Bump @angular/common from 17.3.12 to 21.2.11 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: @angular/common.

Updates @angular/common from 17.3.12 to 21.2.11

Release notes

Sourced from @​angular/common's releases.

21.2.11

common

Commit	Description
	prevent focus from scrollToAnchor

compiler

Commit	Description
	let declaration span not including end character

core

Commit	Description
	fix ordering of view queries metadata in JIT mode
	guard against non-object events and avoid listener wrapper identity mismatch
	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Description
	ensure origin has a trailing slash when parsing url

21.2.10

docs

Commit	Description
	link formatting in "Animating your Application with CSS"

migrations

Commit	Description
	fix NgClass leaving trailing comma after removal

router

Commit	Description
	restore internal URL on popstate when browserUrl is used

21.2.9

core

Commit	Description
	escape forward slashes in transfer state to prevent crawler indexing

http

Commit	Description
	add CSP nonce support to JsonpClientBackend
	Don't on Passthru outside of reactive context

platform-server

Commit	Description
	prevent SSRF bypasses via protocol-relative and backslash URLs

router

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.11 (2026-04-29)

common

Commit	Type	Description
10ad3c0692	fix	prevent focus from scrollToAnchor

compiler

Commit	Type	Description
4f5d8a2c0b	fix	let declaration span not including end character

core

Commit	Type	Description
a40e2cebc8	fix	fix ordering of view queries metadata in JIT mode
885a1a1d97	fix	guard against non-object events and avoid listener wrapper identity mismatch
7a64aff9b5	fix	prevent event replay double-invocation when element hydrates before app stability

platform-server

Commit	Type	Description
be1f80a253	fix	ensure origin has a trailing slash when parsing url

22.0.0-next.9 (2026-04-22)

Breaking Changes

router

• paramsInheritanceStrategy now defaults to 'always'

  The default value of paramsInheritanceStrategy has been changed from 'emptyOnly' to 'always'. This means that route parameters are inherited from all parent routes by default. To restore the previous behavior, set paramsInheritanceStrategy to 'emptyOnly' in your router configuration.

core

Commit	Type	Description
8f3d0b9d97	feat	introduce @Service decorator
9f479ae964	feat	Update Testability to use PendingTasks for stability indicator

docs

Commit	Type	Description
b24b4cb699	fix	link formatting in "Animating your Application with CSS"

migrations

Commit	Type	Description
b395173cf2	fix	fix NgClass leaving trailing comma after removal

router

Commit	Type	Description
6eff439546	fix	restore internal URL on popstate when browserUrl is used
17d10f7a99	fix	set default paramsInheritanceStrategy to 'always'

... (truncated)

Commits

• 42d57c3 refactor(common): fix viewport tests
• 10ad3c0 fix(common): prevent focus from scrollToAnchor
• 540536c fix(http): add CSP nonce support to JsonpClientBackend
• 8102331 test(http): disable XSRF and mock location in HttpClient tests to avoid Domin...
• 13f050d test: construct local Date objects to fix timezone flakiness
• d0cf299 test: remove unsupported timezone from formatDate tests
• b4ab6ba fix(common): avoid redundant image fetch on destroy with auto sizes
• adda6c5 build: update aspect_rules_js to 3.0.2
• 93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
• 76431ed Revert "fix(http): correctly cache blob responses in transfer cache (#67002)"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.