Skip to content

Bump the npm_and_yarn group across 3 directories with 5 updates#7

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/Example01_JavaScript/npm_and_yarn-1b3f1c90cf
Open

Bump the npm_and_yarn group across 3 directories with 5 updates#7
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/Example01_JavaScript/npm_and_yarn-1b3f1c90cf

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 22, 2026

Bumps the npm_and_yarn group with 2 updates in the /Example01_JavaScript directory: multer and sanitize-html.
Bumps the npm_and_yarn group with 2 updates in the /Example01_JavaScript/frontend directory: @angular/common and @angular/compiler.
Bumps the npm_and_yarn group with 1 update in the /Example04_DockerPull_Build_Scan/client directory: ua-parser-js.

Updates multer from 1.4.5-lts.2 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

2.0.1

2.0.0

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.


Updates sanitize-html from 1.4.2 to 2.12.1

Changelog

Sourced from sanitize-html's changelog.

2.12.1 (2024-02-22)

  • Do not parse sourcemaps in post-css. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the style attribute is allowed by the configuration. Thanks to the Snyk Security team for the disclosure and to Dylan Armstrong for the fix.

2.12.0 (2024-02-21)

  • Introduced the allowedEmptyAttributes option, enabling explicit specification of empty string values for select attributes, with the default attribute set to alt. Thanks to Na for the contribution.

  • Clarified the use of SVGs with a new test and changes to documentation. Thanks to Gauav Kumar for the contribution.

  • Do not process source maps when processing style tags with PostCSS.

2.11.0 (2023-06-21)

  • Fix to allow false in allowedClasses attributes. Thanks to Kevin Jiang for this fix!
  • Upgrade mocha version
  • Apply small linter fixes in tests
  • Add .idea temp files to .gitignore
  • Thanks to Vitalii Shpital for the updates!
  • Show parseStyleAttributes warning in browser only. Thanks to mog422 for this update!
  • Remove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. Thanks to Dylan Armstrong for this update!

2.10.0 (2023-02-17)

  • Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when disallowedTagMode is set to any variant of escape -- just escape the disallowed tags that are present. This fixes [issue #464](apostrophecms/sanitize-html#464). Thanks to Daniel Liebner
  • Add tagAllowed() helper function which takes a tag name and checks it against options.allowedTags and returns true if the tag is allowed and false if it is not.

2.9.0 (2023-01-27)

2.8.1 (2022-12-21)

  • If the argument is a number, convert it to a string, for backwards compatibility. Thanks to Alexander Schranz.

2.8.0 (2022-12-12)

  • Upgrades htmlparser2 to new major version ^8.0.0. Thanks to Kedar Chandrayan for this contribution.

2.7.3 (2022-10-24)

  • If allowedTags is falsy but not exactly false, then do not assume that all tags are allowed. Rather, allow no tags in this case, to be on the safe side. This matches the existing documentation and fixes [issue #176](apostrophecms/sanitize-html#176). Thanks to Kedar Chandrayan for the fix.

2.7.2 (2022-09-15)

  • Closing tags must agree with opening tags. This fixes [issue #549](apostrophecms/sanitize-html#549), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to Kedar Chandrayan for the report and the fix.

2.7.1 (2022-07-20)

... (truncated)

Commits

Updates @angular/common from 15.2.10 to 21.1.5

Release notes

Sourced from @​angular/common's releases.

21.1.5

No user facing changes in this release

21.1.4

compiler

Commit Description
fix - caab23dfe6 add geolocation element to schema

core

Commit Description
fix - 2b99eaa019 capture animation dependencies eagerly to avoid destroyed injector
fix - d6aeac504c Fix flakey test due to document injection

forms

Commit Description
feat - 0d1acd0165 support signal-based schemas in validateStandardSchema

http

Commit Description
fix - 3905015ccc correctly parse ArrayBuffer and Blob in transfer cache

21.1.3

core

Commit Description
fix - 2b254bc050 linkedSignal.update should propagate errors
fix - e5110b4fa1 export DirectiveWithBindings
fix - 2cf4da0ea1 hold constructors weakly in DepsTracker cache
fix - 70a5b651be prevent element duplication with dynamic components

forms

Commit Description
fix - 6f75b6e3f6 Resolves debounce promise on abort in debounceForDuration

localize

Commit Description
fix - 4c7126d23b add support for unit-test builder in ng-add schematic

router

Commit Description
fix - d6268c0bbb limit UrlParser recursion depth to prevent stack overflow
perf - 49a36f4cc7 Use .bind to avoid holding other closures in memory

21.1.2

forms

Commit Description
fix - 9f99b14882 only touch visible, interactive fields on submit

language-service

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.1.5 (2026-02-18)

No user facing changes in this release

21.2.0-next.3 (2026-02-11)

common

Commit Type Description
18003a33bb feat add an 'outlet' injector option for ngTemplateOutlet
51cc914807 feat support height in ImageLoaderConfig and built-in loaders

compiler

Commit Type Description
11834a4274 fix add geolocation element to schema

compiler-cli

Commit Type Description
2ea6dfc6c9 fix update diagnostic to flag no-op arrow functions in listeners

core

Commit Type Description
ea2016a6dc feat add support for nested animations
bd2868e915 fix capture animation dependencies eagerly to avoid destroyed injector
a7e8abbb7e fix correctly handle SkipSelf when resolving from embedded view injector
e53c8abaf9 fix Fix flakey test due to document injection

forms

Commit Type Description
f56bb07d83 feat add field param to submit action and onInvalid
ba009b6031 feat add form directive
24c0c5a180 feat support signal-based schemas in validateStandardSchema
adfb83146b fix simplify design of parse errors

http

Commit Type Description
cb1163e5e5 fix correctly parse ArrayBuffer and Blob in transfer cache

21.1.4 (2026-02-11)

compiler

Commit Type Description
caab23dfe6 fix add geolocation element to schema

core

Commit Type Description

... (truncated)

Commits
  • 58eba77 refactor(core): remove outdated TODO comments referencing TypeScript 2.1
  • 55b501a refactor(common): improve image directive typings
  • 6c14e3a build: update Jasmine to 6.0.0
  • 19542a3 test(common): remove zone-based testing utilities
  • 3905015 fix(http): correctly parse ArrayBuffer and Blob in transfer cache
  • 6f5c233 refactor(common): extract argument assertion
  • 7242da2 docs: reword docs on standalone.
  • 6601f06 test(common): enables zoneless change detection in tests
  • 3954dc2 refactor(http): remove redundant providedIn: 'root' in XSRF_HEADER_NAME
  • 03e2b36 refactor(core): update error message links to versioned docs (#66374)
  • Additional commits viewable in compare view

Updates @angular/compiler from 15.2.10 to 21.1.5

Release notes

Sourced from @​angular/compiler's releases.

21.1.5

No user facing changes in this release

21.1.4

compiler

Commit Description
fix - caab23dfe6 add geolocation element to schema

core

Commit Description
fix - 2b99eaa019 capture animation dependencies eagerly to avoid destroyed injector
fix - d6aeac504c Fix flakey test due to document injection

forms

Commit Description
feat - 0d1acd0165 support signal-based schemas in validateStandardSchema

http

Commit Description
fix - 3905015ccc correctly parse ArrayBuffer and Blob in transfer cache

21.1.3

core

Commit Description
fix - 2b254bc050 linkedSignal.update should propagate errors
fix - e5110b4fa1 export DirectiveWithBindings
fix - 2cf4da0ea1 hold constructors weakly in DepsTracker cache
fix - 70a5b651be prevent element duplication with dynamic components

forms

Commit Description
fix - 6f75b6e3f6 Resolves debounce promise on abort in debounceForDuration

localize

Commit Description
fix - 4c7126d23b add support for unit-test builder in ng-add schematic

router

Commit Description
fix - d6268c0bbb limit UrlParser recursion depth to prevent stack overflow
perf - 49a36f4cc7 Use .bind to avoid holding other closures in memory

21.1.2

forms

Commit Description
fix - 9f99b14882 only touch visible, interactive fields on submit

language-service

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.1.5 (2026-02-18)

No user facing changes in this release

21.2.0-next.3 (2026-02-11)

common

Commit Type Description
18003a33bb feat add an 'outlet' injector option for ngTemplateOutlet
51cc914807 feat support height in ImageLoaderConfig and built-in loaders

compiler

Commit Type Description
11834a4274 fix add geolocation element to schema

compiler-cli

Commit Type Description
2ea6dfc6c9 fix update diagnostic to flag no-op arrow functions in listeners

core

Commit Type Description
ea2016a6dc feat add support for nested animations
bd2868e915 fix capture animation dependencies eagerly to avoid destroyed injector
a7e8abbb7e fix correctly handle SkipSelf when resolving from embedded view injector
e53c8abaf9 fix Fix flakey test due to document injection

forms

Commit Type Description
f56bb07d83 feat add field param to submit action and onInvalid
ba009b6031 feat add form directive
24c0c5a180 feat support signal-based schemas in validateStandardSchema
adfb83146b fix simplify design of parse errors

http

Commit Type Description
cb1163e5e5 fix correctly parse ArrayBuffer and Blob in transfer cache

21.1.4 (2026-02-11)

compiler

Commit Type Description
caab23dfe6 fix add geolocation element to schema

core

Commit Type Description

... (truncated)

Commits
  • 6c14e3a build: update Jasmine to 6.0.0
  • caab23d fix(compiler): add geolocation element to schema
  • 3f0fbaa refactor(compiler): remove zone-based testing utilities
  • 0729181 test(compiler): remove zone-based testing utilities
  • ea70b00 refactor(compiler): remove unused symbols
  • ded654d build: initial test of TypeScript 6
  • 5326333 fix(forms): Ensure the control instruction comes after the other bindings
  • 29f074a fix(forms): Rename signal form [field] to [formField]
  • 0875dea refactor(compiler): switch Binary.isAssignmentOperation to type guard function
  • 83bac5a refactor(compiler): tighten Unary.operator type
  • Additional commits viewable in compare view

Updates ua-parser-js from 0.7.31 to 0.7.41

Release notes

Sourced from ua-parser-js's releases.

v0.7.41

Version 0.7.41 / 1.0.41

  • Add new browser: Daum, Ladybird
  • Add new device vendor: HMD
  • Add new engine: LibWeb
  • Add new os: Windows IoT, Ubuntu Touch
  • Improve cpu detection: ARM, x86
  • Improve device vendor detection: Apple, Archos, Generic, Google, Honor, Huawei, Infinix, Nvidia, Lenovo, Nokia, OnePlus, Xiaomi
  • Improve device type detection: smarttv, wearables
  • Improve os detection: Linux, Symbian

Full Changelog: faisalman/ua-parser-js@0.7.40...0.7.41

v0.7.38

Version 0.7.38

  • Fix error on getOS() when userAgentData.platform is undefined
  • Add new browser: Opera GX, Twitter
  • Improve browser detection: DuckDuckGo
  • Improve device detection: OPPO Pad, Oculus Quest

v0.7.37

Version 0.7.37

  • Fix misidentified WebView token as device model
  • Increase UA_MAX_LENGTH to 500
  • Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
  • Add new device: Ulefone
  • Improve device detection: Realme, Xiaomi Redmi
  • Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat
Changelog

Sourced from ua-parser-js's changelog.

Version 0.7.41 / 1.0.41

  • Add new browser: Daum, Ladybird
  • Add new device vendor: HMD
  • Add new engine: LibWeb
  • Add new os: Windows IoT, Ubuntu Touch
  • Improve cpu detection: ARM, x86
  • Improve device vendor detection: Apple, Archos, Generic, Google, Honor, Huawei, Infinix, Nvidia, Lenovo, Nokia, OnePlus, Xiaomi
  • Improve device type detection: smarttv, wearables
  • Improve os detection: Linux, Symbian

Version 0.7.40 / 1.0.40

  • Add new browser: 115, LibreWolf, Slimboat, Slimjet
  • Add new device: Advan, Cat, Energizer, IMO, Micromax, Smartfren
  • Add new engine: ArkWeb, Servo
  • Add new os: OpenHarmony
  • Improve browser detection: 2345, 360, Dragon, Iron, Maxthon
  • Recognize Honor as a separate device vendor from Huawei
  • Fix Python Request mistakenly identified as Meta Quest

Version 0.7.39 / 1.0.39

  • Add new feature: executable command using npx ua-parser-js "[INSERT-UA-HERE]"
  • Add new browser: Helio, Pico Browser, Wolvic
  • Add new device vendor: itel, Nothing, TCL
  • Improve browser detection: ICEBrowser, Klar, QQBrowser, Quark, Rekonq, Sleipnir
  • Improve device detection: Xiaomi Pro, Amazon Echo Show, Samsung Galaxy Watch
  • Removed from browser: Viera

Version 0.7.38 / 1.0.38

  • Fix error on getOS() when userAgentData.platform is undefined
  • Add new browser: Opera GX, Twitter
  • Improve browser detection: DuckDuckGo
  • Improve device detection: OPPO Pad, Oculus Quest

Version 0.7.37 / 1.0.37

  • Fix misidentified WebView token as device model
  • Increase UA_MAX_LENGTH to 500
  • Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
  • Add new device: Ulefone
  • Improve device detection: Realme, Xiaomi Redmi
  • Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat

Version 0.7.36 / 1.0.36

  • Add new browser: Snapchat
  • Add new devices: Infinix, Tecno
  • Improve device detection: Amazon Fire TV, Xiaomi POCO
  • Improve OS detection: iOS

Version 0.7.35 / 1.0.35

  • Fix result from user-supplied user-agent being altered
  • Add new browser: Heytap, TikTok

... (truncated)

Commits
  • af825ff Bump version 0.7.41
  • 5925954 Backport - Improve detection for Nokia device & Symbian OS
  • fc668ef Backport - Improve device detection for Generic device: capture its device mo...
  • 0543fb2 Backport - Improve CPU detection: ARM
  • 98f1c00 Backport - Improve device detection for unidentified SmartTV vendors
  • d66c971 Backport - Improve detection for Nvidia devices
  • cbe6038 Backport - Add Daum app user agent (#773)
  • e665bd5 Backport - Add new OS: Ubuntu Touch
  • 20c3040 Backport - Add new device: Apple HomePod
  • 9057a1d Backport - Add new browser: Ladybird
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by faisalman, a new releaser for ua-parser-js since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 3 directories with 5 updates
d1c20fe 
Bumps the npm_and_yarn group with 2 updates in the /Example01_JavaScript directory: [multer](https://github.com/expressjs/multer) and [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html).
Bumps the npm_and_yarn group with 2 updates in the /Example01_JavaScript/frontend directory: [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) and [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler).
Bumps the npm_and_yarn group with 1 update in the /Example04_DockerPull_Build_Scan/client directory: [ua-parser-js](https://github.com/faisalman/ua-parser-js).


Updates `multer` from 1.4.5-lts.2 to 2.0.2
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v1.4.5-lts.2...v2.0.2)

Updates `sanitize-html` from 1.4.2 to 2.12.1
- [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/apostrophe/commits/HEAD/packages/sanitize-html)

Updates `@angular/common` from 15.2.10 to 21.1.5
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.1.5/packages/common)

Updates `@angular/compiler` from 15.2.10 to 21.1.5
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.1.5/packages/compiler)

Updates `ua-parser-js` from 0.7.31 to 0.7.41
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@0.7.31...0.7.41)

---
updated-dependencies:
- dependency-name: multer
  dependency-version: 2.0.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: sanitize-html
  dependency-version: 2.12.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/common"
  dependency-version: 21.1.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 21.1.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ua-parser-js
  dependency-version: 0.7.41
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 22, 2026
@dependabot dependabot bot mentioned this pull request Feb 22, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants