fix(deps): update weekly-non-major-updates

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@angular-devkit/build-angular	^21.1.4 → ^21.2.0
@angular/animations (source)	^21.1.5 → ^21.2.0
@angular/build	^21.1.4 → ^21.2.0
@angular/cdk	^21.1.5 → ^21.2.0
@angular/cli	^21.1.4 → ^21.2.0
@angular/common (source)	^21.1.5 → ^21.2.0
@angular/compiler (source)	^21.1.5 → ^21.2.0
@angular/compiler-cli (source)	^21.1.5 → ^21.2.0
@angular/core (source)	^21.1.5 → ^21.2.0
@angular/forms (source)	^21.1.5 → ^21.2.0
@angular/localize	^21.1.5 → ^21.2.0
@angular/material	^21.1.5 → ^21.2.0
@angular/material-moment-adapter	^21.1.5 → ^21.2.0
@angular/platform-browser (source)	^21.1.5 → ^21.2.0
@angular/platform-browser-dynamic (source)	^21.1.5 → ^21.2.0
@angular/router (source)	^21.1.5 → ^21.2.0
@angular/service-worker (source)	^21.1.5 → ^21.2.0
@argos-ci/cli (source)	^4.1.0 → ^4.1.1
@argos-ci/playwright (source)	^6.4.1 → ^6.4.2
@eslint/js (source)	^9.39.2 → ^9.39.3
@schematics/angular	^21.1.4 → ^21.2.0
@sentry/angular (source)	^10.39.0 → ^10.40.0
@sentry/cli (source)	^3.2.0 → ^3.2.2
@storybook/addon-docs (source)	^10.2.10 → ^10.2.13
@storybook/angular (source)	^10.2.10 → ^10.2.13
@typescript-eslint/eslint-plugin (source)	^8.56.0 → ^8.56.1
@typescript-eslint/parser (source)	^8.56.0 → ^8.56.1
eslint (source)	^9.39.2 → ^9.39.3
eslint-plugin-storybook (source)	^10.2.10 → ^10.2.13
storybook (source)	^10.2.10 → ^10.2.13
typescript-eslint (source)	^8.56.0 → ^8.56.1
webpack	^5.105.2 → ^5.105.3

---

Release Notes

angular/angular-cli (@​angular-devkit/build-angular)

v21.2.0

Compare Source

@​angular/cli

Commit	Type	Description
201a036f2	fix	simplify Angular version compatibility checks and add special handling for local builds of new major versions

v21.1.5

Compare Source

@​angular/ssr

Commit	Type	Description
8695d6063	fix	prevent open redirect via X-Forwarded-Prefix header
e4d445ec6	fix	validate host headers to prevent header-based SSRF

angular/angular (@​angular/animations)

v21.2.0

Compare Source

common

Commit	Type	Description
18003a33bb	feat	add an 'outlet' injector option for ngTemplateOutlet
8bbe6dc46c	feat	Add Location strategies to manage trailing slash on write
51cc914807	feat	support height in ImageLoaderConfig and built-in loaders

compiler

Commit	Type	Description
72534e2a34	feat	Add support for the instanceof binary operator
95b3f37d4a	feat	Exhaustive checks for switch blocks
04ba09a8d9	feat	support AstVisitor.visitEmptyExpr()
ce80136e7b	fix	optimize away unnecessary restore/reset view calls
3242a61bae	fix	variable counter visiting some expressions twice

compiler-cli

Commit	Type	Description
473dd3e1cb	fix	attach source spans to object literal keys in TCB
a904d9f77b	fix	support nested component declaration
2ea6dfc6c9	fix	update diagnostic to flag no-op arrow functions in listeners

core

Commit	Type	Description
8d5210c9fe	feat	add ChangeDetectionStrategy.Eager alias for Default
92d2498910	feat	add host node to DeferBlockData (#​66546)
ea2016a6dc	feat	add support for nested animations
81cabc1477	feat	add support for TypeScript 6
1ba9b7ac50	feat	resource composition via snapshots
d9923b72a2	feat	support arrow functions in expressions
a7e8abbb7e	fix	correctly handle SkipSelf when resolving from embedded view injector
0806ee3826	fix	prevent animated element duplication with dynamic components in zoneless mode
ed78fa05c7	fix	Remove note to skip arrow functions in best practices

forms

Commit	Type	Description
f56bb07d83	feat	add field param to submit action and onInvalid
ba009b6031	feat	add form directive
22afbb2f36	feat	add parsing support to native inputs (#​66917)
95c386469c	feat	Add passing focus options to form field
95ecce8334	feat	allow setting submit options at form-level
ebae211add	feat	introduce parse errors in signal forms
3937afc316	feat	introduce SignalFormControl for Reactive Forms compatibility
30f0914754	feat	support binding null to number input (#​66917)
dd208ca259	feat	update submit function to accept options object
27397b3f4f	fix	clear parse errors when model updates (#​66917)
63d8005703	fix	preserve custom-control focus context in signal forms
631f60d1f9	fix	preserve parse errors when parse returns value
adfb83146b	fix	simplify design of parse errors
fb05fc86d0	fix	sort error summary by DOM order
567f292e8e	fix	support custom controls as host directives
bdfb60f3e3	fix	use consistent error format returned from parse
d75046bc09	fix	warn when showing hidden field state

language-server

Commit	Type	Description
ebc90c26f5	feat	Add completions and hover info for inline styles
26fd0839c3	feat	Add folding range support for inline styles
573aadef7e	feat	Add quick info for inline styles
6fb39d9b62	feat	Support client-side file watching via onDidChangeWatchedFiles

language-service

Commit	Type	Description
496967e7b1	feat	add JSON schema for angularCompilerOptions
8c21866f49	feat	add linked editing ranges for HTML tag synchronization
d2137928e8	perf	use lightweight project warmup for Angular analysis

router

Commit	Type	Description
b51bab583d	feat	Add partial ActivatedRouteSnapshot information to canMatch params
cf9620f7d0	feat	Make match options optional in isActive
907a94dcec	feat	Update IsActiveMatchOptions APIs to accept a Partial

v21.1.6

Compare Source

Breaking Changes

core

• Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

  (cherry picked from commit 306f367)

common

Commit	Type	Description
31d3d56496	fix	fix LCP image detection with duplicate URLs

compiler-cli

Commit	Type	Description
24b578ce90	fix	detect uninvoked functions in defer trigger expressions

core

Commit	Type	Description
b858309532	fix	block creation of sensitive URI attributes from ICU messages

angular/components (@​angular/cdk)

v21.2.0

Compare Source

aria

Commit	Type	Description
31ff7f26b5	fix	grid: align output naming with styleguide
d030725f46	fix	menu: align output naming with styleguide

cdk

Commit	Type	Description
cd5209e9f5	fix	portal: allow bindings to be passed to component portal (#​32814)
e397ecbcfa	fix	table: remove string-based DI tokens (#​32677)

material

Commit	Type	Description
8c4526935e	fix	core: expose strong focus indicator structural styles (#​32808)
7fe3081148	fix	datepicker: drop dependency on NgClass (#​32810)

v21.1.6

Compare Source

aria

Commit	Type	Description
50c34e6ef3	fix	combobox: Adjust AutoComplete examples to properly announce no results text (#​32786)

argos-ci/argos-javascript (@​argos-ci/cli)

v4.1.1

Compare Source

Bug Fixes

• config: improve parallel validation (26d4f35)

argos-ci/argos-javascript (@​argos-ci/playwright)

v6.4.2

Compare Source

Note: Version bump only for package @​argos-ci/playwright

eslint/eslint (@​eslint/js)

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

getsentry/sentry-javascript (@​sentry/angular)

v10.40.0

Compare Source

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#​19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@​tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@​sentry/tanstackstart-react/server';
  
  export default createStart({
    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#​19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@​sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@​sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#​18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#​19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
  This could also trigger alerts, depending on your set thresholds and conditions.
  We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
  Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#​19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#​19265)
• feat(cloudflare): Instrument async KV API (#​19404)
• feat(core): Add framework-agnostic tunnel handler (#​18892)
• feat(deno): Export logs API from Deno SDK (#​19313)
• feat(deno): Export metrics API from Deno SDK (#​19305)
• feat(deno): instrument Deno.serve with async context support (#​19230)
• feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#​19303)
• feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#​19191)
• feat(deps): Bump hono from 4.11.7 to 4.11.10 (#​19440)
• feat(deps): bump qs from 6.14.1 to 6.14.2 (#​19310)
• feat(deps): bump the opentelemetry group with 4 updates (#​19425)
• feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#​19430)
• feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#​19280)
• feat(node): Add ignoreConnectSpans option to postgresIntegration (#​19291)
• feat(node): Bump to latest @​fastify/otel (#​19452)
• fix: Bump bundler plugins to v5 (#​19468)
• fix: updated the codecov config (#​19350)
• fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#​19346)
• fix(bun) Export pinoIntegration from @​sentry/node (#​17990)
• fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#​19336)
• fix(core): Explicitly flush log buffer in client.close() (#​19371)
• fix(core): Langgraph state graph invoke accepts null to resume (#​19374)
• fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#​19400)
• fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#​19249)
• fix(deps): Bump to latest version of each minimatch major (#​19486)
• fix(nextjs): Apply environment from options if set (#​19274)
• fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#​19333)
• fix(nextjs): Normalize trailing slashes in App Router route parameterization (#​19365)
• fix(nextjs): Return correct lastEventId for SSR pages (#​19240)
• fix(nextjs): Set parameterized transaction name for non-transaction events (#​19316)
• fix(node-core): Align pino mechanism type with spec conventions (#​19363)
• fix(nuxt): Use options.rootDir instead of options.srcDir (#​19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#​19318](https://redirect.github.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#​19483](https://redirect.github.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#​19409](https://redirect.github.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#​19334](https://redirect.github.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#​19369](https://redirect.github.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#​19395](https://redirect.github.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#​19361](https://redirect.github.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#​19366](https://redirect.github.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#​19296](https://redirect.github.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#​19288](https://redirect.github.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#​19200](https://redirect.github.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#​19294](https://redirect.github.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#​19311](https://redirect.github.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#​19473](https://redirect.github.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#​19375](https://redirect.github.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#​19381](https://redirect.github.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#​19325](https://redirect.github.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#​19377](https://redirect.github.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#​19441](https://redirect.github.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#​19446](https://redirect.github.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#​19462](https://redirect.github.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump @​sveltejs/kit from 2.50.1 to 2.52.2 ([#​19442](https://redirect.github.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump @​testing-library/react from 13.0.0 to 15.0.5 ([#​19194](https://redirect.github.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump @​types/ember__debug from 3.16.5 to 4.0.8 ([#​19429](https://redirect.github.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#​19301](https://redirect.github.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump @​actions/glob from 0.4.0 to 0.6.1 ([#​19427](https://redirect.github.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#​19326](https://redirect.github.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#​19438](https://redirect.github.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#​19477](https://redirect.github.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#​19433](https://redirect.github.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#​19445](https://redirect.github.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#​19386](https://redirect.github.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#​19358](https://redirect.github.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#​19387](https://redirect.github.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#​19389](https://redirect.github.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#​19356](https://redirect.github.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#​19410](https://redirect.github.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#​19401](https://redirect.github.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make @​sentry/opentelemetry not a peer dep in node… ([#​19308](https://redirect.github.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#​18890](https://redirect.github.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#​19443](https://redirect.github.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#​19379](https://redirect.github.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#​19471](https://redirect.github.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#​19454](https://redirect.github.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#​19405](https://redirect.github.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#​19456](https://redirect.github.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#​19412](https://redirect.github.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#​19414](https://redirect.github.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#​19418](https://redirect.github.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-security-vulnerability): Use opus 4.6 ([#​19416](https://redirect.github.com/getsentry/sentry-javascript/pull/19416)) - ci(github): Add tilde to file path to not exact-match ([#​19392](https://redirect.github.com/getsentry/sentry-javascript/pull/19392)) - ci(triage-skill): Allow `Write` and remove `rm` permission ([#​19397](https://redirect.github.com/getsentry/sentry-javascript/pull/19397)) - ci(triage-skill): Run on opened issues ([#​19423](https://redirect.github.com/getsentry/sentry-javascript/pull/19423)) - docs(nuxt): Remove duplicated setup instructions ([#​19422](https://redirect.github.com/getsentry/sentry-javascript/pull/19422)) - feat(ci): Add security vulnerability skill action ([#​19355](https://redirect.github.com/getsentry/sentry-javascript/pull/19355))

Work in this release was contributed by @​LudvigHz and @​jadengis. Thank you for your contributions!

Bundle size 📦

Path	Size
@​sentry/browser	25.02 KB
@​sentry/browser - with treeshaking flags	23.56 KB
@​sentry/browser (incl. Tracing)	41.43 KB
@​sentry/browser (incl. Tracing, Profiling)	45.98 KB
@​sentry/browser (incl. Tracing, Replay)	79.34 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.2 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	83.92 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.9 KB
@​sentry/browser (incl. Feedback)	41.43 KB
@​sentry/browser (incl. sendFeedback)	29.58 KB
@​sentry/browser (incl. FeedbackAsync)	34.51 KB
@​sentry/browser (incl. Metrics)	26.16 KB
@​sentry/browser (incl. Logs)	26.3 KB
@​sentry/browser (incl. Metrics & Logs)	26.96 KB
@​sentry/react	26.73 KB
@​sentry/react (incl. Tracing)	43.71 KB
@​sentry/vue	29.36 KB
@​sentry/vue (incl. Tracing)	43.23 KB
[@​s

---

Configuration

📅 Schedule: Branch creation - "after 00:00 and before 04:00 on Wednesday" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Deployed to https://pr-3713.aam-digital.net/

[argos-ci]

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build	Status	Details	Updated (UTC)
default (Inspect)	✅ No changes detected	-	Feb 26, 2026, 11:01 AM

[aam-digital-ci]

🎉 This PR is included in version 3.72.1-master.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀