chore(deps-dev): bump the dev-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the dev-dependencies group with 11 updates in the /apps/web directory:

Package	From	To
@angular/build	21.2.8	21.2.10
@angular/cli	21.2.8	21.2.10
@angular/compiler-cli	21.2.10	21.2.12
@tailwindcss/postcss	4.2.4	4.3.0
@vitest/coverage-v8	4.1.5	4.1.6
angular-eslint	19.8.1	21.3.1
jsdom	28.1.0	29.1.1
prettier	3.7.4	3.8.3
tailwindcss	4.2.4	4.3.0
typescript	5.9.2	6.0.3
vitest	4.1.5	4.1.6

Updates @angular/build from 21.2.8 to 21.2.10

Release notes

Sourced from @​angular/build's releases.

21.2.10

@​angular/cli

Commit	Description
	restrict MCP workspace access to allowed client roots during resolution

21.2.9

@​schematics/angular

Commit	Description
	add missing imports for focus and skip APIs in refactor-jasmine-vitest

@​angular/cli

Commit	Description
	fix broken img ref in ai-tutor
	introduce initial package manager workspace awareness
	remove standalone true ref in ai tutor

@​angular/ssr

Commit	Description
	introduce trustProxyHeaders option to safely validate and sanitize proxy headers
	add support for configuring trusted proxy headers via environment variable
	decode route segments when building and matching route tree
	use router to normalize URLs for comparison

Changelog

Sourced from @​angular/build's changelog.

21.2.10 (2026-05-06)

@​angular/cli

Commit	Type	Description
bb8611913	fix	restrict MCP workspace access to allowed client roots during resolution

19.2.25 (2026-04-30)

@​angular-devkit/build-angular

Commit	Type	Description
49ae0ad2d	fix	upgrade postcss to 8.5.12

@​angular/build

Commit	Type	Description
2d53feca5	fix	update esbuild to 0.28.0

@​angular/ssr

Commit	Type	Description
02ce8bf26	fix	introduce trustProxyHeaders option to safely validate and sanitize proxy headers

22.0.0-next.7 (2026-04-29)

@​angular/cli

Commit	Type	Description
0572df064	fix	fix broken img ref in ai-tutor
d6121b5e8	fix	introduce initial package manager workspace awareness
48eab1fc0	fix	remove standalone true ref in ai tutor

@​schematics/angular

Commit	Type	Description

... (truncated)

Commits

• 64cbd62 release: cut the v21.2.10 release
• 6f26f4f build: lock file maintenance
• 111dcc3 refactor(@​angular/cli): re-add resolveModule for find examples tool
• 5418ebb build: update cross-repo angular dependencies
• a2c8029 refactor: configure Gemini reviewer to ignore lockfile and changelog
• 7130c92 refactor(@​angular/cli): integrate MCP roots into Host abstraction
• bb86119 fix(@​angular/cli): restrict MCP workspace access to allowed client roots duri...
• 564b108 release: cut the v21.2.9 release
• dbda92b build: update cross-repo angular dependencies
• 828c175 build: update pnpm to v10.33.2
• Additional commits viewable in compare view

Updates @angular/cli from 21.2.8 to 21.2.10

Release notes

Sourced from @​angular/cli's releases.

21.2.10

@​angular/cli

Commit	Description
	restrict MCP workspace access to allowed client roots during resolution

21.2.9

@​schematics/angular

Commit	Description
	add missing imports for focus and skip APIs in refactor-jasmine-vitest

@​angular/cli

Commit	Description
	fix broken img ref in ai-tutor
	introduce initial package manager workspace awareness
	remove standalone true ref in ai tutor

@​angular/ssr

Commit	Description
	introduce trustProxyHeaders option to safely validate and sanitize proxy headers
	add support for configuring trusted proxy headers via environment variable
	decode route segments when building and matching route tree
	use router to normalize URLs for comparison

Changelog

Sourced from @​angular/cli's changelog.

21.2.10 (2026-05-06)

@​angular/cli

Commit	Type	Description
bb8611913	fix	restrict MCP workspace access to allowed client roots during resolution

19.2.25 (2026-04-30)

@​angular-devkit/build-angular

Commit	Type	Description
49ae0ad2d	fix	upgrade postcss to 8.5.12

@​angular/build

Commit	Type	Description
2d53feca5	fix	update esbuild to 0.28.0

@​angular/ssr

Commit	Type	Description
02ce8bf26	fix	introduce trustProxyHeaders option to safely validate and sanitize proxy headers

22.0.0-next.7 (2026-04-29)

@​angular/cli

Commit	Type	Description
0572df064	fix	fix broken img ref in ai-tutor
d6121b5e8	fix	introduce initial package manager workspace awareness
48eab1fc0	fix	remove standalone true ref in ai tutor

@​schematics/angular

Commit	Type	Description

... (truncated)

Commits

• 64cbd62 release: cut the v21.2.10 release
• 6f26f4f build: lock file maintenance
• 111dcc3 refactor(@​angular/cli): re-add resolveModule for find examples tool
• 5418ebb build: update cross-repo angular dependencies
• a2c8029 refactor: configure Gemini reviewer to ignore lockfile and changelog
• 7130c92 refactor(@​angular/cli): integrate MCP roots into Host abstraction
• bb86119 fix(@​angular/cli): restrict MCP workspace access to allowed client roots duri...
• 564b108 release: cut the v21.2.9 release
• dbda92b build: update cross-repo angular dependencies
• 828c175 build: update pnpm to v10.33.2
• Additional commits viewable in compare view

Updates @angular/compiler-cli from 21.2.10 to 21.2.12

Release notes

Sourced from @​angular/compiler-cli's releases.

21.2.12

core

Commit	Description
	allow explicit read generic with signal input transforms
	i18n flags leaking on errors
	respect ngSkipHydration on components with projectable nodes in LContainers
	sanitizer typings
	validate security-sensitive attributes in i18n bindings
	visit ng-let expression value in signal migration schematics

forms

Commit	Description
	prohibit concurrent submits in signal forms

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

Changelog

Sourced from @​angular/compiler-cli's changelog.

21.2.12 (2026-05-06)

core

Commit	Type	Description
fe13bb669d	fix	allow explicit read generic with signal input transforms
3430251fef	fix	i18n flags leaking on errors
1aeebbe304	fix	respect ngSkipHydration on components with projectable nodes in LContainers
9e38ed7d57	fix	sanitizer typings
7a05a9a71a	fix	validate security-sensitive attributes in i18n bindings
c37f6ca42f	fix	visit ng-let expression value in signal migration schematics

forms

Commit	Type	Description
03ad53863b	fix	prohibit concurrent submits in signal forms

20.3.20 (2026-05-06)

core

Commit	Type	Description
a9bcffdbc7	fix	disallow event attribute bindings in host bindings unconditionally (#68468)
97eeb45cfa	fix	validate security-sensitive attributes in i18n bindings (#68468)

platform-server

Commit	Type	Description
25e4e07238	fix	ensure origin has a trailing slash when parsing url (#68468)

22.0.0-next.10 (2026-04-29)

common

Commit	Type	Description
97cac1cf4d	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
2896c93cc1	feat	Angular expressions with optional chaining returns undefined
6bd1721662	fix	let declaration span not including end character

core

Commit	Type	Description
444b024d49	feat	Add a injectAsync helper function
8c11816490	fix	fix ordering of view queries metadata in JIT mode
3583c01bf9	fix	guard against non-object events and avoid listener wrapper identity mismatch
d5fd51e956	fix	prevent event replay double-invocation when element hydrates before app stability

migrations

... (truncated)

Commits

• c2b441a test: add NgModule compliance test with 'bootstrap' & local compilation
• a24dcfd refactor(compiler-cli): remove reflectionhost from environment
• 4f5d8a2 fix(compiler): let declaration span not including end character
• See full diff in compare view

Updates @tailwindcss/postcss from 4.2.4 to 4.3.0

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Commits

• 588bd73 4.3.0 (#20023)
• 12eb5ae Cleanup noisy test output (#20015)
• 4255671 Improve snapshot tests (#20013)
• 52f94c7 Improve codebase quality (#19999)
• d194d4c docs: fix various typos in comments and documentation (#19878)
• bfb5732 Fall back to the plugin base when PostCSS has no from option (#19980)
• 3a890c3 Bump dependencies (#19957)
• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.5 to 4.1.6

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

Commits

• a8fd24c chore: release v4.1.6
• See full diff in compare view

Updates angular-eslint from 19.8.1 to 21.3.1

Release notes

Sourced from angular-eslint's releases.

v21.3.1

21.3.1 (2026-03-17)

🩹 Fixes

• update dependency @​angular/compiler to v21.2.1 (#2934)
• narrow build target cache outputs to avoid clobbering compile artifacts (#2940)
• narrow build target cache outputs to avoid clobbering compile artifacts" (#2943)
• update dependency eslint to v10.0.3 (#2949)
• update dependency @​angular/compiler to v21.2.2 (#2954)
• eslint-plugin: [no-uncalled-signals] properly handle statements with unary operators (#2926)
• prefer-self-closing-tags: add selectedcontent nonAriaElements (#2939)

❤️ Thank You

• AI-JamesHenry @​AI-JamesHenry
• bjarketrux
• Daniil Demenev @​BEGEMOT9I
• James Henry @​JamesHenry

v21.3.0

21.3.0 (2026-03-05)

🚀 Features

• add support for ESLint v10 (#2903)
• eslint-plugin: add computed-must-return rule (#2882)
• eslint-plugin: [no-uncalled-signals] detect Signal member access (#2848)
• eslint-plugin-template: add no-non-null-assertion rule (#2885)

🩹 Fixes

• update dependency @​angular/compiler to v21.1.4 (#2891)
• update dependency @​angular/compiler to v21.2.0 (#2915)
• eslint-plugin: [no-uncalled-signals] add check InputSignalWithTransform (#2879)
• eslint-plugin: [no-uncalled-signals] detect Signal type correctly (#2907)
• eslint-plugin-template: [prefer-template-literal] preserve nested non string binary + operation (#2902)

❤️ Thank You

• Dave @​reduckted
• Evgeny Stepanovych @​undsoft
• Guillaume DROUARD
• Jason Weinzierl

v21.2.0

21.2.0 (2026-01-29)

🚀 Features

... (truncated)

Changelog

Sourced from angular-eslint's changelog.

21.3.1 (2026-03-17)

This was a version bump only for angular-eslint to align it with other projects, there were no code changes.

21.3.0 (2026-03-05)

🚀 Features

• add support for ESLint v10 (#2903)
• eslint-plugin-template: add no-non-null-assertion rule (#2885)
• eslint-plugin: add computed-must-return rule (#2882)

❤️ Thank You

• Evgeny Stepanovych @​undsoft
• Guillaume DROUARD
• Jason Weinzierl

21.2.0 (2026-01-29)

🚀 Features

• eslint-plugin-template: add prefer-class-binding rule to enforce class binding over ngClass (#2827)
• eslint-plugin: [no-implicit-takeuntil-destroyed] add rule (#2803)

❤️ Thank You

• Gabriel J. @​rznn7
• Karan Mistry @​mistrykaran91

21.1.0 (2025-12-08)

🚀 Features

• eslint-plugin: add prefer-signal-model rule to encourage using model() for two-way bindings (#2818)

🩹 Fixes

• reference @​angular/cli peer in addition to direct dependencies (#2820)

❤️ Thank You

• James Henry @​JamesHenry
• Karan Mistry

21.0.1 (2025-11-23)

This was a version bump only for angular-eslint to align it with other projects, there were no code changes.

21.0.0 (2025-11-22)

... (truncated)

Commits

• 8f2afdc chore(release): publish 21.3.1
• a959e4d chore(release): publish 21.3.0
• 3ef7fb1 feat: add support for ESLint v10 (#2903)
• 218a8af feat(eslint-plugin-template): add no-non-null-assertion rule (#2885)
• d864251 feat(eslint-plugin): add computed-must-return rule (#2882)
• 6fa321d chore(release): publish 21.2.0
• 78bd8e3 feat(eslint-plugin-template): add prefer-class-binding rule to enforce class ...
• 97e7f88 feat(eslint-plugin): [no-implicit-takeuntil-destroyed] add rule (#2803)
• 4fa7889 chore(release): publish 21.1.0
• 2cd82eb feat(eslint-plugin): add prefer-signal-model rule to encourage using model() ...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for angular-eslint since your current version.

Updates jsdom from 28.1.0 to 29.1.1

Release notes

Sourced from jsdom's releases.

v29.1.1

• Fixed 'border-radius' computed style serialization. (@​asamuzaK)
• Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@​asamuzaK)
• Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@​asamuzaK)

v29.1.0

• Added basic support for the ratio CSS type. (@​asamuzaK)
• Fixed getComputedStyle() sometimes returning outdated results after CSS was modified. (@​asamuzaK)

v29.0.2

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

• Fixed CSS parsing of 'border', 'background', and their sub-shorthands containing keywords or var(). (@​asamuzaK)
• Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.

v29.0.0

Breaking changes:

• Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

• Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
• Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
• Added cssMediaRule.matches and cssSupportsRule.matches getters.
• Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
• Added cssKeyframeRule.keyText getter/setter validation.
• Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
• Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
• Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
• Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (@​thypon)
• Fixed a memory leak when stylesheets were removed from the document.
• Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
• Fixed nested @media rule parsing.
• Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
• Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
• Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
• Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

Commits

• 9b9ea7e 29.1.1
• 07efb78 Optimize computed style comparison
• 5f66329 Fix background-origin/background-clip in background shorthand
• ad8af77 Fix border shorthand handling
• 5a3e88e 29.1.0
• 73db204 Update dependencies and dev dependencies
• a7168a5 Support ratio CSS unit type
• 15346e0 Fix style cache invalidation
• 2a1e2cd 29.0.2
• 4097d66 Resolve computed CSS values lazily in CSSStyleDeclaration
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for jsdom since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates prettier from 3.7.4 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

3.8.1

• Include available printers in plugin type declarations (#18706 by @​porada)

🔗 Changelog

3.8.0

• Support Angular v21.1

diff

🔗 Release note "Prettier 3.8: Support for Angular v21.1"

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates tailwindcss from 4.2.4 to 4.3.0

Release notes

Sourced from tailwindcss's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (