build(deps): Bump the angular-stack group with 5 updates

[dependabot]

Bumps the angular-stack group with 5 updates:

Package	From	To
@angular/common	21.2.6	21.2.7
@angular/compiler	21.2.6	21.2.7
@angular/core	21.2.6	21.2.7
@angular-devkit/build-angular	21.2.5	21.2.6
@angular/cli	21.2.5	21.2.6

Updates @angular/common from 21.2.6 to 21.2.7

Release notes

Sourced from @​angular/common's releases.

21.2.7

compiler

Commit	Description
	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Description
	prevent recursive scope checks for invalid NgModule imports

core

Commit	Description
	prevent binding unsafe attributes on SVG animation elements (#67797)
	resolve component import by exact specifier in route lazy-loading schematic
	treat object[data] as resource URL context (#67797)

localize

Commit	Description
	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Description
	pass outlet context to split to fix empty path named outlets

Changelog

Sourced from @​angular/common's changelog.

21.2.7 (2026-04-01)

compiler

Commit	Type	Description
fea25d1a60	fix	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Type	Description
bba5ed8e64	fix	prevent recursive scope checks for invalid NgModule imports

core

Commit	Type	Description
d04ddd73df	fix	prevent binding unsafe attributes on SVG animation elements (#67797)
8fd896e99a	fix	resolve component import by exact specifier in route lazy-loading schematic
b682c62873	fix	treat object[data] as resource URL context (#67797)

localize

Commit	Type	Description
3c41e74fdd	fix	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Type	Description
0960592d3d	fix	pass outlet context to split to fix empty path named outlets

22.0.0-next.5 (2026-03-25)

Breaking Changes

compiler-cli

• Elements with multiple matching selectors will now throw at compile time.

core

• Component with undefined changeDetection property are now OnPush by default. Specify changeDetection: ChangeDetectionStrategy.Eager to keep the previous behavior.

platform-browser

• Hammer.js integration has been removed. Use your own implementation.

common

Commit	Type	Description
c1312da183	fix	avoid redundant image fetch on destroy with auto sizes

compiler

Commit	Type	Description
e850643b1b	feat	Support comments in html element.
96be4f429b	fix	abstract emitter producing incorrect code for dynamic imports
5a712d42d1	fix	prevent shimCssText from adding extra blank lines per CSS comment

compiler-cli

Commit	Type	Description
ca67828ee2	refactor	introduce NG8023 compile-time diagnostic for duplicate selectors

core

... (truncated)

Commits

• 13f050d test: construct local Date objects to fix timezone flakiness
• d0cf299 test: remove unsupported timezone from formatDate tests
• See full diff in compare view

Updates @angular/compiler from 21.2.6 to 21.2.7

Release notes

Sourced from @​angular/compiler's releases.

21.2.7

compiler

Commit	Description
	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Description
	prevent recursive scope checks for invalid NgModule imports

core

Commit	Description
	prevent binding unsafe attributes on SVG animation elements (#67797)
	resolve component import by exact specifier in route lazy-loading schematic
	treat object[data] as resource URL context (#67797)

localize

Commit	Description
	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Description
	pass outlet context to split to fix empty path named outlets

Changelog

Sourced from @​angular/compiler's changelog.

21.2.7 (2026-04-01)

compiler

Commit	Type	Description
fea25d1a60	fix	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Type	Description
bba5ed8e64	fix	prevent recursive scope checks for invalid NgModule imports

core

Commit	Type	Description
d04ddd73df	fix	prevent binding unsafe attributes on SVG animation elements (#67797)
8fd896e99a	fix	resolve component import by exact specifier in route lazy-loading schematic
b682c62873	fix	treat object[data] as resource URL context (#67797)

localize

Commit	Type	Description
3c41e74fdd	fix	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Type	Description
0960592d3d	fix	pass outlet context to split to fix empty path named outlets

22.0.0-next.5 (2026-03-25)

Breaking Changes

compiler-cli

• Elements with multiple matching selectors will now throw at compile time.

core

• Component with undefined changeDetection property are now OnPush by default. Specify changeDetection: ChangeDetectionStrategy.Eager to keep the previous behavior.

platform-browser

• Hammer.js integration has been removed. Use your own implementation.

common

Commit	Type	Description
c1312da183	fix	avoid redundant image fetch on destroy with auto sizes

compiler

Commit	Type	Description
e850643b1b	feat	Support comments in html element.
96be4f429b	fix	abstract emitter producing incorrect code for dynamic imports
5a712d42d1	fix	prevent shimCssText from adding extra blank lines per CSS comment

compiler-cli

Commit	Type	Description
ca67828ee2	refactor	introduce NG8023 compile-time diagnostic for duplicate selectors

core

... (truncated)

Commits

• d04ddd7 fix(core): prevent binding unsafe attributes on SVG animation elements (#67797)
• fea25d1 fix(compiler): register SVG animation attributes in URL security context (#67...
• See full diff in compare view

Updates @angular/core from 21.2.6 to 21.2.7

Release notes

Sourced from @​angular/core's releases.

21.2.7

compiler

Commit	Description
	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Description
	prevent recursive scope checks for invalid NgModule imports

core

Commit	Description
	prevent binding unsafe attributes on SVG animation elements (#67797)
	resolve component import by exact specifier in route lazy-loading schematic
	treat object[data] as resource URL context (#67797)

localize

Commit	Description
	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Description
	pass outlet context to split to fix empty path named outlets

Changelog

Sourced from @​angular/core's changelog.

21.2.7 (2026-04-01)

compiler

Commit	Type	Description
fea25d1a60	fix	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Type	Description
bba5ed8e64	fix	prevent recursive scope checks for invalid NgModule imports

core

Commit	Type	Description
d04ddd73df	fix	prevent binding unsafe attributes on SVG animation elements (#67797)
8fd896e99a	fix	resolve component import by exact specifier in route lazy-loading schematic
b682c62873	fix	treat object[data] as resource URL context (#67797)

localize

Commit	Type	Description
3c41e74fdd	fix	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Type	Description
0960592d3d	fix	pass outlet context to split to fix empty path named outlets

22.0.0-next.5 (2026-03-25)

Breaking Changes

compiler-cli

• Elements with multiple matching selectors will now throw at compile time.

core

• Component with undefined changeDetection property are now OnPush by default. Specify changeDetection: ChangeDetectionStrategy.Eager to keep the previous behavior.

platform-browser

• Hammer.js integration has been removed. Use your own implementation.

common

Commit	Type	Description
c1312da183	fix	avoid redundant image fetch on destroy with auto sizes

compiler

Commit	Type	Description
e850643b1b	feat	Support comments in html element.
96be4f429b	fix	abstract emitter producing incorrect code for dynamic imports
5a712d42d1	fix	prevent shimCssText from adding extra blank lines per CSS comment

compiler-cli

Commit	Type	Description
ca67828ee2	refactor	introduce NG8023 compile-time diagnostic for duplicate selectors

core

... (truncated)

Commits

• 4ad6d58 build: update cross-repo angular dependencies to v21.2.6
• d04ddd7 fix(core): prevent binding unsafe attributes on SVG animation elements (#67797)
• b682c62 fix(core): treat object[data] as resource URL context (#67797)
• fea25d1 fix(compiler): register SVG animation attributes in URL security context (#67...
• 8fd896e fix(core): resolve component import by exact specifier in route lazy-loading ...
• 4b2008d build: update cross-repo angular dependencies
• See full diff in compare view

Updates @angular-devkit/build-angular from 21.2.5 to 21.2.6

Release notes

Sourced from @​angular-devkit/build-angular's releases.

21.2.6

@​angular/cli

Commit	Description
	fix sourceRoot resolution for MCP projects tool

@​angular/build

Commit	Description
	ensure transitive SCSS partial errors are tracked in watch mode
	ensure Vitest mock patching is executed only once
	preserve error stack traces during prerendering
	scope CHROME_BIN executable path to individual playwright instances

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

21.2.6 (2026-04-01)

@​angular/cli

Commit	Type	Description
ea14f28cc	fix	fix sourceRoot resolution for MCP projects tool

@​angular/build

Commit	Type	Description
9136eb376	fix	ensure transitive SCSS partial errors are tracked in watch mode
8186faa11	fix	ensure Vitest mock patching is executed only once
107d1a9e2	fix	preserve error stack traces during prerendering
b7f457253	fix	scope CHROME_BIN executable path to individual playwright instances

Commits

• 9a2ee51 release: cut the v21.2.6 release
• 7bfe347 refactor(@​angular/build): extract headless configuration logic into helper fu...
• b7f4572 fix(@​angular/build): scope CHROME_BIN executable path to individual playwrigh...
• 8f954e3 build: safeguard terminal styling in devkit admin script
• 57e956c build: update cross-repo angular dependencies
• 750c461 build: update pnpm to v10.33.0
• ea14f28 fix(@​angular/cli): fix sourceRoot resolution for MCP projects tool
• 9136eb3 fix(@​angular/build): ensure transitive SCSS partial errors are tracked in wat...
• 107d1a9 fix(@​angular/build): preserve error stack traces during prerendering
• 8186faa fix(@​angular/build): ensure Vitest mock patching is executed only once
• Additional commits viewable in compare view

Updates @angular/cli from 21.2.5 to 21.2.6

Release notes

Sourced from @​angular/cli's releases.

21.2.6

@​angular/cli

Commit	Description
	fix sourceRoot resolution for MCP projects tool

@​angular/build

Commit	Description
	ensure transitive SCSS partial errors are tracked in watch mode
	ensure Vitest mock patching is executed only once
	preserve error stack traces during prerendering
	scope CHROME_BIN executable path to individual playwright instances

Changelog

Sourced from @​angular/cli's changelog.

21.2.6 (2026-04-01)

@​angular/cli

Commit	Type	Description
ea14f28cc	fix	fix sourceRoot resolution for MCP projects tool

@​angular/build

Commit	Type	Description
9136eb376	fix	ensure transitive SCSS partial errors are tracked in watch mode
8186faa11	fix	ensure Vitest mock patching is executed only once
107d1a9e2	fix	preserve error stack traces during prerendering
b7f457253	fix	scope CHROME_BIN executable path to individual playwright instances

Commits

• 9a2ee51 release: cut the v21.2.6 release
• 7bfe347 refactor(@​angular/build): extract headless configuration logic into helper fu...
• b7f4572 fix(@​angular/build): scope CHROME_BIN executable path to individual playwrigh...
• 8f954e3 build: safeguard terminal styling in devkit admin script
• 57e956c build: update cross-repo angular dependencies
• 750c461 build: update pnpm to v10.33.0
• ea14f28 fix(@​angular/cli): fix sourceRoot resolution for MCP projects tool
• 9136eb3 fix(@​angular/build): ensure transitive SCSS partial errors are tracked in wat...
• 107d1a9 fix(@​angular/build): preserve error stack traces during prerendering
• 8186faa fix(@​angular/build): ensure Vitest mock patching is executed only once
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions