Bump @angular/compiler from 19.2.17 to 19.2.18 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: @angular/compiler.

Updates @angular/compiler from 19.2.17 to 19.2.18

Release notes

Sourced from @​angular/compiler's releases.

19.2.18

core

Commit	Description
	sanitize sensitive attributes on SVG script elements

Changelog

Sourced from @​angular/compiler's changelog.

19.2.18 (2026-01-07)

core

Commit	Type	Description
26cdc53d9c	fix	sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit	Type	Description
8e808740c9	fix	better types for a few expression AST nodes
63b1cdcf70	fix	produce accurate span for typeof and void expressions
3c3ae0cb64	fix	provide location information for literal map keys
523dbaf1c3	fix	stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit	Type	Description
4d9c4567ed	fix	ensure component import diagnostics are reported within the imports expression
cd405685af	fix	fix up spelling of diagnostic
778460fcca	fix	support qualified names in typeof type references

core

Commit	Type	Description
7c74674eb0	fix	avoid leaking view data in animations
0edbee4550	fix	explicitly cast signal node value to String
f9c29572d2	fix	sanitize sensitive attributes on SVG script elements

forms

Commit	Type	Description
e3fba182f9	feat	add [formField] directive
561772b152	fix	allow custom controls to require dirty input
f0fb1d8581	fix	allow custom controls to require hidden input
ec110f170b	fix	allow custom controls to require pending input
ae1dc16bb0	fix	clean up abort listener after timeout
9748b0d5da	fix	support custom controls with non signal-based models
6bd22df987	fix	Support readonly arrays in signal forms

router

Commit	Type	Description
41cd4a6af8	fix	Fix RouterLink href not updating with queryParamsHandling
5e9e09aee0	fix	handle errors from view transition updateCallbackDone promise

21.1.0-next.4 (2025-12-17)

Breaking Changes

... (truncated)

Commits

• 26cdc53 fix(core): sanitize sensitive attributes on SVG script elements
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🤖 Claude Code Review

Code Review Analysis

✅ Code Quality

✅ Code follows style guide

No application code changes - this is a dependency update only. The changes are properly formatted JSON in package-lock.json and package.json.

✅ No commented-out code

No commented-out code present in the changes.

✅ Meaningful variable names

N/A - No new variables introduced.

✅ DRY principle followed

N/A - No code duplication in this dependency update.

✅ Identify Defects

No defects identified. This is a minor patch version update of @angular/compiler from 19.2.16 → 19.2.18 (2 patch versions). The changes are:

• Direct dependency update in package.json:12
• Lock file integrity updates
• Structural reorganization of @angular/build from root-level to nested under @angular-devkit/build-angular (this is a lock file internal structure change, not a functional change)

Note: The lock file shows @angular/build moving from node_modules/@angular/build to node_modules/@angular-devkit/build-angular/node_modules/@angular/build, which is npm's standard dependency resolution optimization.

---

⚠️ Testing

❌ Unit tests for new functions

No tests included, but this is acceptable for a dependency update PR. Recommendation: Verify that existing tests pass after this update.

❌ Integration tests for new endpoints

N/A - No new endpoints added.

❌ Edge cases covered

N/A - No new functionality.

❌ Test coverage > 80%

Cannot determine from this PR alone. This dependency update should not affect coverage.

---

⚠️ Documentation

⚠️ Readme updated if needed

Not updated, but likely not necessary for a minor patch dependency update unless there are breaking changes.

✅ API docs updated

N/A - No API changes.

✅ Inline comments for complex logic

N/A - No code logic changes.

❌ CHANGELOG.md updated

File: CHANGELOG.md (if exists)
Issue: No CHANGELOG entry for this dependency update. Consider adding an entry like:

### Dependencies
- Updated `@angular/compiler` from 19.2.16 to 19.2.18

✅ Markdown files follow CommonMark

N/A - No markdown files modified.

---

✅ Security

✅ No hardcoded credentials

No credentials present.

✅ Input validation implemented

N/A - No new input handling.

✅ Proper error handling

N/A - No new error handling code.

✅ No sensitive data in logs

N/A - No logging changes.

✅ No license files (.lic) or AQAAAD strings

No license files or suspicious strings detected in the diff.

---

Summary

Overall Assessment: ✅ APPROVED WITH RECOMMENDATIONS

This is a straightforward dependency update PR that updates @angular/compiler by 2 patch versions (19.2.16 → 19.2.18). The changes are clean and follow standard npm lock file patterns.

Recommendations:

1. Verify tests pass: Run the full test suite to ensure compatibility with the new compiler version
2. Update CHANGELOG.md: Add an entry documenting this dependency update
3. Check for Angular 19.2.18 release notes: Review if there are any notable bug fixes or changes in the compiler that might affect your application

No Blocking Issues Found

The PR is safe to merge after addressing the recommendations above.

Automated code review analyzing defects and coding standards

[arawinters]

angular dependencies must all be bumped at the same time.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml