chore(deps): update non-major

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@angular-devkit/build-angular	^19.2.3 -> ^19.2.19			devDependencies	patch
@angular/cli	~19.2.3 -> ~19.2.19			devDependencies	patch
@angular/common (source)	^19.2.2 -> ^19.2.15			dependencies	patch
@angular/compiler (source)	^19.2.2 -> ^19.2.15			dependencies	patch
@angular/compiler-cli (source)	^19.2.2 -> ^19.2.15			devDependencies	patch
@angular/core (source)	^19.2.2 -> ^19.2.15			dependencies	patch
@angular/forms (source)	^19.2.2 -> ^19.2.15			dependencies	patch
@angular/platform-browser (source)	^19.2.2 -> ^19.2.15			dependencies	patch
@angular/platform-browser-dynamic (source)	^19.2.2 -> ^19.2.15			dependencies	patch
@angular/router (source)	^19.2.2 -> ^19.2.15			dependencies	patch
@portabletext/to-html	^2.0.0 -> ^2.0.17			dependencies	patch
@portabletext/types	^2.0.2 -> ^2.0.15			dependencies	patch
@sanity/client (source)	^6.0.1 -> ^6.29.1			dependencies	minor
@sanity/image-url (source)	^1.0.2 -> ^1.2.0			dependencies	minor
@sanity/vision (source)	^3.91.0 -> ^3.99.0			dependencies	minor
@types/jasmine (source)	~5.1.0 -> ~5.1.12			devDependencies	patch
@types/react (source)	^19.0.10 -> ^19.2.2			devDependencies	minor
eslint (source)	^9.22.0 -> ^9.39.1			devDependencies	minor
jasmine-core (source)	~5.1.0 -> ~5.12.1			devDependencies	minor
karma (source)	~6.4.0 -> ~6.4.4			devDependencies	patch
karma-coverage	~2.2.0 -> ~2.2.1			devDependencies	patch
npm-run-all → npm-run-all2	^4.1.5 -> ^5.0.0			devDependencies	replacement
peter-evans/create-pull-request	5e91468 -> 271a8d0			action	digest
prettier (source)	^3.1.0 -> ^3.6.2			devDependencies	minor
react (source)	^19.0.0 -> ^19.2.0			dependencies	minor
react-dom (source)	^19.0.0 -> ^19.2.0			dependencies	minor
react-is (source)	^19.1.0 -> ^19.2.0			dependencies	minor
rxjs (source)	~7.8.0 -> ~7.8.2			dependencies	patch
sanity (source)	^3.91.0 -> ^3.99.0			dependencies	minor
styled-components (source)	^6.1.13 -> ^6.1.19			dependencies	patch
tslib (source)	^2.3.0 -> ^2.8.1			dependencies	minor
typescript (source)	^5.0.2 -> ^5.9.3			devDependencies	minor
typescript (source)	~5.8.2 -> ~5.9.3			devDependencies	minor

This is a special PR that replaces npm-run-all with the community suggested minimal stable replacement version.

---

Release Notes

angular/angular-cli (@​angular-devkit/build-angular)

v19.2.19

Compare Source

@​angular/build

Commit	Type	Description
4d8ea27a1	fix	update vite to v6.4.1

v19.2.18

Compare Source

@​angular/ssr

Commit	Type	Description
9136a5d13	fix	prevent malicious URL from overriding host

v19.2.17

Compare Source

@​angular/build

Commit	Type	Description
365d525b5	fix	update vite to 6.3.6

v19.2.16

Compare Source

Breaking Changes

@​angular/ssr

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) =>
    bootstrapApplication(AppComponent, config, context);

@​angular-devkit/build-angular

Commit	Type	Description
b0f4330a9	fix	avoid extra tick in SSR builds

@​angular/build

Commit	Type	Description
ee5c5f823	fix	avoid extra tick in SSR dev-server builds

@​angular/ssr

Commit	Type	Description
32980f7e7	feat	introduce BootstrapContext for isolated server-side rendering

v19.2.15

Compare Source

@​angular-devkit/build-angular

Commit	Type	Description
b120e1411	fix	update dependency webpack-dev-server to v5.2.2

v19.2.14

Compare Source

@​angular/build

Commit	Type	Description
a3504fd45	fix	HMR requires AOT do not show HMR enabled when using JIT
5ce9f96a4	fix	include full metadata for AOT unit-testing

v19.2.13

Compare Source

@​angular/pwa

Commit	Type	Description
ad2fb2959	fix	remove background_color and theme_color from manifest

v19.2.12

Compare Source

@​angular/cli

Commit	Type	Description
0098c38c6	fix	properly handle Node.js require() errors with ESM modules

v19.2.11

Compare Source

@​angular-devkit/build-angular

Commit	Type	Description
9eaf34405	fix	correctly set i18n subPath in webpack browser builder

@​angular/build

Commit	Type	Description
cba66a85c	fix	avoid attempting to watch bundler internal files
009fc3776	fix	avoid internal karma request cache for assets
b43da3949	perf	fix unnecessary esbuild rebuilds

v19.2.10

Compare Source

@​angular/build

Commit	Type	Description
067f1cba0	fix	update vite to 6.2.7

v19.2.9

Compare Source

@​angular-devkit/build-angular

Commit	Type	Description
de52cc2c8	fix	update http-proxy-middleware to v3.0.5

@​angular/build

Commit	Type	Description
cc5229a45	fix	pass preserveSymlinks option to Karma esbuild builder

@​angular/ssr

Commit	Type	Description
a4e415ea6	fix	support getPrerenderParams for wildcard routes

v19.2.8

Compare Source

@​angular/build

Commit	Type	Description
4a8a4a083	fix	include module value check when adding custom conditions
00cd0d123	fix	prevent nested CSS in components
a297c4153	fix	properly resolve transitive external dependencies in vite-dev-server
8ab033e8e	fix	update vite to 6.2.6

v19.2.7

Compare Source

@​angular/build

Commit	Type	Description
7f1e8c677	fix	include component test metadata in development builds
74cd4edd5	fix	skip normalization of relative externals

v19.2.6

Compare Source

@​angular-devkit/schematics

Commit	Type	Description
e5aec562f	fix	properly resolve relative schematics when executed from a nested directory

@​angular/build

Commit	Type	Description
76cfd364a	fix	correctly handle false value in server option
d69188c6b	fix	update vite to 6.2.4 due to a security issues

v19.2.5

Compare Source

@​angular/build

Commit	Type	Description
20455e2a6	fix	correct handling of response/request errors
32b1dcd91	fix	handle undefined getOrCreateAngularServerApp during error compilation
7552a9fec	fix	normalize karma asset paths before lookup
1eb5b4357	fix	update vite to 6.2.3

v19.2.4

Compare Source

@​schematics/angular

Commit	Type	Description
0a4e96bda	fix	replace @angular/platform-browser-dynamic with @angular/platform-browser

@​angular/build

Commit	Type	Description
b0b643e46	fix	ensure errors for missing component resources
2cd763e89	fix	ensure relative karma stack traces for test failures

angular/angular (@​angular/common)

v19.2.15

Compare Source

Breaking Changes

core

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) =>
    bootstrapApplication(AppComponent, config, context);

  A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

  In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.

core

Commit	Type	Description
70d0639bc1	fix	introduce BootstrapContext for improved server bootstrapping (#​63639)

v19.2.14

Compare Source

compiler

Commit	Type	Description
24bab55f0c	fix	lexer support for template literals in object literals (#​61601)

migrations

Commit	Type	Description
9e1cd49662	fix	preserve comments when removing unused imports (#​61674)

v19.2.13

Compare Source

common

Commit	Type	Description
2c876b4fc5	fix	avoid injecting ApplicationRef in FetchBackend (#​61649)

service-worker

Commit	Type	Description
b15bddfa04	fix	do not register service worker if app is destroyed before it is ready to register (#​61101)

v19.2.12

Compare Source

common

Commit	Type	Description
126efc9972	fix	cancel reader when app is destroyed (#​61528)
efda872453	fix	prevent reading chunks if app is destroyed (#​61354)

compiler

Commit	Type	Description
44bb328eae	fix	avoid conflicts between HMR code and local symbols (#​61550)

compiler-cli

Commit	Type	Description
107180260f	fix	Always retain prior results for all files (#​61487)
1191e62d70	fix	avoid ECMAScript private field metadata emit (#​61227)

core

Commit	Type	Description
2b1b14f4d3	fix	cleanup rxResource abort listener (#​58306)
8f9b05eaaa	fix	cleanup testability subscriptions (#​61261)
eb53bda470	fix	enable stashing only when withEventReplay() is invoked (#​61352)
94f5a4b4d6	fix	Testing should not throw when Zone does not patch test FW APIs (#​61376)
c0c69a5abc	fix	unregister onDestroy in toSignal. (#​61514)

platform-server

Commit	Type	Description
8edafd0559	perf	speed up resolution of base (#​61392)

v19.2.11

Compare Source

v19.2.10

Compare Source

common

Commit	Type	Description
89056a0356	fix	cleanup updateLatestValue if view is destroyed before promise resolves (#​61064)

core

Commit	Type	Description
4623b61448	fix	missing useExisting providers throwing for optional calls (#​61152)
400dbc5b89	fix	properly handle app stabilization with defer blocks (#​61056)

platform-server

Commit	Type	Description
a6f0d5bc20	fix	less aggressive ngServerMode cleanup (#​61106)

v19.2.9

Compare Source

core

Commit	Type	Description
946b844e0d	fix	async EventEmitter error should not prevent stability (#​61028)
dbb87026ca	fix	call DestroyRef on destroy callback if view is destroyed [patch] (#​61061)
2e140a136a	fix	prevent stash listener conflicts [patch] (#​61063)

v19.2.8

Compare Source

forms

Commit	Type	Description
ea4a211216	fix	make NgForm emit FormSubmittedEvent and FormResetEvent (#​60887)

v19.2.7

Compare Source

common

Commit	Type	Description
37ab6814f5	fix	issue a warning instead of an error when NgOptimizedImage exceeds the preload limit (#​60883)

core

Commit	Type	Description
b144126612	fix	inject migration: replace param with this. (#​60713)

http

Commit	Type	Description
d39e09da41	fix	Include HTTP status code and headers when HTTP requests errored in httpResource (#​60802)

v19.2.6

Compare Source

compiler

Commit	Type	Description
3441f7b914	fix	error if rawText isn't estimated correctly (#​60529) (#​60753)

compiler-cli

Commit	Type	Description

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: angular-app@undefined
npm error Found: [email protected]
npm error node_modules/typescript
npm error   dev typescript@"~5.9.3" from angular-app@undefined
npm error   angular-app
npm error     angular-app@undefined
npm error     node_modules/angular-app
npm error       workspace angular-app from the root project
npm error
npm error Could not resolve dependency:
npm error peer typescript@">=5.5 <5.9" from @angular/[email protected]
npm error node_modules/@angular/compiler-cli
npm error   dev @angular/compiler-cli@"^19.2.15" from angular-app@undefined
npm error   angular-app
npm error     angular-app@undefined
npm error     node_modules/angular-app
npm error       workspace angular-app from the root project
npm error   peer @angular/compiler-cli@"^19.0.0 || ^19.2.0-next.0" from @angular-devkit/[email protected]
npm error   node_modules/@angular-devkit/build-angular
npm error     dev @angular-devkit/build-angular@"^19.2.19" from angular-app@undefined
npm error     angular-app
npm error       angular-app@undefined
npm error       node_modules/angular-app
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-11-06T21_38_11_679Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-11-06T21_38_11_679Z-debug-0.log

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
sanity-template-angular-clean	Error			Nov 6, 2025 9:38pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​npm-run-all2@​5.0.2
	github/​peter-evans/​create-pull-request@​5e914681df9dc83aa4e4905692ca88beb2f9e91f ⏵ 271a8d0340265f705b14b6d32b9829c1cb33d45e

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm typescript License: LicenseRef-W3C-Community-Final-Specification-Agreement (package/ThirdPartyNoticeText.txt) From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm typescript License: LicenseRef-W3C-Community-Final-Specification-Agreement (package/ThirdPartyNoticeText.txt) From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report