Skip to content

chore(deps): bump @angular/core from 21.0.6 to 21.1.6#42

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/angular/core-21.1.6
Open

chore(deps): bump @angular/core from 21.0.6 to 21.1.6#42
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/angular/core-21.1.6

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps @angular/core from 21.0.6 to 21.1.6.

Release notes

Sourced from @​angular/core's releases.

21.1.6

common

Commit Description
fix - 31d3d56496 fix LCP image detection with duplicate URLs

compiler-cli

Commit Description
fix - 24b578ce90 detect uninvoked functions in defer trigger expressions

core

Commit Description
fix - b858309532 block creation of sensitive URI attributes from ICU messages

Breaking Changes

core

  • Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

    (cherry picked from commit 306f367899dfc2e04238fecd3455547b5d54075d)

21.1.5

No user facing changes in this release

21.1.4

compiler

Commit Description
fix - caab23dfe6 add geolocation element to schema

core

Commit Description
fix - 2b99eaa019 capture animation dependencies eagerly to avoid destroyed injector
fix - d6aeac504c Fix flakey test due to document injection

forms

Commit Description
feat - 0d1acd0165 support signal-based schemas in validateStandardSchema

http

Commit Description
fix - 3905015ccc correctly parse ArrayBuffer and Blob in transfer cache

21.1.3

core

Commit Description
fix - 2b254bc050 linkedSignal.update should propagate errors
fix - e5110b4fa1 export DirectiveWithBindings
fix - 2cf4da0ea1 hold constructors weakly in DepsTracker cache
fix - 70a5b651be prevent element duplication with dynamic components

forms

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.1.6 (2026-02-25)

Breaking Changes

core

  • Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

    (cherry picked from commit 306f367899dfc2e04238fecd3455547b5d54075d)

common

Commit Type Description
31d3d56496 fix fix LCP image detection with duplicate URLs

compiler-cli

Commit Type Description
24b578ce90 fix detect uninvoked functions in defer trigger expressions

core

Commit Type Description
b858309532 fix block creation of sensitive URI attributes from ICU messages

21.1.5 (2026-02-18)

No user facing changes in this release

21.1.4 (2026-02-11)

compiler

Commit Type Description
caab23dfe6 fix add geolocation element to schema

core

Commit Type Description
2b99eaa019 fix capture animation dependencies eagerly to avoid destroyed injector
d6aeac504c fix Fix flakey test due to document injection

forms

Commit Type Description
0d1acd0165 feat support signal-based schemas in validateStandardSchema

http

Commit Type Description
3905015ccc fix correctly parse ArrayBuffer and Blob in transfer cache

... (truncated)

Commits
  • b858309 fix(core): block creation of sensitive URI attributes from ICU messages
  • a8dcb28 refactor(core): remove outdated TODO comments
  • 31d3d56 fix(common): fix LCP image detection with duplicate URLs
  • 866da08 docs: add new debugging and troubleshooting di guide
  • 58eba77 refactor(core): remove outdated TODO comments referencing TypeScript 2.1
  • 9c3022d refactor(platform-server): split zone/zoneless tests.
  • 7150df2 build: update cross-repo angular dependencies to v21.1.4
  • 2b99eaa fix(core): capture animation dependencies eagerly to avoid destroyed injector
  • d9ec23e test: add test about mapped attributes to input
  • 6c14e3a build: update Jasmine to 6.0.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump @angular/core from 21.0.6 to 21.1.6
949bcff 
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 21.0.6 to 21.1.6.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.1.6/packages/core)

---
updated-dependencies:
- dependency-name: "@angular/core"
  dependency-version: 21.1.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants