Skip to content

chore(deps): bump the npm_and_yarn group across 4 directories with 11 updates#342

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/chat/frontend-angular/npm_and_yarn-11f7550d40
Closed

chore(deps): bump the npm_and_yarn group across 4 directories with 11 updates#342
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/chat/frontend-angular/npm_and_yarn-11f7550d40

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 8 updates in the /examples/chat/frontend-angular directory:

Package From To
@angular/common 21.2.13 22.0.5
@angular/compiler 21.2.13 21.2.17
@angular/core 21.2.13 21.2.17
@sigstore/core 3.2.0 3.2.1
@sigstore/verify 3.1.0 3.1.1
hono 4.12.23 4.12.27
undici 6.25.0 6.27.0
tar 7.5.13 7.5.19

Bumps the npm_and_yarn group with 1 update in the /examples/chat/frontend-svelte directory: vite.
Bumps the npm_and_yarn group with 8 updates in the /examples/voice/frontend-angular directory:

Package From To
@angular/common 21.2.13 22.0.5
@angular/compiler 21.2.13 21.2.17
@angular/core 21.2.13 21.2.17
@sigstore/core 3.2.0 3.2.1
@sigstore/verify 3.1.0 3.1.1
hono 4.12.23 4.12.27
undici 6.25.0 6.27.0
tar 7.5.14 7.5.19

Bumps the npm_and_yarn group with 1 update in the /examples/voice/frontend-svelte directory: vite.

Updates @angular/common from 21.2.13 to 22.0.5

Release notes

Sourced from @​angular/common's releases.

22.0.5

common

Commit Description
fix - eb8fb9fe58 use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler-cli

Commit Description
fix - baf09a9939 include toSignal in debugName transform

core

Commit Description
fix - e598dc843f improve input writes migration in best effort mode
fix - ced0180b06 reject dynamic script host elements

router

Commit Description
fix - ca13b42e7c fix malformed jsdoc comment for RouterLinkWithHref export

22.0.4

migrations

Commit Description
fix - fd37f09f37 resolve migration failure when tsconfig specifies rootDir

22.0.3

compiler

Commit Description
fix - f90c20df40 account for NgModule dependencies in JIT-compiled partial declarations
fix - f4f7f3755c remove unused import breaking CI in 22.0.x

compiler-cli

Commit Description
fix - 06d854929c report diagnostic instead of crashing on malformed host binding

core

Commit Description
fix - 2799304259 avoid uncaught promise errors in injectAsync prefetching

http

Commit Description
fix - 8cdc202dfc prevent caching of responses with Set-Cookie headers

service-worker

Commit Description
fix - b4a5a2fb4e preserve referrer in asset requests
fix - a16f9b2263 preserve referrer policy in asset requests

upgrade

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

22.0.5 (2026-07-01)

common

Commit Type Description
eb8fb9fe58 fix use Object.hasOwn in I18nSelectPipe to handle null-prototype and shadowed mappings

compiler-cli

Commit Type Description
baf09a9939 fix include toSignal in debugName transform

core

Commit Type Description
e598dc843f fix improve input writes migration in best effort mode
ced0180b06 fix reject dynamic script host elements

router

Commit Type Description
ca13b42e7c fix fix malformed jsdoc comment for RouterLinkWithHref export

22.1.0-next.3 (2026-06-26)

migrations

Commit Type Description
26b0c719ef fix resolve migration failure when tsconfig specifies rootDir

22.0.4 (2026-06-26)

migrations

Commit Type Description
fd37f09f37 fix resolve migration failure when tsconfig specifies rootDir

22.1.0-next.2 (2026-06-25)

compiler

Commit Type Description
ecd047578e fix account for NgModule dependencies in JIT-compiled partial declarations

compiler-cli

Commit Type Description
8b2785b597 fix report diagnostic instead of crashing on malformed host binding

core

... (truncated)

Commits
  • eb8fb9f fix(common): use Object.hasOwn in I18nSelectPipe to handle null-prototype and...
  • cd8f472 docs: add documentation for HttpClient response body size limit and related e...
  • 8cdc202 fix(http): prevent caching of responses with Set-Cookie headers
  • 6867f77 fix(http): distinguish repeated transfer cache params
  • 6c1f3e9 fix(common): skip transfer cache for uncacheable HTTP traffic (#69316)
  • 7ef1399 fix(http): skip transfer cache for fetch credentialed requests (#69316)
  • 94ea403 fix(common): escape anchor fragment in shadow DOM name selector
  • 2dd65d2 fix(http): pass down the reportUploadProgress and reportDownloadProgress ...
  • 1bd5a56 docs: deprecate XHR support for server-side rendering in HTTP docs and recomm...
  • 3c2892c fix(common): prevent prototype pollution in formatDateTime
  • Additional commits viewable in compare view

Updates @angular/compiler from 21.2.13 to 21.2.17

Release notes

Sourced from @​angular/compiler's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • dc9c996 fix(compiler): sanitize two-way properties
  • ae1c8a1 fix(compiler): move projection attributes into constants
  • eb1cbbf fix(compiler): prevent namespaced SVG <style> elements from being stripped
  • 29ceeff docs: fix typos in source code comments
  • 782e015 fix(compiler): strip namespaced SVG script elements during template compilati...
  • ff12fe5 fix(core): normalize tag names in runtime i18n attribute security context loo...
  • 0b07f47 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
  • cc1378d fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
  • daaf329 fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
  • 68282df fix(compiler): strip namespaced SVG script elements during template compilation
  • Additional commits viewable in compare view

Updates @angular/core from 21.2.13 to 21.2.17

Release notes

Sourced from @​angular/core's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • 88832c8 fix(core): validate lowercase SVG animation attribute names (#69269)
  • 3551074 fix(platform-server): harden platform location origin validation during SSR
  • bc55749 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • d846326 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e245d40 fix(http): skip transfer cache for fetch credentialed requests
  • 1523061 fix(core): harden TransferState restoration against DOM clobbering
  • 736c4ab refactor(core): fix broken unit test.
  • 3fd6897 fix(core): harden inherit definition feature against polluted prototypes
  • 7e38336 fix(core): use Object.create(null) for LOCALE_DATA as a hardening measure
  • 29ceeff docs: fix typos in source code comments
  • Additional commits viewable in compare view

Updates @sigstore/core from 3.2.0 to 3.2.1

Release notes

Sourced from @​sigstore/core's releases.

@​sigstore/core@​3.2.1

Patch Changes

  • b5aa4f1: Apply UTF-8 encoding to payload type during PAE calculation
Commits

Updates @sigstore/verify from 3.1.0 to 3.1.1

Release notes

Sourced from @​sigstore/verify's releases.

@​sigstore/verify@​3.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
    • @​sigstore/core@​3.2.1
Commits

Updates esbuild from 0.27.3 to 0.27.7

Release notes

Sourced from esbuild's releases.

v0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
    class Foo {
      constructor(public x = 1) {}
      y = 2
    }
    // Old output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    this.x = x;
    __publicField(this, "y", 2);
    }
    x;
    }
    // New output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    __publicField(this, "x", x);
    __publicField(this, "y", 2);
    }
    }

v0.27.5

  • Fix for an async generator edge case (#4401, #4417)

    Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:

    async function* inner() { yield 1; yield 2 }
    async function* outer() { yield* inner() }
    let gen = outer()
    for await (let x of [gen.next(), gen.next()]) console.log(x)

    Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with --supported:async-generator=false). The transformation should be fixed starting with this release.

    This fix was contributed by @​2767mr.

  • Fix a regression when metafile is enabled (#4420, #4418)

    This release fixes a regression introduced by the previous release. When metafile: true was enabled in esbuild's JavaScript API, builds with build errors were incorrectly throwing an error about an empty JSON string instead of an object containing the build errors.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
    class Foo {
      constructor(public x = 1) {}
      y = 2
    }
    // Old output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    this.x = x;
    __publicField(this, "y", 2);
    }
    x;
    }
    // New output (with --loader=ts --target=es2021)
    class Foo {
    constructor(x = 1) {
    __publicField(this, "x", x);
    __publicField(this, "y", 2);
    }
    }

0.27.5

  • Fix for an async generator edge case (#4401, #4417)

    Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:

    async function* inner() { yield 1; yield 2 }
    async function* outer() { yield* inner() }
    let gen = outer()
    for await (let x of [gen.next(), gen.next()]) console.log(x)

    Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with --supported:async-generator=false). The transformation should be fixed starting with this release.

    This fix was contributed by @​2767mr.

  • Fix a regression when metafile is enabled (#4420, #4418)

... (truncated)

Commits
  • 2025c9f publish 0.27.7 to npm
  • c6b586e fix typo in Makefile for @esbuild/win32-x64
  • 9785e14 publish 0.27.6 to npm
  • b169d8c Revert "update go 1.25.7 => 1.26.1"
  • 7ac8762 run make update-compat-table
  • 8b5ff53 remove an incorrect else
  • e955268 fix #4421: lower generated class fields if needed
  • a5a2500 ci: move make test-old-ts
  • b71e7ac omit go's buildvcs for more reproducible builds
  • 7406b09 organize make platform-all output in Makefile
  • Additional commits viewable in compare view

Updates hono from 4.12.23 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

... (truncated)

Commits
  • 97c6fe1 4.12.27
  • aa92177 Merge commit from fork
  • cd3f6f7 Merge commit from fork
  • d4853a8 fix(jsx): make merged context-isolation tests pass tsc type check (#5037)
  • 6735fea fix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)
  • fab3b13 Merge commit from fork
  • 9f0dadf ci: use npm Staged publishing (#5035)
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates undici from 6.25.0 to 6.27.0

Release notes

Sourced from undici's releases.

v6.27.0

⚠️ Security Release

This release line addresses 4 security advisories.

Action required: Upgrade to undici 6.27.0 or later.

npm install undici@^6.27.0

Note on patched version: the v6 fixes shipped in v6.27.0, not 6.26.0v6.26.0 contains only the chunked-EOF fix (#5308) and the version bump, none of the security fixes below.

The v6 line is not affected by the SOCKS5 advisories (GHSA-vmh5-mc38-953g, GHSA-hm92-r4w5-c3mj), the shared-cache disclosure (GHSA-pr7r-676h-xcf6), or the 8.x-only WebSocket regression (GHSA-38rv-x7px-6hhq).

Summary

Advisory CVE Severity (CVSS) Fixed in Fix commit
GHSA-vxpw-j846-p89q CVE-2026-12151 High (7.5) 6.27.0 b7f252e7
GHSA-p88m-4jfj-68fv CVE-2026-9679 Moderate (5.9) 6.27.0 25efa447
GHSA-g8m3-5g58-fq7m CVE-2026-11525 Low (3.7) 6.27.0 25efa447
GHSA-35p6-xmwp-9g52 CVE-2026-6733 Low (3.7) 6.27.0 f4c31d60

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: b7f252e7 Backport WebSocket maxPayloadSize fixes (#5423, backported to v6 in #5428)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service. All releases from 6.17.0 onward are affected.

  • Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
  • Workaround: none — upgrade is required.

Moderate severity

HTTP header injection via Set-Cookie percent-decoding — CVE-2026-9679

... (truncated)

Commits

Updates piscina from 5.1.4 to 5.2.0

Changelog

Sourced from piscina's changelog.

5.2.0 (2026-06-12)

Features

  • Add idleThreads getter (#1059) (

… updates

Bumps the npm_and_yarn group with 8 updates in the /examples/chat/frontend-angular directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `21.2.13` | `22.0.5` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `21.2.13` | `21.2.17` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.2.13` | `21.2.17` |
| [@sigstore/core](https://github.com/sigstore/sigstore-js) | `3.2.0` | `3.2.1` |
| [@sigstore/verify](https://github.com/sigstore/sigstore-js) | `3.1.0` | `3.1.1` |
| [hono](https://github.com/honojs/hono) | `4.12.23` | `4.12.27` |
| [undici](https://github.com/nodejs/undici) | `6.25.0` | `6.27.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.13` | `7.5.19` |

Bumps the npm_and_yarn group with 1 update in the /examples/chat/frontend-svelte directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 8 updates in the /examples/voice/frontend-angular directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `21.2.13` | `22.0.5` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `21.2.13` | `21.2.17` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `21.2.13` | `21.2.17` |
| [@sigstore/core](https://github.com/sigstore/sigstore-js) | `3.2.0` | `3.2.1` |
| [@sigstore/verify](https://github.com/sigstore/sigstore-js) | `3.1.0` | `3.1.1` |
| [hono](https://github.com/honojs/hono) | `4.12.23` | `4.12.27` |
| [undici](https://github.com/nodejs/undici) | `6.25.0` | `6.27.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.14` | `7.5.19` |

Bumps the npm_and_yarn group with 1 update in the /examples/voice/frontend-svelte directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@angular/common` from 21.2.13 to 22.0.5
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.5/packages/common)

Updates `@angular/compiler` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/compiler)

Updates `@angular/core` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/core)

Updates `@sigstore/core` from 3.2.0 to 3.2.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/core@3.2.0...@sigstore/core@3.2.1)

Updates `@sigstore/verify` from 3.1.0 to 3.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

Updates `esbuild` from 0.27.3 to 0.27.7
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.3...v0.27.7)

Updates `hono` from 4.12.23 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.27)

Updates `undici` from 6.25.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.25.0...v6.27.0)

Updates `piscina` from 5.1.4 to 5.2.0
- [Release notes](https://github.com/piscinajs/piscina/releases)
- [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md)
- [Commits](piscinajs/piscina@v5.1.4...v5.2.0)

Updates `tar` from 7.5.13 to 7.5.19
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.19)

Updates `vite` from 7.3.2 to 7.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `vite` from 8.0.10 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `vite` from 8.0.13 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `@angular/common` from 21.2.13 to 22.0.5
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v22.0.5/packages/common)

Updates `@angular/compiler` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/compiler)

Updates `@angular/core` from 21.2.13 to 21.2.17
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/core)

Updates `@sigstore/core` from 3.2.0 to 3.2.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/core@3.2.0...@sigstore/core@3.2.1)

Updates `@sigstore/verify` from 3.1.0 to 3.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

Updates `esbuild` from 0.27.3 to 0.27.7
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.3...v0.27.7)

Updates `hono` from 4.12.23 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.23...v4.12.27)

Updates `undici` from 6.25.0 to 6.27.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.25.0...v6.27.0)

Updates `piscina` from 5.1.4 to 5.2.0
- [Release notes](https://github.com/piscinajs/piscina/releases)
- [Changelog](https://github.com/piscinajs/piscina/blob/v5.2.0/CHANGELOG.md)
- [Commits](piscinajs/piscina@v5.1.4...v5.2.0)

Updates `tar` from 7.5.14 to 7.5.19
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.19)

Updates `vite` from 7.3.2 to 7.3.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `vite` from 8.0.10 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `vite` from 8.0.13 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 22.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.27.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: piscina
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.19
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@angular/common"
  dependency-version: 22.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 21.2.17
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.27.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: piscina
  dependency-version: 5.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.19
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #343.

@dependabot dependabot Bot closed this Jul 2, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/examples/chat/frontend-angular/npm_and_yarn-11f7550d40 branch July 2, 2026 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants