Skip to content

Bump the npm_and_yarn group across 1 directory with 7 updates#7

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-8c12be11cb
Open

Bump the npm_and_yarn group across 1 directory with 7 updates#7
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-8c12be11cb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
@angular/common 5.1.2 20.3.25
@angular/compiler 5.1.2 20.3.25
@angular/core 5.1.2 20.3.25
jsrsasign 8.0.4 11.1.1
handlebars 4.0.11 4.7.9
jws 3.1.4 3.2.3
shell-quote 1.6.1 1.9.0

Updates @angular/common from 5.1.2 to 20.3.25

Release notes

Sourced from @​angular/common's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • 06be298 fix(http): preserve empty referrer option in HttpRequest
  • 9f443bc fix(common): Limits date format string length
  • fa940e1 fix(http): Rejects non-HTTP(S) URLs in JSONP requests
  • 1a62130 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • 566ad05 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e2ef1ce fix(http): skip transfer cache for fetch credentialed requests
  • 3d135ce fix(common): add upper bounds for digitsInfo
  • 39a4b4c fix(common): sanitize placeholder
  • de7b2a6 fix(http): exclude withCredentials requests from transfer cache
  • 4233188 fix(http): skip TransferCache for cookie-bearing requests by default
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/common since your current version.


Updates @angular/compiler from 5.1.2 to 20.3.25

Release notes

Sourced from @​angular/compiler's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • a68ec70 fix(compiler): sanitize two-way properties
  • d40acc6 fix(compiler): prevent namespaced SVG <style> elements from being stripped
  • 7ae6381 test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...
  • 36200bd test(core): update spec files to match 20.3.x limits and actual contexts (#68...
  • 823b37f test(compiler): remove obsolete schema_extractor import (#68926)
  • e345a58 fix(core): normalize tag names in runtime i18n attribute security context loo...
  • 8f35b18 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
  • 64a89e9 fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
  • 6404edf fix(compiler): strip namespaced SVG script elements during template compilati...
  • dc631ef fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/compiler since your current version.


Updates @angular/core from 5.1.2 to 20.3.25

Release notes

Sourced from @​angular/core's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • ca48b47 fix(core): validate lowercase SVG animation attribute names (#69270)
  • 1a62130 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • 49368c1 fix(platform-server): harden platform location origin validation during SSR
  • 566ad05 fix(common): skip transfer cache for uncacheable HTTP traffic
  • 768a349 fix(core): harden TransferState restoration against DOM clobbering
  • 7ae6381 test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...
  • 6595409 test(core): update golden symbols and host bindings sanitization spec (#68926)
  • d86e4e7 fix(core): reject script element as a dynamic component host (#68926)
  • b8f1f72 test(core): remove obsolete blockquote cite host binding tests (#68926)
  • 36200bd test(core): update spec files to match 20.3.x limits and actual contexts (#68...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/core since your current version.


Updates jsrsasign from 8.0.4 to 11.1.1

Release notes

Sourced from jsrsasign's releases.

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

  • Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
    • src/crypto.js
      • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

  • Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
    • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
    • src/crypto.js
      • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
    • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

enhanced support for encrypted PKCS8

  • Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
    • KEYUTIL.getPEM is updated not to use weak ciphers (#599)
      • default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
      • default prf is changed from hmacWithSHA1 to hmacWithSHA256
    • src/keyutil.js
      • more encrypted PKCS#8 private key support
        • KEYUTIL.getKey now supports encrypted PKCS#8 private key with aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as psudorandom function.
        • KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM priavte key.
    • src/crypto.js
      • Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
    • src/base64x.js
      • function inttohex and twoscompl are added
    • src/asn1.js
      • ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
    • src/asn1x509.js
      • aes*-CBC and hmacWithSHA* OIDs are added
    • test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
      • update and add some test cases for above
    • stop bower support (bower.json removed)

X509.getExtSubjectDirectoryAttributes another bugfix

  • Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
    • src/x509.js
      • another bugfix X509.getExtSubjectDirectoryAttributes method

X509.getExtSubjectDirectoryAttributes bugfix

  • Changes from 10.8.4 to 10.8.5 (2023-Apr-26)
    • src/x509.js
      • bugfix X509.getExtSubjectDirectoryAttributes method

more SubjectDirectoryExtension support

  • Changes from 10.8.3 to 10.8.4 (2023-Apr-26)
    • src/asn1x509.js

... (truncated)

Changelog

Sourced from jsrsasign's changelog.

ChangeLog for jsrsasign

  • Changes from 11.1.2 to 11.1.3 (2026-Apr-18)

    • base64x.js
      • timingSafeEqual and timingSafeEqualImpl added
    • jws.js
      • modified to use timingSafeEqual for HS* signature verification
    • Security fixes:
    • bugfix
      • jws.js
        • wrong thumbprint calculation for symmetric key (KJUR.jws.JWS.getJWKthumbprint) reported in issue #656 by @​e3stpavel.
  • Changes from 11.1.1 to 11.1.2 (2026-Apr-12)

    • Security fixes:
      • HIGH: wrong random for for Node.JS >= 19 and modern browsers (ext/rng.js SecureRandom) reported by Bronson Yen of Calif.io and @​Kr0emer #655.
      • HIGH: ASN.1 Parser Infinite Loop (asn1hex.js) getChildIdx fix to avoid infinite loop reported by Koda Reef.
      • HIGH: DSA Universal Signature Forgery (dsa.js) FIPS 186-4 section 4.7 wrong boundary checking in verifyWithMessageHash reported by Koda Reef, Nicholas Carlini and @​Kr0emer.
      • ASN1HEX.getChildIdx DoS (asn1hex.js) getChildIdx may raise DoS because of lacking value length check reported by Yt(yutengsun) and Franciny S Roj.
      • missing JWS crit header parameter validation (jws.js) as reported by Franciny S Roj. Thank you indeed for those vulnerability reports and/or patches.
  • Changes from 11.1.0 to 11.1.1 (2026-Feb-20)

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

  • Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
    • src/crypto.js
      • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

  • Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
    • Major Changes:
      • Stop to support Internet Explorer.
      • Stop to support bower.
      • Modern ECMA functions will be introduced such as Promise, let, Array methods or class.
      • API document generator will be changed from Jsdoc Toolkit to JSDoc3.
      • Module bandler will be used such as browserify or webpack.

... (truncated)

Commits
  • e2b136e 11.1.1 release
  • e2e417e Merge pull request #641 from njg7194/add-security-policy
  • 77f1776 Merge pull request #651 from Kr0emer/fix/bug-007-isprobableprime-negative
  • 5ea1c32 Merge pull request #650 from Kr0emer/fix/bug-006-modpow-negative-exponent
  • ee4b013 Merge pull request #647 from Kr0emer/fix/bug-003-dsa-nonce-compareto
  • 37b4c06 Merge pull request #646 from Kr0emer/fix/bug-002-dsa-domain-params-validation
  • d89f0ec fix(crypto): correct compareTo checks in BigInteger RNG helpers
  • 02fa75d fix(jsbn2): reject non-positive values in primality checks
  • f508ddd Merge branch 'master' into fix/bug-002-dsa-domain-params-validation
  • ca5b027 Merge pull request #648 from Kr0emer/fix/bug-004-modinverse-dos
  • Additional commits viewable in compare view

Updates handlebars from 4.0.11 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

v4.7.8

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

v4.7.8 - July 27th, 2023

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

... (truncated)

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.


Updates jws from 3.1.4 to 3.2.3

Release notes

Sourced from jws's releases.

v3.2.3

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.

v3.2.2

No release notes provided.

v3.2.1

No release notes provided.

v3.2.0

No release notes provided.

v3.1.5

No release notes provided.

Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

2.0.0 - 2015-01-30

Changed

  • BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

  • Code reorganization, thanks @​fearphage! (7880050)

Added

  • Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)
Commits
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.


Updates shell-quote from 1.6.1 to 1.9.0

Changelog

Sourced from shell-quote's changelog.

v1.9.0 - 2026-06-24

Commits

  • [New] add types dca6e21
  • [Dev Deps] update eslint 9aa9e8f
  • [Fix] parse: finalize tokens in linear time (GHSA-395f-4hp3-45gv) 7ff5488
  • [actions] update workflows 75e8497
  • [actions] Windows + node 4/6/7: pin eslint to 9 before install, since npm 2/3 cannot stage eslint 10@types/esrecurse 3fb739d
  • [actions] retry npm install on Windows to survive npm 2/3 staging-rename flake abe0163
  • [actions] Windows + node 5/7: install deps with a modern node b4bafa2
  • [Fix] quote: escape leading ~ to prevent shell tilde-expansion 7a76c1a
  • [Dev Deps] update auto-changelog, tape 7184b44
  • [Dev Deps] apparently jackspeak is no longer in the graph 9ba368a

v1.8.4 - 2026-05-22

Commits

  • [Fix] quote: validate object-token shapes 4378a6e
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore

Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `5.1.2` | `20.3.25` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `5.1.2` | `20.3.25` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `5.1.2` | `20.3.25` |
| [jsrsasign](https://github.com/kjur/jsrsasign) | `8.0.4` | `11.1.1` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.11` | `4.7.9` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.1.4` | `3.2.3` |
| [shell-quote](https://github.com/ljharb/shell-quote) | `1.6.1` | `1.9.0` |



Updates `@angular/common` from 5.1.2 to 20.3.25
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/common)

Updates `@angular/compiler` from 5.1.2 to 20.3.25
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/compiler)

Updates `@angular/core` from 5.1.2 to 20.3.25
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/core)

Updates `jsrsasign` from 8.0.4 to 11.1.1
- [Release notes](https://github.com/kjur/jsrsasign/releases)
- [Changelog](https://github.com/kjur/jsrsasign/blob/master/ChangeLog.txt)
- [Commits](kjur/jsrsasign@8.0.4...11.1.1)

Updates `handlebars` from 4.0.11 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.0.11...v4.7.9)

Updates `jws` from 3.1.4 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.1.4...v3.2.3)

Updates `shell-quote` from 1.6.1 to 1.9.0
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.6.1...v1.9.0)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 20.3.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 20.3.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 20.3.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jsrsasign
  dependency-version: 11.1.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.9.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants