Skip to content

chore(deps): bump all @angular/* framework packages from 21.2.4 to 21.2.7#1450

Merged
jaypatrick merged 5 commits intomainfrom
dependabot/npm_and_yarn/angular/core-21.2.6
Apr 6, 2026
Merged

chore(deps): bump all @angular/* framework packages from 21.2.4 to 21.2.7#1450
jaypatrick merged 5 commits intomainfrom
dependabot/npm_and_yarn/angular/core-21.2.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026
edited by Copilot AI
Loading

Description

Bumps all Angular framework packages from mixed versions (21.2.4/21.2.5/21.2.6) to a consistent ^21.2.7 to satisfy Angular's exact patch peer dependency requirements. Previously only @angular/core was bumped (to 21.2.6), leaving other framework packages on older patch versions and causing unmet peer dependency warnings. Also fixes a test that was broken by the consistent Angular version resolution.

Changes

  • Bump @angular/animations, @angular/common, @angular/compiler, @angular/core, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/platform-server, @angular/router, and @angular/service-worker in frontend/package.json to ^21.2.7
  • Bump @angular/compiler-cli (devDependency) in frontend/package.json to ^21.2.7
  • Regenerate pnpm-lock.yaml so all Angular framework packages consistently resolve to 21.2.7, eliminating unmet peer dependency warnings
  • Fix app.component.spec.ts: move the should render menu button with aria-label test into a new AppComponent (mobile viewport) describe block that mocks BreakpointObserver to return matches: true, since the menu button is only rendered inside @if (isMobile()) in the template; add an explicit desktop-viewport negative test asserting the button is correctly absent when isMobile() is false

Testing

  • Unit tests added/updated
  • Manual testing performed
  • CI passes

Zero Trust Architecture Checklist

Required for every PR touching worker/ or frontend/.
Check each item that applies. If an item doesn't apply, check it and note "N/A".

Worker / Backend

  • Every handler verifies auth before executing business logic — N/A
  • CORS origin allowlist enforced (not *) on write/authenticated endpoints — N/A
  • All secrets accessed via Worker Secret bindings (not [vars]) — N/A
  • All external inputs Zod-validated before use — N/A
  • All D1 queries use parameterized .prepare().bind() (no string interpolation) — N/A
  • Security events emitted to Analytics Engine on auth failures — N/A

Frontend / Angular

  • Protected routes have functional CanActivateFn auth guards — N/A
  • Auth tokens managed via Clerk SDK (not localStorage) — N/A
  • HTTP interceptor attaches ****** (no manual token passing) — N/A
  • API responses validated with Zod schemas before consumption — N/A

Dependency version bump with test fix — no application logic or security-relevant code changed.

@dependabot
chore(deps): bump @angular/core from 21.2.4 to 21.2.6
258eff3 
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 21.2.4 to 21.2.6.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.6/packages/core)

---
updated-dependencies:
- dependency-name: "@angular/core"
  dependency-version: 21.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies External packages and dependencies label Mar 30, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 30, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​angular/​platform-browser-dynamic@​21.2.5 ⏵ 21.2.71001006998100
Updated@​angular/​core@​21.2.4 ⏵ 21.2.77310079 +198100
Updated@​angular/​platform-server@​21.2.5 ⏵ 21.2.77510077 +39880 -19
Updated@​angular/​compiler@​21.2.4 ⏵ 21.2.7751007898100
Updated@​angular/​platform-browser@​21.2.4 ⏵ 21.2.7771007598100
Updated@​angular/​service-worker@​21.2.4 ⏵ 21.2.778 +11007598100
Updated@​angular/​animations@​21.2.4 ⏵ 21.2.71001007698100
Updated@​angular/​compiler-cli@​21.2.4 ⏵ 21.2.780 +110077 +198100
Updated@​angular/​forms@​21.2.4 ⏵ 21.2.7771007798100
Updated@​angular/​router@​21.2.4 ⏵ 21.2.778 +110077 +198100
Updated@​angular/​common@​21.2.4 ⏵ 21.2.710010079 +198100

View full report

@jaypatrick jaypatrick self-assigned this Mar 31, 2026
@jaypatrick jaypatrick added this to the beta milestone Mar 31, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 31, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@jaypatrick jaypatrick requested a review from Copilot April 5, 2026 22:35
Copilot AI reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the frontend’s Angular dependency set by bumping @angular/core from 21.2.4 to 21.2.6 (Dependabot-driven), along with the corresponding pnpm-lock.yaml refresh.

Changes:

  • Bump @angular/core version range in frontend/package.json to ^21.2.6.
  • Update pnpm-lock.yaml to resolve @angular/core@21.2.6 and refresh related transitive package resolutions.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File Description
frontend/package.json Updates the declared @angular/core version range to ^21.2.6.
pnpm-lock.yaml Updates lockfile resolutions for @angular/core@21.2.6 and several transitive packages.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

@jaypatrick
Copy link
Copy Markdown
Owner

jaypatrick commented Apr 6, 2026

@copilot apply changes based on the comments in this thread

@jaypatrick
chore(deps): bump all @angular/* framework packages to 21.2.7 for con…
13aa524 
…sistent peer deps

Agent-Logs-Url: https://github.com/jaypatrick/adblock-compiler/sessions/51b9e04a-2130-40d9-9236-895f96158bb3

Co-authored-by: jaypatrick <1800595+jaypatrick@users.noreply.github.com>
Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 6, 2026

@copilot apply changes based on the comments in this thread

Done in commit 13aa524. Updated all Angular framework packages (@angular/animations, @angular/common, @angular/compiler, @angular/core, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/platform-server, @angular/router, @angular/service-worker, and @angular/compiler-cli) to ^21.2.7 (the current latest consistent patch across all packages) and regenerated the lockfile. All framework packages now resolve uniformly to 21.2.7, eliminating the unmet peer dependency warnings.

Copilot AI changed the title chore(deps): bump @angular/core from 21.2.4 to 21.2.6 chore(deps): bump all @angular/* framework packages from 21.2.4 to 21.2.7 Apr 6, 2026
Copilot AI requested a review from jaypatrick April 6, 2026 01:01
@jaypatrick
Copy link
Copy Markdown
Owner

jaypatrick commented Apr 6, 2026

@copilot ⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯

FAIL src/app/app.component.spec.ts > AppComponent > should render menu button with aria-label
AssertionError: expected null to be truthy

  • Expected:
    true
  • Received:
    null

❯ src/app/app.component.spec.ts:116:25
114| await fixture.whenStable();
115| const menuBtn = fixture.nativeElement.querySelector('button[ar…
116| expect(menuBtn).toBeTruthy();
| ^
117| });
118| });

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/1]⎯

Test Files 1 failed | 63 passed (64)
Tests 1 failed | 951 passed (952)
Start at 21:21:25
Duration 36.59s (transform 4.46s, setup 20.62s, import 21.92s, tests 59.18s, environment 2.98s)

/home/runner/work/adblock-compiler/adblock-compiler/frontend:
 ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL  adblock-frontend@1.0.0 test: vitest run
Exit status 1
Error: Process completed with exit code 1.

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 6, 2026

@copilot ⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯

FAIL src/app/app.component.spec.ts > AppComponent > should render menu button with aria-label
...

Fixed in commit 71e4386. The menu button is inside @if (isMobile()) in the template, so it's never rendered in jsdom's non-mobile environment. The fix moves the test into a new AppComponent (mobile viewport) describe block that mocks BreakpointObserver to return matches: true. Also added a companion desktop-viewport test that explicitly asserts the button is absent when isMobile() is false. All 953 tests pass.

@jaypatrick jaypatrick merged commit d0bd14b into main Apr 6, 2026
27 checks passed
@jaypatrick jaypatrick deleted the dependabot/npm_and_yarn/angular/core-21.2.6 branch April 6, 2026 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jaypatrick jaypatrick Awaiting requested review from jaypatrick

Assignees

@jaypatrick jaypatrick

Labels

dependencies External packages and dependencies

Projects

None yet

Milestone

beta

Development

Successfully merging this pull request may close these issues.

3 participants

@jaypatrick