build(deps): bump the npm_and_yarn group across 5 directories with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package	From	To
@angular/platform-server	18.2.0-next.0	18.2.14
esbuild	0.23.0	0.25.0
express	4.19.2	4.20.0
http-proxy-middleware	3.0.0	3.0.5
rollup	4.18.1	4.22.4
semver	7.6.2	7.6.3
undici	6.19.2	6.21.2
vite	5.3.3	5.4.20
webpack	5.93.0	5.94.0
webpack-dev-server	5.0.4	5.2.1
@75lb/deep-merge	1.1.1	1.1.2
@octokit/endpoint	10.1.1	10.1.4
@octokit/plugin-paginate-rest	11.3.3	11.6.0
@octokit/request-error	6.1.1	6.1.8
@octokit/request	9.1.1	9.2.4
cross-spawn	7.0.3	7.0.6
eazy-logger	4.0.1	4.1.0
koa	2.15.3	2.16.2
micromatch	4.0.7	4.0.8
nanoid	3.3.7	3.3.11

Bumps the npm_and_yarn group with 7 updates in the /packages/angular_devkit/build_angular directory:

Package	From	To
esbuild	0.23.0	0.25.0
http-proxy-middleware	3.0.0	3.0.5
semver	7.6.2	7.7.2
undici	6.21.1	6.21.2
vite	5.4.12	5.4.20
webpack	5.93.0	5.94.0
webpack-dev-server	5.0.4	5.2.1

Bumps the npm_and_yarn group with 4 updates in the /packages/angular/build directory: esbuild, rollup, semver and vite.
Bumps the npm_and_yarn group with 1 update in the /packages/ngtools/webpack directory: webpack.
Bumps the npm_and_yarn group with 1 update in the /packages/angular_devkit/build_webpack directory: webpack.

Updates @angular/platform-server from 18.2.0-next.0 to 18.2.14

Release notes

Sourced from @​angular/platform-server's releases.

18.2.14

core

Commit	Description
	introduce BootstrapContext for improved server bootstrapping (#63640)

Breaking Changes

core

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) => bootstrapApplication(AppComponent, config, context);

  A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

  In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.

  (cherry picked from commit 8bf80c9d2314b4f2bcf3df83ae01552a6fc49834)

Changelog

Sourced from @​angular/platform-server's changelog.

18.2.14 (2025-09-10)

Breaking Changes

core

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) => bootstrapApplication(AppComponent, config, context);

  A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

  In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.

  (cherry picked from commit 8bf80c9d2314b4f2bcf3df83ae01552a6fc49834)

core

Commit	Type	Description
9d1fb33f5e	fix	introduce BootstrapContext for improved server bootstrapping (#63640)

19.2.15 (2025-09-10)

Breaking Changes

core

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) => bootstrapApplication(AppComponent, config, context);

  A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

  In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.

core

| Commit | Type | Description |

... (truncated)

Commits

• 9d1fb33 fix(core): introduce BootstrapContext for improved server bootstrapping (#6...
• b40875a fix(platform-server): destroy PlatformRef when error happens during the `bo...
• 03ac3c2 refactor: update license text to point to angular.dev (#57902)
• 97e2841 refactor(core): avoid producing zone-related warnings during hydration when i...
• 76709d5 fix(core): Handle @​let declaration with array when preparingForHydration (#...
• 6d3a2af fix(core): Do not bubble capture events. (#57476)
• 286012f fix(core): handle hydration of components that project content conditionally ...
• de85979 fix(core): skip hydration for i18n nodes that were not projected (#57356)
• 5558e27 fix(core): take skip hydration flag into account while hydrating i18n blocks ...
• 8621679 fix(core): complete post-hydration cleanup in components that use ViewContain...
• Additional commits viewable in compare view

Updates esbuild from 0.23.0 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */ .parent { > .a, > .b1 > .b2 { color: red; } } /* Old output (with --supported:nesting=false) */ .parent > :is(.a, .b1 > .b2) { color: red; } /* New output (with --supported:nesting=false) */ .parent > .a, .parent > .b1 > .b2 { color: red; }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

• Fix regression with --define and import.meta (#4010, #4012, #4013)

  The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

  This fix was contributed by @​sapphi-red.

0.24.1

• Allow es2024 as a target in tsconfig.json (#4004)

  TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

  { "compilerOptions": { "target": "ES2024" } }

  As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

  This fix was contributed by @​billyjanitsch.

• Allow automatic semicolon insertion after get/set

  This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

  class Foo { get *x() {} set *y() {} }

  The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

• Allow quoted property names in --define and --pure (#4008)

  The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates express from 4.19.2 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: path-to-regexp@0.1.8 by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• path-to-regexp@0.1.10 by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 path-to-regexp@0.1.10 (#5902)
• 2a980ad merge-descriptors@1.0.3 (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: path-to-regexp@0.1.8 (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

Updates http-proxy-middleware from 3.0.0 to 3.0.5

Release notes

Sourced from http-proxy-middleware's releases.

v3.0.5

What's Changed

• fix(fixRequestBody): check readableLength by @​chimurai in chimurai/http-proxy-middleware#1096
• chore(package): v3.0.5 by @​chimurai in chimurai/http-proxy-middleware#1098

Full Changelog: chimurai/http-proxy-middleware@v3.0.4...v3.0.5

v3.0.4

What's Changed

• chore(package): bump dev dependencies by @​chimurai in chimurai/http-proxy-middleware#1045
• chore(package): update yarn.lock by @​chimurai in chimurai/http-proxy-middleware#1046
• docs(readme): fix example code syntax error by @​17hz in chimurai/http-proxy-middleware#1014
• chore(package): bump express to v4.21.1 by @​chimurai in chimurai/http-proxy-middleware#1047
• chore(examples): update yarn.lock by @​chimurai in chimurai/http-proxy-middleware#1048
• chore(package): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1059
• chore(package): bump dev dependencies by @​chimurai in chimurai/http-proxy-middleware#1060
• chore(package): bump dev dependencies by @​chimurai in chimurai/http-proxy-middleware#1074
• ci(github-actions): pipeline improvements by @​chimurai in chimurai/http-proxy-middleware#1082
• feat(types): export Plugin type by @​oktapodia in chimurai/http-proxy-middleware#1071
• fix(fixRequestBody): support multipart/form-data by @​JS-mark in chimurai/http-proxy-middleware#896
• chore(package.json): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1083
• ci(package): patch http-proxy by @​chimurai in chimurai/http-proxy-middleware#1084
• ci(pkg-pr-new): publish package for testing purposes by @​chimurai in chimurai/http-proxy-middleware#1085
• build(patch-package): run patch-package in 'development' only by @​chimurai in chimurai/http-proxy-middleware#1086
• chore(examples): update next deps by @​chimurai in chimurai/http-proxy-middleware#1087
• ci(github-actions): update spellcheck config by @​chimurai in chimurai/http-proxy-middleware#1088
• fix(websocket): handle errors in handleUpgrade by @​nwalters512 in chimurai/http-proxy-middleware#823
• fix(fixRequestBody): prevent multiple .write() calls by @​chimurai in chimurai/http-proxy-middleware#1089
• fix(fixRequestBody): handle invalid request by @​chimurai in chimurai/http-proxy-middleware#1092
• docs(CHANGELOG): update changelog by @​chimurai in chimurai/http-proxy-middleware#1093
• chore(package): v3.0.4 by @​chimurai in chimurai/http-proxy-middleware#1095

New Contributors

• @​17hz made their first contribution in chimurai/http-proxy-middleware#1014
• @​oktapodia made their first contribution in chimurai/http-proxy-middleware#1071
• @​JS-mark made their first contribution in chimurai/http-proxy-middleware#896
• @​nwalters512 made their first contribution in chimurai/http-proxy-middleware#823

Full Changelog: chimurai/http-proxy-middleware@v3.0.3...v3.0.4

v3.0.3

What's Changed

• fix(pathFilter): handle errors by @​chimurai in chimurai/http-proxy-middleware#1043
• chore(package): v3.0.3 by @​chimurai in chimurai/http-proxy-middleware#1044

Full Changelog: chimurai/http-proxy-middleware@v3.0.2...v3.0.3

v3.0.2

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v3.0.5

• fix(fixRequestBody): check readableLength (#1096)

v3.0.4

• fix(fixRequestBody): handle invalid request (#1092)
• fix(fixRequestBody): prevent multiple .write() calls (#1089)
• fix(websocket): handle errors in handleUpgrade (#823)
• ci(package): patch http-proxy (#1084)
• fix(fixRequestBody): support multipart/form-data (#896)
• feat(types): export Plugin type (#1071)

v3.0.3

• fix(pathFilter): handle errors

v3.0.2

• refactor(dependency): replace is-plain-obj with is-plain-object (#1031)
• chore(package): upgrade to eslint v9 (#1032)
• fix(logger-plugin): handle undefined protocol and hostname (#1036)

v3.0.1

• fix(type): fix RequestHandler return type (#980)
• refactor(errors): improve pathFilter error message (#987)
• fix(logger-plugin): fix missing target port (#989)
• ci(package): npm package provenance (#991)
• fix(logger-plugin): log target port when router option is used (#1001)
• refactor: fix circular dependencies (#1010)
• fix(fix-request-body): support '+json' content-type suffix (#1015)

Commits

• d3851ed chore(package): v3.0.5 (#1098)
• 1bdccbe fix(fixRequestBody): check readableLength (#1096)
• 01934d3 chore(package): v3.0.4 (#1095)
• 3364c0a docs(CHANGELOG): update changelog (#1093)
• bd3c124 fix(fixRequestBody): handle invalid request (#1092)
• 0209760 fix(fixRequestBody): prevent multiple .write() calls (#1089)
• fd0f568 fix(websocket): handle errors in handleUpgrade (#823)
• e94087e ci(github-actions): update spellcheck config (#1088)
• 397748a chore(examples): update next deps (#1087)
• 6fb6032 build(patch-package): run patch-package in 'development' only (#1086)
• Additional commits viewable in compare view

Updates rollup from 4.18.1 to 4.22.4

Release notes

Sourced from rollup's releases.

v4.22.4

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

v4.22.3

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

v4.22.2

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

v4.22.1

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

• #5663: chore(deps): update dependency inquirer to v11 (@​renovate[bot], @​lukastaegert)
• #5664: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5665: fix: type in CI file (@​YuHyeonWook)

... (truncated)

Commits

• 79c0aba 4.22.4
• e2552c9 Fix DOM Clobbering CVE (#5671)
• 10ab90e refactor: Use object.prototype to check for reserved properties (#5670)
• e1cba8e 4.22.3
• 59cec3e Ensure impure dependencies of pure modules are added (#5669)
• b86ffd7 4.22.2
• d5ff63d Partially revert #5658 and re-apply #5644 (#5667)
• 0a821d9 Create SECURITY.md
• 76e962d 4.22.1
• 68c23da Partially revert #5644
• Additional commits viewable in compare view

Updates semver from 7.6.2 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

Commits

• 0a12d6c chore: release 7.6.3 (#720)
• 73a3d79 fix: optimize Range parsing and formatting (#726)
• 2975ece docs: fix extra backtick typo (#719)
• See full diff in compare view

Updates undici from 6.19.2 to 6.21.2

Release notes

Sourced from undici's releases.

v6.21.2

What's Changed

• fix(types): add missing DNS interceptor by @​slagiewka in nodejs/undici#4024
• [v6.x] fix wpts on windows by @​mcollina in nodejs/undici#4093
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

New Contributors

• @​slagiewka made their first contribution in nodejs/undici#4024

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

• fix(#3736): back-port 183f8e9 to v6.x by @​ggoodman in nodejs/undici#3855
• fix(#3817): send servername for SNI on TLS (#3821) [backport] by @​metcoder95 in nodejs/undici#3864
• fix: sending formdata bodies with http2 (#3863) [backport] by @​metcoder95 in nodejs/undici#3866
• [Backport v6.x] fix: Fixed the issue that there is no running request when http2 goaway by @​github-actions in nodejs/undici#3877
• types: [backport] Update return type of RetryCallback (#3851) by @​metcoder95 in nodejs/undici#3876

Full Changelog: nodejs/undici@v6.21.0...v6.21.1

v6.21.0

What's Changed

• [Backport v6.x] web: mark as uncloneable when possible (#3709) by @​jazelly in nodejs/undici#3744
• [Backport v6.x] fetch: fix content-encoding order by @​github-actions in nodejs/undici#3764
• [Backport v6.x] fix: handle undefined deref() of WeakRef(socket) by @​github-actions in nodejs/undici#3822
• [Backport v6.x] fix: range end is zero-indexed by @​github-actions in nodejs/undici#3827

Full Changelog: nodejs/undici@v6.20.1...v6.21.0

v6.20.1

What's Changed

• [Backport v6.x] jsdoc: add jsdoc to lib/web/fetch/constants.js by @​github-actions in nodejs/undici#3710
• [Backport v6.x] feat: implement BodyReadable.bytes by @​github-actions in nodejs/undici#3711
• fix: add more expectsPayload methods by @​ronag in nodejs/undici#3715
• [Backport v6.x] chore(H2): onboard H2 into Undici queueing system (#3707) by @​Uzlopak in nodejs/undici#3724
• [Backport v6.x] fix: PoolBase kClose and kDestroy should await and not return the Promise by @​github-actions in nodejs/undici#3723
• [Backport v6.x] fix: extract noop everywhere by @​Uzlopak in nodejs/undici#3727

Full Changelog: nodejs/undici@v6.20.0...v6.20.1

v6.20.0

... (truncated)

Commits

• b63d939 Bumped v6.21.2
• de1e4b8 [v6.x] fix wpts on windows (

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	1% smaller
packages/angular/build/package.json	0% smaller
packages/angular/cli/package.json	0% smaller
packages/angular_devkit/build_angular/package.json	0% smaller
packages/angular_devkit/build_webpack/package.json	0% smaller
packages/ngtools/webpack/package.json	0% smaller
yarn.lock	Unsupported file format

[snyk-io]

⚠️ Snyk checks are incomplete.

⚠️ security/snyk check encountered an error. (View Details)