Skip to content

chore(deps): bump the npm_and_yarn group across 4 directories with 9 updates#337

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/chat/frontend-angular/npm_and_yarn-95e1e47097
Closed

chore(deps): bump the npm_and_yarn group across 4 directories with 9 updates#337
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/chat/frontend-angular/npm_and_yarn-95e1e47097

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 6 updates in the /examples/chat/frontend-angular directory:

Package From To
@angular/common 21.2.13 22.0.4
@angular/compiler 21.2.13 21.2.17
@angular/core 21.2.13 21.2.17
hono 4.12.23 4.12.27
undici 6.25.0 6.27.0
tar 7.5.13 7.5.19

Bumps the npm_and_yarn group with 1 update in the /examples/chat/frontend-svelte directory: vite.
Bumps the npm_and_yarn group with 6 updates in the /examples/voice/frontend-angular directory:

Package From To
@angular/common 21.2.13 22.0.4
@angular/compiler 21.2.13 21.2.17
@angular/core 21.2.13 21.2.17
hono 4.12.23 4.12.27
undici 6.25.0 6.27.0
tar 7.5.14 7.5.19

Bumps the npm_and_yarn group with 1 update in the /examples/voice/frontend-svelte directory: vite.

Updates @angular/common from 21.2.13 to 22.0.4

Release notes

Sourced from @​angular/common's releases.

22.0.4

migrations

Commit Description
fix - fd37f09f37 resolve migration failure when tsconfig specifies rootDir

22.0.3

compiler

Commit Description
fix - f90c20df40 account for NgModule dependencies in JIT-compiled partial declarations
fix - f4f7f3755c remove unused import breaking CI in 22.0.x

compiler-cli

Commit Description
fix - 06d854929c report diagnostic instead of crashing on malformed host binding

core

Commit Description
fix - 2799304259 avoid uncaught promise errors in injectAsync prefetching

http

Commit Description
fix - 8cdc202dfc prevent caching of responses with Set-Cookie headers

service-worker

Commit Description
fix - b4a5a2fb4e preserve referrer in asset requests
fix - a16f9b2263 preserve referrer policy in asset requests

upgrade

Commit Description
fix - bcc648f4b6 support model() signals in downgradeComponent

22.0.2

common

Commit Description
fix - 94ea403563 escape anchor fragment in shadow DOM name selector
fix - 6c1f3e9d49 skip transfer cache for uncacheable HTTP traffic (#69316)

compiler

Commit Description
fix - 6f1171991a restrict possible event handler check to property names longer than 2 characters

core

Commit Description
fix - 528a34f766 avoid caching missing locale data
fix - e17e8d5422 escape overlapping comment delimiters in escapeCommentText
fix - 59dea13f80 guard against DOM clobbering in declareExperimentalWebMcpTool

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

22.0.4 (2026-06-26)

migrations

Commit Type Description
fd37f09f37 fix resolve migration failure when tsconfig specifies rootDir

22.1.0-next.2 (2026-06-25)

compiler

Commit Type Description
ecd047578e fix account for NgModule dependencies in JIT-compiled partial declarations

compiler-cli

Commit Type Description
8b2785b597 fix report diagnostic instead of crashing on malformed host binding

core

Commit Type Description
91d168e74b fix avoid uncaught promise errors in injectAsync prefetching

http

Commit Type Description
f76e8a98c1 fix prevent caching of responses with Set-Cookie headers

migrations

Commit Type Description
c75ff0255c feat add migration from injectable to service

router

Commit Type Description
97a3fd6a55 feat handle null and undefined inputs in RouterLinkActive

service-worker

Commit Type Description
716f9eb032 fix preserve referrer in asset requests
6f98f98f1f fix preserve referrer policy in asset requests

upgrade

Commit Type Description
8d31b82116 fix support model() signals in downgradeComponent

22.0.3 (2026-06-25)

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • cd8f472 docs: add documentation for HttpClient response body size limit and related e...
  • 8cdc202 fix(http): prevent caching of responses with Set-Cookie headers
  • 6867f77 fix(http): distinguish repeated transfer cache params
  • 6c1f3e9 fix(common): skip transfer cache for uncacheable HTTP traffic (#69316)
  • 7ef1399 fix(http): skip transfer cache for fetch credentialed requests (#69316)
  • 94ea403 fix(common): escape anchor fragment in shadow DOM name selector
  • 2dd65d2 fix(http): pass down the reportUploadProgress and reportDownloadProgress ...
  • 1bd5a56 docs: deprecate XHR support for server-side rendering in HTTP docs and recomm...
  • 3c2892c fix(common): prevent prototype pollution in formatDateTime
  • c4b5fa3 fix(common): escape CSS string-terminating characters in escapeCssUrl
  • Additional commits viewable in compare view

Updates @angular/compiler from 21.2.13 to 21.2.17

Release notes

Sourced from @​angular/compiler's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • dc9c996 fix(compiler): sanitize two-way properties
  • ae1c8a1 fix(compiler): move projection attributes into constants
  • eb1cbbf fix(compiler): prevent namespaced SVG <style> elements from being stripped
  • 29ceeff docs: fix typos in source code comments
  • 782e015 fix(compiler): strip namespaced SVG script elements during template compilati...
  • ff12fe5 fix(core): normalize tag names in runtime i18n attribute security context loo...
  • 0b07f47 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
  • cc1378d fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
  • daaf329 fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
  • 68282df fix(compiler): strip namespaced SVG script elements during template compilation
  • Additional commits viewable in compare view

Updates @angular/core from 21.2.13 to 21.2.17

Release notes

Sourced from @​angular/core's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • 88832c8 fix(core): validate lowercase SVG animation attribute names (#69269)
  • 3551074 fix(platform-server): harden platform location origin validation during SSR
  • bc55749 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • d846326 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e245d40 fix(http): skip transfer cache for fetch credentialed requests
  • 1523061 fix(core): harden TransferState restoration against DOM clobbering
  • 736c4ab refactor(core): fix broken unit test.
  • 3fd6897 fix(core): harden inherit definition feature against polluted prototypes
  • 7e38336 fix(core): use Object.create(null) for LOCALE_DATA as a hardening measure
  • 29ceeff docs: fix typos in source code comments
  • Additional commits viewable in compare view

Updates esbuild from 0.27.3 to 0.27.7

Release notes

Sourced from esbuild's releases.

v0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
    class Foo {
      constructor(public x = 1) {}
      y = 2
    }
    // Old output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    this.x = x;
    __publicField(this, "y", 2);
    }
    x;
    }
    // New output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    __publicField(this, "x", x);
    __publicField(this, "y", 2);
    }
    }

v0.27.5

  • Fix for an async generator edge case (#4401, #4417)

    Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:

    async function* inner() { yield 1; yield 2 }
    async function* outer() { yield* inner() }
    let gen = outer()
    for await (let x of [gen.next(), gen.next()]) console.log(x)

    Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with --supported:async-generator=false). The transformation should be fixed starting with this release.

    This fix was contributed by @​2767mr.

  • Fix a regression when metafile is enabled (#4420, #4418)

    This release fixes a regression introduced by the previous release. When metafile: true was enabled in esbuild's JavaScript API, builds with build errors were incorrectly throwing an error about an empty JSON string instead of an object containing the build errors.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
    class Foo {
      constructor(public x = 1) {}
      y = 2
    }
    // Old output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    this.x = x;
    __publicField(this, "y", 2);
    }
    x;
    }
    // New output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    __publicField(this, "x", x);
    __publicField(this, "y", 2);
    }
    }

0.27.5

  • Fix for an async generator edge case (#4401, #4417)

    Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:

    async function* inner() { yield 1; yield 2 }
    async function* outer() { yield* inner() }
    let gen = outer()
    for await (let x of [gen.next(), gen.next()]) console.log(x)

    Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with --supported:async-generator=false). The transformation should be fixed starting with this release.

    This fix was contributed by @​2767mr.

  • Fix a regression when metafile is enabled (#4420, #4418)

... (truncated)

Commits
  • 2025c9f publish 0.27.7 to npm
  • c6b586e fix typo in Makefile for @esbuild/win32-x64
  • 9785e14 publish 0.27.6 to npm
  • b169d8c Revert "update go 1.25.7 => 1.26.1"
  • 7ac8762 run make update-compat-table
  • 8b5ff53 remove an incorrect else
  • e955268 fix #4421: lower generated class fields if needed
  • a5a2500 ci: move make test-old-ts
  • b71e7ac omit go's buildvcs for more reproducible builds
  • 7406b09 organize make platform-all output in Makefile
  • Additional commits viewable in compare view

Updates hono from 4.12.23 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

... (truncated)

Commits
  • 97c6fe1 4.12.27
  • aa92177 Merge commit from fork
  • cd3f6f7 Merge commit from fork
  • d4853a8 fix(jsx): make merged context-isolation tests pass tsc type check (#5037)
  • 6735fea fix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)
  • fab3b13 Merge commit from fork
  • 9f0dadf ci: use npm Staged publishing (#5035)
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates undici from 6.25.0 to 6.27.0

Release notes

Sourced from undici's releases.

v6.27.0

⚠️ Security Release

This release line addresses 4 security advisories.

Action required: Upgrade to undici 6.27.0 or later.

npm install undici@^6.27.0

Note on patched version: the v6 fixes shipped in v6.27.0, not 6.26.0v6.26.0 contains only the chunked-EOF fix (#5308) and the version bump, none of the security fixes below.

The v6 line is not affected by the SOCKS5 advisories (GHSA-vmh5-mc38-953g, GHSA-hm92-r4w5-c3mj), the shared-cache disclosure (GHSA-pr7r-676h-xcf6), or the 8.x-only WebSocket regression (GHSA-38rv-x7px-6hhq).

Summary

Advisory CVE Severity (CVSS) Fixed in Fix commit
GHSA-vxpw-j846-p89q CVE-2026-12151 High (7.5) 6.27.0 b7f252e7
GHSA-p88m-4jfj-68fv CVE-2026-9679 Moderate (5.9) 6.27.0 25efa447
GHSA-g8m3-5g58-fq7m CVE-2026-11525 Low (3.7) 6.27.0 25efa447
GHSA-35p6-xmwp-9g52 CVE-2026-6733 Low (3.7) 6.27.0 f4c31d60

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: b7f252e7 Backport WebSocket maxPayloadSize fixes (#5423, backported to v6 in #5428)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service. All releases from 6.17.0 onward are affected.

  • Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
  • Workaround: none — upgrade is required.

Moderate severity

HTTP header injection via Set-Cookie percent-decoding — CVE-2026-9679

... (truncated)

Commits

Updates piscina from 5.1.4 to 5.2.0

Changelog

Sourced from piscina's changelog.

5.2.0 (2026-06-12)

Features

Bug Fixes

  • eagerly spawn workers up to maxThreads on cold-pool burst (#1043) (779c640)
  • include skipQueue in queueSize calculation (#1030) (b7d4d61)
  • interface name and add missing curly brace (#951) (8cd51f2)
  • onWorkerMessage gets skipped in Jest environment (#968) (54de192)
Commits
  • 8baaa1b chore(release): 5.2.0
  • 107b09a Merge commit from fork
  • 3eeaa37 docs: correct typo 'maintanance' in CONTRIBUTING.md (#1071)
  • b7d4d61 fix: include skipQueue in queueSize calculation (#1030)
  • 6beabe0 feat: Add idleThreads getter (#1059)
  • e104a89 chore(deps): Bump fast-uri from 3.0.6 to 3.1.2 in /docs in the npm_and_yarn g...
  • 779c640 fix: eagerly spawn workers up to maxThreads on cold-pool burst (#1043)
  • 469cb93 docs: Update Fastify listen() calls to use { port: 3000 } in docs and example...
  • d752afd [Backport v5] chore(deps): docs: Bump lodash from 4.17.23 to 4.18.1 in /docs ...
  • 6ed6284 chores: gh actions least privilege (#1013) (#1015)
  • Additional commits viewable in compare view

Updates tar from 7.5.13 to 7.5.19

Commits

Updates vite from 7.3.2 to 7.3.5

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to

…updates

Bumps the npm_and_yarn group with 6 updates in the /examples/chat/frontend-angular directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `21.2.13` | `22.0.4` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `21.2.13` | `21.2.17` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.2.13` | `21.2.17` |
| [hono](https://github.com/honojs/hono) | `4.12.23` | `4.12.27` |
| [undici](https://github.com/nodejs/undici) | `6.25.0` | `6.27.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.13` | `7.5.19` |

Bumps the npm_and_yarn group with 1 update in the /examples/chat/frontend-svelte directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 6 updates in the /examples/voice/frontend-angular directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `21.2.13` | `22.0.4` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `21.2.13` | `21.2.17` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.2.13` | `21.2.17` |
| [hono](https://github.com/honojs/hono) | `4.12.23` | `4.12.27` |
| [undici](https://github.com/nodejs/undici) | `6.25.0` | `6.27.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.14` | `7.5.19` |

Bumps the npm_and_yarn group with 1 update in the /examples/voice/frontend-svelte directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@angular/common` from 21.2.13 to 22.0.4
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.4/packages/common)

Updates `@angular/compiler` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/compiler)

Updates `@angular/core` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/core)

Updates `esbuild` from 0.27.3 to 0.27.7
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.3...v0.27.7)

Updates `hono` from 4.12.23 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.27)

Updates `undici` from 6.25.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.25.0...v6.27.0)

Updates `piscina` from 5.1.4 to 5.2.0
- [Release notes](https://github.com/piscinajs/piscina/releases)
- [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md)
- [Commits](piscinajs/piscina@v5.1.4...v5.2.0)

Updates `tar` from 7.5.13 to 7.5.19
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.19)

Updates `vite` from 7.3.2 to 7.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vite` from 8.0.10 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vite` from 8.0.13 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `@angular/common` from 21.2.13 to 22.0.4
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.4/packages/common)

Updates `@angular/compiler` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/compiler)

Updates `@angular/core` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/core)

Updates `esbuild` from 0.27.3 to 0.27.7
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.3...v0.27.7)

Updates `hono` from 4.12.23 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.27)

Updates `undici` from 6.25.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.25.0...v6.27.0)

Updates `piscina` from 5.1.4 to 5.2.0
- [Release notes](https://github.com/piscinajs/piscina/releases)
- [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md)
- [Commits](piscinajs/piscina@v5.1.4...v5.2.0)

Updates `tar` from 7.5.14 to 7.5.19
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.19)

Updates `vite` from 7.3.2 to 7.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vite` from 8.0.10 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vite` from 8.0.13 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 22.0.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.27.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: piscina
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.19
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@angular/common"
  dependency-version: 22.0.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.27.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: piscina
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.19
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #338.

@dependabot dependabot Bot closed this Jun 30, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/examples/chat/frontend-angular/npm_and_yarn-95e1e47097 branch June 30, 2026 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants