Bump the npm_and_yarn group across 3 directories with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the /docs.openc3.com directory: ajv, svgo and webpack.
Bumps the npm_and_yarn group with 1 update in the /openc3/templates/tool_angular directory: @angular/common.
Bumps the npm_and_yarn group with 1 update in the /openc3/templates/tool_svelte directory: svelte.

Updates ajv from 6.12.6 to 6.14.0

Commits

• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

Updates svgo from 3.3.2 to 3.3.3

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

• Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

• No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

	v3.3.2	v3.3.3	Delta
svgo.browser.js	910.9 kB	912.9 kB	⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

• bbab162 deps: upgrade to sax v1.5.0
• See full diff in compare view

Updates webpack from 5.103.0 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

• Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

• Handle createRequire in expressions. (by @​alexander-akait in #20549)

• Fixed types for multi stats. (by @​alexander-akait in #20556)

• Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

• Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

• Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

v5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

v5.105.1

Patch Changes

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

• Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

• Handle createRequire in expressions. (by @​alexander-akait in #20549)

• Fixed types for multi stats. (by @​alexander-akait in #20556)

• Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

• Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

• Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

... (truncated)

Commits

• 27c13b4 chore(release): new release (#20550)
• 9b2f41e chore: bump terser plugin (#20569)
• eafe060 fix: narrow the export presence guard detection (#20561)
• 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
• afa607d refactor: remove unused code (#20562)
• 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
• f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
• 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
• a3d7839 fix: types for multi stats (#20556)
• b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.

Updates @angular/common from 18.2.14 to 21.2.5

Release notes

Sourced from @​angular/common's releases.

21.2.5

compiler

Commit	Description
	ensure generated code compiles
	parse named HTML entities containing digits

compiler-cli

Commit	Description
	escape template literal in TCB
	generic types not filled out correctly in type check block

core

Commit	Description
	clean up dehydrated views during HMR component replacement
	run linked signal equality check without reactive consumer

migrations

Commit	Description
	prevent trailing comma syntax errors after removing NgStyle

service-worker

Commit	Description
	preserve redirect policy on reconstructed asset requests

21.2.4

compiler

Commit	Description
	disallow translations of iframe src

core

Commit	Description
	reverts "feat(core): add support for nested animations"
	sanitize translated form attributes

VSCode Extension: 21.2.3

This release contains internal refactorings only.

21.2.3

core

Commit	Description
	ensure definitions compile
	include signal debug names in their toString() representation
	sanitize translated attribute bindings with interpolations

VSCode Extension: 21.2.2

• fix(extension): bundle TypeScript 5.9 internally (da57d1af73)

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.5 (2026-03-18)

compiler

Commit	Type	Description
334ae10168	fix	ensure generated code compiles
23ea431c4e	fix	parse named HTML entities containing digits

compiler-cli

Commit	Type	Description
26c43d14ba	fix	escape template literal in TCB
67e0ba7e03	fix	generic types not filled out correctly in type check block

core

Commit	Type	Description
1890c3008b	fix	clean up dehydrated views during HMR component replacement
bf948be4c2	fix	run linked signal equality check without reactive consumer

migrations

Commit	Type	Description
076d41c3f6	fix	prevent trailing comma syntax errors after removing NgStyle

service-worker

Commit	Type	Description
e19150d2b5	fix	preserve redirect policy on reconstructed asset requests

19.2.20 (2026-03-12)

compiler

Commit	Type	Description
5be912eb55	fix	disallow translations of iframe src

core

Commit	Type	Description
b89b0a83a4	fix	sanitize translated attribute bindings with interpolations
621c7071ad	fix	sanitize translated form attributes

20.3.18 (2026-03-12)

compiler

Commit	Type	Description
02fbf08890	fix	disallow translations of iframe src

core

Commit	Type	Description

... (truncated)

Commits

• adda6c5 build: update aspect_rules_js to 3.0.2
• 93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
• 76431ed Revert "fix(http): correctly cache blob responses in transfer cache (#67002)"
• 277ade9 fix(http): correctly cache blob responses in transfer cache (#67002)
• aeb9b81 refactor(http): Improves base64 encoding/decoding with feature detection (#67...
• ecf0bb4 test(http): refactors HTTP client tests to use TestBed and providers
• e2e9a9a fix(core): adds transfer cache to httpResource to fix hydration
• 70e4c7f refactor(common): log a warning when a KeyValuePipe receives a signal
• 2eeeabb fix(common): fix LCP image detection with duplicate URLs
• 3c4deaa refactor(common): log a warning when a JsonPipe receives a signal
• Additional commits viewable in compare view

Updates svelte from 4.2.20 to 5.54.1

Release notes

Sourced from svelte's releases.

svelte@5.54.1

Patch Changes

• fix: hydration comments during hmr (#17975)

• fix: null out effect.b in destroy_effect (#17980)

• fix: group sync statements (#17977)

• fix: defer batch resolution until earlier intersecting batches have committed (#17162)

• fix: properly invoke iterator.return() during reactivity loss check (#17966)

• fix: remove trailing semicolon from {@​const} tag printer (#17962)

svelte@5.54.0

Minor Changes

• feat: allow css, runes, customElement compiler options to be functions (#17951)

Patch Changes

• fix: reinstate reactivity loss tracking (#17801)

svelte@5.53.13

Patch Changes

• fix: ensure $inspect after top level await doesn't break builds (#17943)

• fix: resume inert effects when they come from offscreen (#17942)

• fix: don't eagerly access not-yet-initialized functions in template (#17938)

• fix: discard batches made obsolete by commit (#17934)

• fix: ensure "is standalone child" is correctly reset (#17944)

• fix: remove nodes in boundary when work is pending and HMR is active (#17932)

svelte@5.53.12

Patch Changes

• fix: update select.__value on change (#17745)

• chore: add invariant helper for debugging (#17929)

• fix: ensure deriveds values are correct across batches (#17917)

• fix: handle async RHS in assignment_value_stale (#17925)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.54.1

Patch Changes

• fix: hydration comments during hmr (#17975)

• fix: null out effect.b in destroy_effect (#17980)

• fix: group sync statements (#17977)

• fix: defer batch resolution until earlier intersecting batches have committed (#17162)

• fix: properly invoke iterator.return() during reactivity loss check (#17966)

• fix: remove trailing semicolon from {@​const} tag printer (#17962)

5.54.0

Minor Changes

• feat: allow css, runes, customElement compiler options to be functions (#17951)

Patch Changes

• fix: reinstate reactivity loss tracking (#17801)

5.53.13

Patch Changes

• fix: ensure $inspect after top level await doesn't break builds (#17943)

• fix: resume inert effects when they come from offscreen (#17942)

• fix: don't eagerly access not-yet-initialized functions in template (#17938)

• fix: discard batches made obsolete by commit (#17934)

• fix: ensure "is standalone child" is correctly reset (#17944)

• fix: remove nodes in boundary when work is pending and HMR is active (#17932)

5.53.12

Patch Changes

• fix: update select.__value on change (#17745)

• chore: add invariant helper for debugging (#17929)

... (truncated)

Commits

• db69b7e Version Packages (#17965)
• 7123bf3 fix: remove trailing semicolon from {@​const} tag printer (#17962)
• 8e4de9b fix: null out effect.b in destroy_effect to prevent memory leak (#17980)
• 6b33dd2 fix: group sync statements (#17977)
• 425fba3 fix: hydration comments during hmr (#17975)
• 803c565 fix: properly invoke iterator.return() during reactivity loss check (#17966)
• 0adc22c fix: defer batch resolution until earlier intersecting batches have committed...
• 7ec156a Version Packages (#17953)
• c89f6ab feat: allow css, runes, customElement compiler options to be functions ...
• 5faf102 fix: reinstate reactivity loss tracking (#17801)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint@​8.57.1
	eslint-config-react-important-stuff@​3.0.0
	jest@​29.7.0
	@​babel/​preset-react@​7.28.5
	single-spa-react@​5.1.4
	identity-obj-proxy@​3.0.0
	eslint-config-prettier@​9.1.2
	@​babel/​plugin-transform-runtime@​7.26.10 ⏵ 7.29.0
	jest-cli@​29.7.0
	babel-jest@​29.7.0
	@​babel/​preset-env@​7.26.9 ⏵ 7.29.2
	@​babel/​eslint-parser@​7.28.6
	@​babel/​runtime@​7.26.10 ⏵ 7.29.2	+1
	@​babel/​core@​7.26.10 ⏵ 7.29.0
	@​emotion/​styled@​11.14.1
	cross-env@​7.0.3
	concurrently@​9.2.1
	@​emotion/​react@​11.14.0
	react@​18.3.1
	pretty-quick@​4.2.2
	@​testing-library/​react@​16.3.2
	@​testing-library/​jest-dom@​6.9.1
	@​mui/​material@​6.5.0
	prettier@​3.8.1
	eslint-plugin-prettier@​5.5.5
	react-dom@​18.3.1

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud