chore(deps): bump the angular group with 11 updates

[dependabot]

Bumps the angular group with 11 updates:

Package	From	To
@angular/animations	21.2.8	21.2.12
@angular/cdk	21.2.5	21.2.10
@angular/common	21.2.8	21.2.12
@angular/compiler	21.2.8	21.2.12
@angular/core	21.2.8	21.2.12
@angular/forms	21.2.8	21.2.12
@angular/platform-browser	21.2.8	21.2.12
@angular/platform-browser-dynamic	21.2.8	21.2.12
@angular/build	21.2.7	21.2.10
@angular/cli	21.2.7	21.2.10
@angular/compiler-cli	21.2.8	21.2.12

Updates @angular/animations from 21.2.8 to 21.2.12

Release notes

Sourced from @​angular/animations's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/animations's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• See full diff in compare view

Updates @angular/cdk from 21.2.5 to 21.2.10

Release notes

Sourced from @​angular/cdk's releases.

21.2.10

aria

Commit	Description
	menu: do not set default aria-label (#33202)

21.2.9

material

Commit	Description
	stepper: allow stepper to be labelled (#33137)

cdk

Commit	Description
	tree: enter/space key on child node should not toggle parent node expansion (#33125)

aria

Commit	Description
	menu: use computed for menu item patterns, with trigger on visible (#33118)

21.2.8

No user facing changes in this release

21.2.7

material

Commit	Description
	sort: deprecate MatSortHeaderIntl and hide from docs (#33089)

21.2.6

material

Commit	Description
	select: wrong transform origin when opening upwards inside another overlay (#33032)

Changelog

Sourced from @​angular/cdk's changelog.

21.2.10 "metal-wallaby" (2026-05-06)

aria

Commit	Type	Description
48973661e	fix	menu: do not set default aria-label (#33202)

22.0.0-next.7 "astatine-agriculture" (2026-04-29)

aria

Commit	Type	Description
6ec07bc0c	feat	grid: add test harnesses (#33081)
05419c552	fix	menu: use computed for menu item patterns, with trigger on visible (#33118)

cdk

Commit	Type	Description
1a5d5d101	feat	dialog: add the ability to pass bindings
b916ef907	fix	tree: enter/space key on child node should not toggle parent node expansion (#33125)

material

Commit	Type	Description
867ba993b	feat	bottom-sheet: add the ability to pass bindings
bf3596b53	feat	dialog: add the ability to pass bindings
cb9148dca	fix	stepper: allow stepper to be labelled (#33137)

google-maps

Commit	Type	Description
e44ff8318	feat	Add support for the gmp-click event (#33147)

21.2.9 "astatine-astronaut" (2026-04-29)

aria

Commit	Type	Description
bf14cc9d9	fix	menu: use computed for menu item patterns, with trigger on visible (#33118)

cdk

Commit	Type	Description
3a3852d45	fix	tree: enter/space key on child node should not toggle parent node expansion (#33125)

material

Commit	Type	Description
51271c619	fix	stepper: allow stepper to be labelled (#33137)

... (truncated)

Commits

• 583da8a release: cut the v21.2.10 release
• babfbb7 build: update cross-repo angular dependencies (#33205)
• e08fdf2 build: fix failing test (#33212)
• 09e89fa build: lock file maintenance (#33201)
• 4897366 fix(aria/menu): do not set default aria-label (#33202)
• a6c5b72 build: update cross-repo angular dependencies (#33181)
• b7c34e3 build: update cross-repo angular dependencies (#33160)
• 58e29cf build: update dependency bazel_lib to v3.3.1 (#33177)
• e2f16ac build: update pnpm to v10.33.2 (#33165)
• d17f95d release: cut the v21.2.9 release
• Additional commits viewable in compare view

Updates @angular/common from 21.2.8 to 21.2.12

Release notes

Sourced from @​angular/common's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• 30cf85f refactor(common): update deprecation message
• 42d57c3 refactor(common): fix viewport tests
• 10ad3c0 fix(common): prevent focus from scrollToAnchor
• 540536c fix(http): add CSP nonce support to JsonpClientBackend
• See full diff in compare view

Updates @angular/compiler from 21.2.8 to 21.2.12

Release notes

Sourced from @​angular/compiler's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• 4f5d8a2 fix(compiler): let declaration span not including end character
• See full diff in compare view

Updates @angular/core from 21.2.8 to 21.2.12

Release notes

Sourced from @​angular/core's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• 9e38ed7 fix(core): sanitizer typings
• 3430251 fix(core): i18n flags leaking on errors
• c37f6ca fix(core): visit ng-let expression value in signal migration schematics
• fe13bb6 fix(core): allow explicit read generic with signal input transforms
• 7a05a9a fix(core): validate security-sensitive attributes in i18n bindings
• 1aeebbe fix(core): respect ngSkipHydration on components with projectable nodes in LC...
• 4900e45 build: update cross-repo angular dependencies
• a40e2ce fix(core): fix ordering of view queries metadata in JIT mode
• 9bcbf37 refactor(core): fix bundling symbol test
• 885a1a1 fix(core): guard against non-object events and avoid listener wrapper identit...
• Additional commits viewable in compare view

Updates @angular/forms from 21.2.8 to 21.2.12

Release notes

Sourced from @​angular/forms's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

... (truncated)

Changelog

Sourced from @​angular/forms's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors