chore(deps): bump the npm-version-updates group across 1 directory with 24 updates

[dependabot]

Bumps the npm-version-updates group with 23 updates in the / directory:

Package	From	To
@angular/common	20.3.4	21.0.2
@angular/compiler	20.3.4	21.0.2
@angular/core	20.3.4	21.0.2
@angular/platform-browser	20.3.4	21.0.2
@angular/router	20.3.4	21.0.2
oidc-client-ts	3.3.0	3.4.1
zone.js	0.15.1	0.16.0
@angular-eslint/builder	20.4.0	21.0.1
@angular/build	20.3.7	21.0.1
@angular/cli	20.3.5	21.0.1
@angular/compiler-cli	20.3.4	21.0.2
@eslint/js	9.38.0	9.39.1
@playwright/test	1.56.1	1.57.0
@tailwindcss/postcss	4.1.14	4.1.17
@types/jasmine	5.1.10	5.1.13
@types/node	24.7.2	24.10.1
angular-eslint	20.4.0	21.0.1
autoprefixer	10.4.21	10.4.22
eslint	9.38.0	9.39.1
jasmine-core	5.9.0	5.12.1
knip	5.66.2	5.71.0
prettier	3.6.2	3.7.3
typescript-eslint	8.46.0	8.48.0

Updates @angular/common from 20.3.4 to 21.0.2

Release notes

Sourced from @​angular/common's releases.

21.0.2

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

21.0.1

compiler-cli

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

core

Commit	Description
	apply bootstrap-options migration to platformBrowserDynamic
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected DOCUMENT for CSP_NONCE
	avoid repeat searches for field directive

forms

Commit	Description
	add DI option for classes on Field directive
	allow dynamic type bindings on signal form controls
	run reset as untracked

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

migrations

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

• fix(language-service): address potential memory leak during project creation (89095946cf)
• fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.0.2 (2025-12-01)

compiler

Commit	Type	Description
78fd159b78	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

20.3.15 (2025-12-01)

compiler

Commit	Type	Description
d1ca8ae043	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.17 (2025-12-01)

compiler

Commit	Type	Description
7c42e2ebeb	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16 (2025-11-26)

http

Commit	Type	Description
05fe6686a9	fix	prevent XSRF token leakage to protocol-relative URLs

21.1.0-next.0 (2025-11-25)

... (truncated)

Commits

• 3240d85 fix(http): prevent XSRF token leakage to protocol-relative URLs
• 6de8926 refactor(core): add debug name to resource (#64172)
• 00ffe91 refactor(common): removes unused NgModuleFactory config in NgComponentOutlet
• 8765b66 docs: add reference to Built-in Pipes in multiple pipe files
• ab98e71 fix(common): remove placeholder image listeners once view is removed
• 8ab0847 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
• 650af71 refactor(http): migrate XSRF classes to use inject() function
• 3bed9f0 build: format md files
• a3c2fe8 Revert "refactor(common): Removes unused imports to clean up dependencies"
• 6d3e0f1 refactor(common): Removes unused imports to clean up dependencies
• Additional commits viewable in compare view

Updates @angular/compiler from 20.3.4 to 21.0.2

Release notes

Sourced from @​angular/compiler's releases.

21.0.2

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

21.0.1

compiler-cli

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

core

Commit	Description
	apply bootstrap-options migration to platformBrowserDynamic
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected DOCUMENT for CSP_NONCE
	avoid repeat searches for field directive

forms

Commit	Description
	add DI option for classes on Field directive
	allow dynamic type bindings on signal form controls
	run reset as untracked

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

migrations

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

• fix(language-service): address potential memory leak during project creation (89095946cf)
• fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.0.2 (2025-12-01)

compiler

Commit	Type	Description
78fd159b78	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

20.3.15 (2025-12-01)

compiler

Commit	Type	Description
d1ca8ae043	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.17 (2025-12-01)

compiler

Commit	Type	Description
7c42e2ebeb	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16 (2025-11-26)

http

Commit	Type	Description
05fe6686a9	fix	prevent XSRF token leakage to protocol-relative URLs

21.1.0-next.0 (2025-11-25)

... (truncated)

Commits

• 78fd159 fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
• 279824c refactor(compiler): remove interpolation-related symbols
• 0053186 refactor(compiler): remove container blocks config
• ecea909 fix(compiler): don't choke on unbalanced parens in declaration block
• afda85f refactor(core): remove unused type
• c05cf41 refactor(core): render additional WAI-ARIA 1.3 property bindings as attributes
• 814b271 fix(compiler): support complex selectors in :nth-child()
• 20319fe refactor(compiler): remove unused code
• 6213cbf refactor(core): rename ExperimentalIsolatedShadowDom to IsolatedShadowDom
• b69763c test(compiler): add test for :host:has(> .foo)
• Additional commits viewable in compare view

Updates @angular/core from 20.3.4 to 21.0.2

Release notes

Sourced from @​angular/core's releases.

21.0.2

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

21.0.1

compiler-cli

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

core

Commit	Description
	apply bootstrap-options migration to platformBrowserDynamic
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected DOCUMENT for CSP_NONCE
	avoid repeat searches for field directive

forms

Commit	Description
	add DI option for classes on Field directive
	allow dynamic type bindings on signal form controls
	run reset as untracked

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

migrations

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

• fix(language-service): address potential memory leak during project creation (89095946cf)
• fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.0.2 (2025-12-01)

compiler

Commit	Type	Description
78fd159b78	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

20.3.15 (2025-12-01)

compiler

Commit	Type	Description
d1ca8ae043	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.17 (2025-12-01)

compiler

Commit	Type	Description
7c42e2ebeb	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16 (2025-11-26)

http

Commit	Type	Description
05fe6686a9	fix	prevent XSRF token leakage to protocol-relative URLs

21.1.0-next.0 (2025-11-25)

... (truncated)

Commits

• 78fd159 fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
• a408415 refactor(migrations): don't migration the server bootstrapApplicaiton on zo...
• 151616d refactor(core): show error message on signal error
• 0ae14cb test(core): test bundling of dynamic component creation and bindings
• 908b5a4 refactor: replace getDocument() with inject(DOCUMENT)
• 6b20adf refactor: add mark for signal forms
• 49ad7c6 fix(core): use injected DOCUMENT for CSP_NONCE
• 7d5c7cf feat(forms): add DI option for classes on Field directive
• 477df38 docs: improve core package API documentation with additional reference links
• 0e458c7 refactor(core): Remove toggles used for zoneless by default migration
• Additional commits viewable in compare view

Updates @angular/platform-browser from 20.3.4 to 21.0.2

Release notes

Sourced from @​angular/platform-browser's releases.

21.0.2

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

21.0.1

compiler-cli

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

core

Commit	Description
	apply bootstrap-options migration to platformBrowserDynamic
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected DOCUMENT for CSP_NONCE
	avoid repeat searches for field directive

forms

Commit	Description
	add DI option for classes on Field directive
	allow dynamic type bindings on signal form controls
	run reset as untracked

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

migrations

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

• fix(language-service): address potential memory leak during project creation (89095946cf)
• fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)

... (truncated)

Changelog

Sourced from @​angular/platform-browser's changelog.

21.0.2 (2025-12-01)

compiler

Commit	Type	Description
78fd159b78	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

20.3.15 (2025-12-01)

compiler

Commit	Type	Description
d1ca8ae043	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.17 (2025-12-01)

compiler

Commit	Type	Description
7c42e2ebeb	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16 (2025-11-26)

http

Commit	Type	Description
05fe6686a9	fix	prevent XSRF token leakage to protocol-relative URLs

21.1.0-next.0 (2025-11-25)

... (truncated)

Commits

• f550f4a docs: ExperimentalIsolatedShadowDom mentions
• 6213cbf refactor(core): rename ExperimentalIsolatedShadowDom to IsolatedShadowDom
• 8ab0847 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
• 593f902 refactor(platform-browser): remove unused Platform ID dependency from DomRend...
• 3bed9f0 build: format md files
• 33f8339 refactor(platform-browser): remove redundant providedIn: 'root' from inject...
• a4fe078 refactor(common): remove unused import (#64699)
• d303cde refactor(core): Remove zone toggles for test and standalone
• 70332b0 fix(core): pass element removal property through in all locations (#64565)
• 8d1e979 docs: add references to SSR guide for caching options (#64347)
• Additional commits viewable in compare view

Updates @angular/router from 20.3.4 to 21.0.2

Release notes

Sourced from @​angular/router's releases.

21.0.2

compiler

Commit	Description
	prevent XSS via SVG animation attributeName and MathML/SVG URLs

21.0.1

compiler-cli

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

core

Commit	Description
	apply bootstrap-options migration to platformBrowserDynamic
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected DOCUMENT for CSP_NONCE
	avoid repeat searches for field directive

forms

Commit	Description
	add DI option for classes on Field directive
	allow dynamic type bindings on signal form controls
	run reset as untracked

http

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

migrations

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

• fix(language-service): address potential memory leak during project creation (89095946cf)
• fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)

... (truncated)

Changelog

Sourced from @​angular/router's changelog.

21.0.2 (2025-12-01)

compiler

Commit	Type	Description
78fd159b78	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

20.3.15 (2025-12-01)

compiler

Commit	Type	Description
d1ca8ae043	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.17 (2025-12-01)

compiler

Commit	Type	Description
7c42e2ebeb	fix	prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16 (2025-11-26)

http

Commit	Type	Description
05fe6686a9	fix	prevent XSRF token leakage to protocol-relative URLs

21.1.0-next.0 (2025-11-25)

... (truncated)

Commits

• a62162d docs: Update router docs to add references and components input fixed syntaxis
• 9d6b869 docs(docs-infra): fix missing syntax highlighting
• 35dc3ec refactor(common): update examples to align with Angular best practices
• 9950165 docs: adds guide references to router APIs
• 7811d95 refactor(core): improve resource loading with async/await
• e5a19cb refactor(router): add ngDevMode guards to InjectionToken names and cleanup im...
• 8ab0847 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
• 9db114f refactor(router): replace Optional with inject() flags
• 3bed9f0 build: format md files
• a3c2fe8 Revert "refactor(common): Removes unused imports to clean up dependencies"
• Additional commits viewable in compare view

Updates oidc-client-ts from 3.3.0 to 3.4.1

Release notes

Sourced from oidc-client-ts's releases.

v3.4.1

oidc-client-ts v3.4.1 is a bugfix release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Fixes:
  • #2259 forward popupAbortOnClose to PopupNavigator.prepare

thanks to @​watabean

v3.4.0

oidc-client-ts v3.4.0 is a minor release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Features:
  • #1890 optionally enforce iframe auth flow in signinSilent
  • #2180 add support for client_secret_jwt
  • #2244 optionally restore popup close rejection
• Fixes;
  • #2147 wait until the page is shown again to resolve in RedirectNavigator

thanks to @​Hyperkid123, @​Nick-Source, @​Skizu and @​smujmaiku

Commits

• e4c730c v3.4.1
• 9adc363 Merge pull request #2256 from authts/dependabot/npm_and_yarn/fake-indexeddb-6...
• 76ac9f9 build(deps-dev): bump fake-indexeddb from 6.2.4 to 6.2.5
• 3f9c2fa Merge pull request #2257 from authts/dependabot/npm_and_yarn/globals-16.5.0
• e365784 Merge pull request #2262 from authts/dependabot/npm_and_yarn/types/node-24.10.1
• c36a490 Merge pull request #2263 from authts/dependabot/npm_and_yarn/microsoft/api-ex...
• 8a01125 Merge pull request #2258 from authts/dependabot/npm_and_yarn/esbuild-0.27.0
• 389419c Merge pull request #2259 from watabean/fix/forward-popupAbortOnClose-in-signi...
• d67fb18 build(deps-dev): bump @​microsoft/api-extractor from 7.53.3 to 7.55.0
• 92a39a1 build(deps-dev): bump @​types/node from 22.15.21 to 24.10.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for oidc-client-ts since your current version.

Updates zone.js from 0.15.1 to 0.16.0

Changelog

Sourced from zone.js's changelog.

0.16.0 (2025-11-19)

• fix(zone.js): Support jasmine v6 (48abe00)
• fix(zone.js): waitForAsync should pass args to the test function (#61755) (3c216c1), closes #61755 #61717 #61755
• refactor(zone.js): Add internal implementation for auto ticking fakeAsync (#62135) (0a827f9), closes #62135 #62135
• refactor(zone.js): Improve missing proxy zone error for jest imported (#64497) (ced2fa5), closes #64497 #47603 #64497
• refactor(zone.js): remove legacy browser support (#63511) (2e46596), closes #63511 #63511
• refactor(zone.js): remove unused jasmine globalerror monkey patching. (#63077) (9aef481), closes #63077 #63072 #63077
• test(zone.js): refactor tests to remove usage of shelljs (#64042) (422a3b9), closes #64042 #64042

BREAKING CHANGE

...

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.