group with 1 update in the /packages/personalization-utils directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/react-tests/next14-pages directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/react-tests/next15-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/e2e/nextjs-sdk-next-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/e2e/react-sdk-next-14-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/e2e/react-sdk-next-15-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/e2e/react-sdk-next-pages directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/snippets/gen1-next-14 directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/snippets/nextjs-sdk-next-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/snippets/react-sdk-next-14-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/sdks/snippets/react-sdk-next-pages directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/widgets directory: next.
Bumps the npm_and_yarn group with 1 update in the /starters/create-builder/create-react-app directory: flatted.
Bumps the npm_and_yarn group with 2 updates in the /starters/create-builder/nextjs directory: next and flatted.

Updates next from 14.0.3 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
• Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

• fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

v15.5.11

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Tracing: Fix memory leak in span map (#85529)
• fix: ensure LRU cache items have minimum size of 1 to prevent unbounded growth (#89134)
• Turbopack: fix NFT tracing of sharp 0.34 (#82340)
• Turbopack: support pattern into exports field (#82757)
• NFT tracing fixes (#84155 and #85323)
• Turbopack: validate CSS without computing all paths (#83810)
• feat: implement LRU cache with invocation ID scoping for minimal mode response cache (#89129)

Credits

Huge thanks to @​timneutkens, @​mischnic, @​ztanner, and @​wyattjoh for helping!

Commits

• d7b012d v15.5.14
• 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
• f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
• cfd5f53 v15.5.13
• 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• d23f41c v15.5.12
• 8e75765 fix unlock in publish-native
• 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
• 7a94645 Apply needs for publishRelease
• bbfd4e3 v15.5.11
• Additional commits viewable in compare view

Updates @angular/compiler from 16.2.12 to 19.2.18

Release notes

Sourced from @​angular/compiler's releases.

19.2.18

core

Commit	Description
	sanitize sensitive attributes on SVG script elements

19.2.17

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

19.2.15

core

Commit	Description
	introduce BootstrapContext for improved server bootstrapping (#63639)

Breaking Changes

core

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) =>
    bootstrapApplication(AppComponent, config, context);

  A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

  In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.

For more information please see: GHSA-68x2-mx4q-78m7

18.2.14

core

Commit	Description
	introduce BootstrapContext for improved server bootstrapping (#63640)

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

19.2.18 (2026-01-07)

core

Commit	Type	Description
26cdc53d9c	fix	sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit	Type	Description
8e808740c9	fix	better types for a few expression AST nodes
63b1cdcf70	fix	produce accurate span for typeof and void expressions
3c3ae0cb64	fix	provide location information for literal map keys
523dbaf1c3	fix	stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit	Type	Description
4d9c4567ed	fix	ensure component import diagnostics are reported within the imports expression
cd405685af	fix	fix up spelling of diagnostic
778460fcca	fix	support qualified names in typeof type references

core

Commit	Type	Description
7c74674eb0	fix	avoid leaking view data in animations
0edbee4550	fix	explicitly cast signal node value to String
f9c29572d2	fix	sanitize sensitive attributes on SVG script elements

forms

Commit	Type	Description
e3fba182f9	feat	add [formField] directive
561772b152	fix	allow custom controls to require dirty input
f0fb1d8581	fix	allow custom controls to require hidden input
ec110f170b	fix	allow custom controls to require pending input
ae1dc16bb0	fix	clean up abort listener after timeout
9748b0d5da	fix	support custom controls with non signal-based models
6bd22df987	fix	Support readonly arrays in signal forms

router

Commit	Type	Description
41cd4a6af8	fix	Fix RouterLink href not updating with queryParamsHandling
5e9e09aee0	fix	handle errors from view transition updateCallbackDone promise

21.0.6 (2025-12-17)

Breaking Changes (affecting only experimental features)

... (truncated)

Commits

• 26cdc53 fix(core): sanitize sensitive attributes on SVG script elements
• 7c42e2e fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
• 24bab55 fix(compiler): lexer support for template literals in object literals (#61601)
• fc2483e refactor(compiler): avoid duplication between FactoryTarget type (#61571)
• 8e54b57 build: move private testing helpers outside platform-browser/testing (#61571)
• 44bb328 fix(compiler): avoid conflicts between HMR code and local symbols (#61550)
• 1007079 build: update compiler-cli to not be stamped when used for the compiler in ng...
• 0d025c5 build: support new ng_project rule (#61336)
• 899cb4a refactor: add explicit types for exports relying on inferred call return type...
• 1312eb1 build: remove irrelevant madge circular deps tests (#61209)
• Additional commits viewable in compare view

Updates @angular/core from 16.2.12 to 19.2.20

Release notes

Sourced from @​angular/core's releases.

19.2.20

compiler

Commit	Description
	disallow translations of iframe src

core

Commit	Description
	sanitize translated attribute bindings with interpolations
	sanitize translated form attributes

19.2.19

core

Commit	Description
	block creation of sensitive URI attributes from ICU messages

Breaking Changes

core

• Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

  (cherry picked from commit 03da204b6daa5e4583e0d0968c2107390bbd8235)

19.2.18

core

Commit	Description
	sanitize sensitive attributes on SVG script elements

19.2.17

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

19.2.15

core

Commit	Description
	introduce BootstrapContext for improved server bootstrapping (#63639)

Breaking Changes

core

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

19.2.20 (2026-03-12)

compiler

Commit	Type	Description
5be912eb55	fix	disallow translations of iframe src

core

Commit	Type	Description
b89b0a83a4	fix	sanitize translated attribute bindings with interpolations
621c7071ad	fix	sanitize translated form attributes

20.3.18 (2026-03-12)

compiler

Commit	Type	Description
02fbf08890	fix	disallow translations of iframe src

core

Commit	Type	Description
72126f9a08	fix	sanitize translated attribute bindings with interpolations
626bc8bc20	fix	sanitize translated form attributes

22.0.0-next.3 (2026-03-12)

compiler

Commit	Type	Description
78dea55351	fix	disallow translations of iframe src

core

Commit	Type	Description
999c14eaab	fix	reverts "feat(core): add support for nested animations"
de0eb4c656	fix	sanitize translated form attributes

21.2.4 (2026-03-12)

compiler

Commit	Type	Description
ed2d324f9c	fix	disallow translations of iframe src

core

Commit	Type	Description

... (truncated)

Commits

• 621c707 fix(core): sanitize translated form attributes
• b89b0a8 fix(core): sanitize translated attribute bindings with interpolations
• 7475487 fix(core): block creation of sensitive URI attributes from ICU messages
• 26cdc53 fix(core): sanitize sensitive attributes on SVG script elements
• 7c42e2e fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
• 70d0639 fix(core): introduce BootstrapContext for improved server bootstrapping (#6...
• 73d3e00 build: fix failing test (#61683)
• 9e1cd49 fix(migrations): preserve comments when removing unused imports (#61674)
• a6d5479 build: migrate platform-server to rules_js (#61619)
• 2a26944 build: migrate platform-browser and platform-browser-dynamic package to use r...
• Additional commits viewable in compare view

Updates fast-xml-parser from 4.4.1 to 4.5.4

Release notes

Sourced from fast-xml-parser's releases.

Summary update on all the previous releases from v4.2.4

• Multiple minor fixes provided in the validator and parser
• v6 is added for experimental use.
• ignoreAttributes support function, and array of string or regex
• Add support for parsing HTML numeric entities
• v5 of the application is ESM module now. However, JS is also supported

Note: Release section in not updated frequently. Please check CHANGELOG or Tags for latest release information.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.5.8 / 2026-03-20

• pass read only matcher in callback

5.5.7 / 2026-03-19

• fix: entity expansion limits
• update strnum package to 2.2.0

5.5.6 / 2026-03-16

• update builder dependency
• fix incorrect regex to replace . in entity name
• fix check for entitiy expansion for lastEntities and html entities too

5.5.5 / 2026-03-13

• sanitize dangerous tag or attribute name
• error on critical property name
• support onDangerousProperty option

5.5.4 / 2026-03-13

• declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher

5.5.3 / 2026-03-11

• upgrade builder

5.5.2 / 2026-03-11

• update dependency to fix typings

5.5.1 / 2026-03-10

• fix dependency

5.5.0 / 2026-03-10

• support path-expression-matcher
• fix: stopNode should not be parsed
• performance improvement for stopNode checking

5.4.2 / 2026-03-03

• support maxEntityCount option

5.4.1 / 2026-02-25

• fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

• migrate to fast-xml-builder

5.3.9 / 2026-02-25

• support strictReservedNames

... (truncated)

Commits

• f8d4d42 update strnum to fix parsing issues of 0 when skiplike is used
• ab00cdc update package bundle for minor fixes
• 57c6187 Update ReadMe
• caeda37 fix: emit full JSON string from CLI when no output filename specified (#710)
• eadeb7e fix(performance): Update check for leaf node in saveTextToParentTag function ...
• 682066c Update disclaimer
• 280cd63 Fix null CDATA to comply with undefined behavior (#701)
• e132656 update release detail
• 74e2651 Fixes entity parsing when used in strict mode (#699)
• 4082902 Fix empty tag key name for v5 (#697)
• Additional commits viewable in compare view

Updates flatted from 3.2.9 to 3.4.2

Commits

• 3bf0909 3.4.2
• 885ddcc fix CWE-1321
• 0bdba70 added flatted-view to the benchmark
• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• Additional commits viewable in compare view

Updates h3 from 1.9.0 to 1.15.9

Release notes

Sourced from h3's releases.

v1.15.9

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)
• static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
• sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

v1.15.8

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)

v1.15.7

compare changes

🩹 Fixes

• static: Narrow path traversal check to match .. as a path segment only (c049dc0)
• app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

• Remove implicit event handler conversion warning (#1340)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Wind (@​productdevbook)

v1.15.6

compare changes

🩹 Fixes

• sse: Sanitize newlines in event stream fields to prevent SSE injection (840ac5c)
• static: Prevent path traversal via percent-encoded dot segments (6465e1b)

v1.15.5

compare changes

[!IMPORTANT] Security: Fixed a bug in readBody(event) and readRawBody(event) utils where certain Transfer-Encoding header formats could cause the request body to be ignored.

In some deployments (for example, behind TCP load balancers or non-normalizing proxies), this could allow request smuggling. The handling is now safe and fully compliant. (read more)

🩹 Fixes

... (truncated)

Changelog

Sourced from h3's changelog.

v1.15.9

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)
• static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
• sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

🏡 Chore

• release: V1.15.8 (e3b9c9e)
• Update deps (23045df)

❤️ Contributors

• Pooya Parsa (@​pi0)

v1.15.8

compare changes

🩹 Fixes

• Preserve %25 in pathname (1103df6)

❤️ Contributors

• Pooya Parsa (@​pi0)

v1.15.7

compare changes

🩹 Fixes

• static: Narrow path traversal check to match .. as a path segment only (c049dc0)
• app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

• Remove implicit event handler conversion warning (#1340)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Wind (@​productdevbook)

v1.15.6

... (truncated)

Commits

• 4e8d43a chore(release): v1.15.9
• 23045df chore: update deps
• ba3c3fe fix(sse): sanitize carriage returns in event stream data and comments
• c56683d fix(static): prevent path traversal via double-encoded dot segments (`%252e%2...
• e3b9c9e chore(release): v1.15.8
• 1103df6 fix: preserve %25 in pathname
• 47684a3 chore(release): v1.15.7
• 313ea52 fix(app): decode percent-encoded path segments to prevent auth bypass
• c049dc0 fix(static): narrow path traversal check to match .. as a path segment only
• 3faaea0 refactor: remove implicit event handler conversion warning (#1340)
• Additional commits viewable in compare view

Updates socket.io-parser from 4.2.4 to 4.2.6

Release notes

Sourced from socket.io-parser's releases.

socket.io-parser@4.2.6

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

• add a limit to the number of binary attachments (b25738c)

socket.io-parser@4.2.5

This release contains a bump of debug from ~4.3.1 to ~4.4.1.

Commits

• 522edcd chore(release): socket.io-parser@4.2.6
• 3fff7ca fix(parser): add a limit to the number of binary attachments
• 37aad11 fix: cleanup pending acks on timeout to prevent memory leak
• ba9cd69 revert: fix: cleanup pending acks on timeout to prevent memory leak
• 84c2fb7 chore(release): engine.io@6.6.6
• 07cbe15 fix(eio): add @​types/ws as dependency (#5458)
• 44ed73f fix(eio): emit initial_headers and headers events in uServer (#5460)
• da04267 fix: cleanup pending acks on timeout to prevent memory leak (#5442)
• 74599a6 fix(types): properly import http module
• d48718c ci: use actions/checkout@v6 and actions/setup-node@v6 (#5449)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io-parser since your current version.

Updates @angular/compiler from 18.1.3 to 19.2.18

Release notes

Sourced from @​angular/compiler's releases.

19.2.18

core

Commit	Description
	sanitize sensitive attributes on SVG script elements

19.2.17

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

19.2.15

core

Commit	Description
	introduce BootstrapContext for improved server bootstrapping (#63639)

Breaking Changes

core

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) =>
    bootstrapApplication(AppComponent, config, context);

  A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

  In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.

For more information please see: GHSA-68x2-mx4q-78m7

18.2.14

core

Commit	Description
	introduce BootstrapContext for improved server bootstrapping (#63640)

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

19.2.18 (2026-01-07)

core

Commit	Type	Description
26cdc53d9c	fix	sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit	Type	Description
8e808740c9	fix	better types for a few expression AST nodes
63b1cdcf70	fix	produce accurate span for typeof and void expressions
3c3ae0cb64	fix	provide location information for literal map keys
523dbaf1c3	fix	stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit	Type	Description
4d9c4567ed	fix	ensure component import diagnostics are reported within the imports expression
cd405685af	fix	fix up spelling of diagnostic
778460fcca	fix	support qualified names in typeof type references

core

Commit	Type	Description
7c74674eb0	fix	avoid leaking view data in animations
0edbee4550	fix	explicitly cast signal node value to String
f9c29572d2	fix	sanitize sensitive attributes on SVG script elements

forms

Commit	Type	Description
e3fba182f9	feat	add [formField] directive
561772b152	fix	allow custom controls to require dirty input
f0fb1d8581	fix	allow custom controls to require hidden input
ec110f170b	fix	allow custom controls to require pending input
ae1dc16bb0	fix	clean up abort listener after timeout
9748b0d5da	fix	support custom controls with non signal-based models
6bd22df987	fix	Support readonly arrays in signal forms

router

Commit	Type	Description
41cd4a6af8	fix	Fix RouterLink href not updating with queryParamsHandling
5e9e09aee0	fix	handle errors from view transition updateCallbackDone promise

21.0.6 (2025-12-17)

Breaking Changes (affecting only experimental features)

... (truncated)

Commits

• 26cdc53 fix(core): sanitize sensitive attributes on SVG script elements
• 7c42e2e fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
• 24bab55 fix(compiler): lexer support for template literals in object literals (#61601)
• fc2483e refactor(compiler): avoid duplication between FactoryTarget type (#61571)
• 8e54b57 build: move private testing helpers outside platform-browser/testing (#61571)
• 44bb328 fix(compiler): avoid conflicts between HMR code and local symbols (#61550)
• 1007079 build: update compiler-cli to not be stamped when used for the compiler in ng...
• 0d025c5 build: support new ng_project rule (#61336)
• 899cb4a refactor: add explicit types for exports relying on inferred call return type...
• 1312eb1 build: remove irrelevant madge circular deps tests (#61209)
• Additional commits viewable in compare view

Updates @angular/core from 18.1.3 to 19.2.20

Release notes

Sourced from @​angular/core's releases.

19.2.20

compiler

Commit... Description has been truncated

[dependabot]

Superseded by #126.