Bump the npm_and_yarn group across 2 directories with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /openc3/templates/tool_svelte directory: svelte.
Bumps the npm_and_yarn group with 1 update in the /openc3/templates/tool_angular directory: @angular/common.

Updates svelte from 4.2.20 to 5.55.1

Release notes

Sourced from svelte's releases.

svelte@5.55.1

Patch Changes

• fix: correctly handle bindings on the server (#18009)

• fix: prevent hydration error on async {@html ...} (#17999)

• fix: cleanup superTypeParameters in ClassDeclarations/ClassExpression (#18015)

• fix: improve duplicate module import error message (#18016)

• fix: reschedule new effects in prior batches (#18021)

svelte@5.55.0

Minor Changes

• feat: export TweenOptions, SpringOptions, SpringUpdateOptions and Updater from svelte/motion (#17967)

Patch Changes

• fix: ensure HMR wrapper forwards correct start/end nodes to active effect (#17985)

svelte@5.54.1

Patch Changes

• fix: hydration comments during hmr (#17975)

• fix: null out effect.b in destroy_effect (#17980)

• fix: group sync statements (#17977)

• fix: defer batch resolution until earlier intersecting batches have committed (#17162)

• fix: properly invoke iterator.return() during reactivity loss check (#17966)

• fix: remove trailing semicolon from {@​const} tag printer (#17962)

svelte@5.54.0

Minor Changes

• feat: allow css, runes, customElement compiler options to be functions (#17951)

Patch Changes

• fix: reinstate reactivity loss tracking (#17801)

svelte@5.53.13

Patch Changes

• fix: ensure $inspect after top level await doesn't break builds (#17943)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.55.1

Patch Changes

• fix: correctly handle bindings on the server (#18009)

• fix: prevent hydration error on async {@html ...} (#17999)

• fix: cleanup superTypeParameters in ClassDeclarations/ClassExpression (#18015)

• fix: improve duplicate module import error message (#18016)

• fix: reschedule new effects in prior batches (#18021)

5.55.0

Minor Changes

• feat: export TweenOptions, SpringOptions, SpringUpdateOptions and Updater from svelte/motion (#17967)

Patch Changes

• fix: ensure HMR wrapper forwards correct start/end nodes to active effect (#17985)

5.54.1

Patch Changes

• fix: hydration comments during hmr (#17975)

• fix: null out effect.b in destroy_effect (#17980)

• fix: group sync statements (#17977)

• fix: defer batch resolution until earlier intersecting batches have committed (#17162)

• fix: properly invoke iterator.return() during reactivity loss check (#17966)

• fix: remove trailing semicolon from {@​const} tag printer (#17962)

5.54.0

Minor Changes

• feat: allow css, runes, customElement compiler options to be functions (#17951)

Patch Changes

• fix: reinstate reactivity loss tracking (#17801)

... (truncated)

Commits

• 37ab33c Version Packages (#18006)
• 4879f9d fix: improve duplicate module import error message (#18016)
• 04eadbc fix: correctly handle bindings on the server (#18009)
• 957f275 fix: cleanup superTypeParameters in ClassDeclarations/ClassExpression (...
• a9d8439 fix: reschedule new effects in prior batches (#18021)
• 669f6b4 fix: prevent hydration error on async {@html ...} (#17999)
• 5e8662f chore: lots of async tests (#17997)
• 6e52f40 Version Packages (#17984)
• 1773cb5 fix: ensure HMR wrapper forwards correct start/end nodes to active effect (#1...
• a94924b fix: export TweenOptions, SpringOptions, SpringUpdateOptions and Updater from...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.

Updates @angular/common from 18.2.14 to 21.2.7

Release notes

Sourced from @​angular/common's releases.

21.2.7

compiler

Commit	Description
	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Description
	prevent recursive scope checks for invalid NgModule imports

core

Commit	Description
	prevent binding unsafe attributes on SVG animation elements (#67797)
	resolve component import by exact specifier in route lazy-loading schematic
	treat object[data] as resource URL context (#67797)

localize

Commit	Description
	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Description
	pass outlet context to split to fix empty path named outlets

21.2.6

common

Commit	Description
	avoid redundant image fetch on destroy with auto sizes

compiler

Commit	Description
	prevent shimCssText from adding extra blank lines per CSS comment

core

Commit	Description
	fixes a regression with animate.leave and reordering

migrations

Commit	Description
	inject migration not work in multi-project workspace with option path

21.2.5

compiler

Commit	Description
	ensure generated code compiles
	parse named HTML entities containing digits

compiler-cli

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

21.2.7 (2026-04-01)

compiler

Commit	Type	Description
fea25d1a60	fix	register SVG animation attributes in URL security context (#67797)

compiler-cli

Commit	Type	Description
bba5ed8e64	fix	prevent recursive scope checks for invalid NgModule imports

core

Commit	Type	Description
d04ddd73df	fix	prevent binding unsafe attributes on SVG animation elements (#67797)
8fd896e99a	fix	resolve component import by exact specifier in route lazy-loading schematic
b682c62873	fix	treat object[data] as resource URL context (#67797)

localize

Commit	Type	Description
3c41e74fdd	fix	validate locale in getOutputPathFn to prevent path traversal

router

Commit	Type	Description
0960592d3d	fix	pass outlet context to split to fix empty path named outlets

22.0.0-next.5 (2026-03-25)

Breaking Changes

compiler-cli

• Elements with multiple matching selectors will now throw at compile time.

core

• Component with undefined changeDetection property are now OnPush by default. Specify changeDetection: ChangeDetectionStrategy.Eager to keep the previous behavior.

platform-browser

• Hammer.js integration has been removed. Use your own implementation.

common

Commit	Type	Description
c1312da183	fix	avoid redundant image fetch on destroy with auto sizes

compiler

Commit	Type	Description
e850643b1b	feat	Support comments in html element.
96be4f429b	fix	abstract emitter producing incorrect code for dynamic imports
5a712d42d1	fix	prevent shimCssText from adding extra blank lines per CSS comment

compiler-cli

Commit	Type	Description
ca67828ee2	refactor	introduce NG8023 compile-time diagnostic for duplicate selectors

core

... (truncated)

Commits

• 13f050d test: construct local Date objects to fix timezone flakiness
• d0cf299 test: remove unsupported timezone from formatDate tests
• b4ab6ba fix(common): avoid redundant image fetch on destroy with auto sizes
• adda6c5 build: update aspect_rules_js to 3.0.2
• 93c6dc6 Revert "refactor(http): Improves base64 encoding/decoding with feature detect...
• 76431ed Revert "fix(http): correctly cache blob responses in transfer cache (#67002)"
• 277ade9 fix(http): correctly cache blob responses in transfer cache (#67002)
• aeb9b81 refactor(http): Improves base64 encoding/decoding with feature detection (#67...
• ecf0bb4 test(http): refactors HTTP client tests to use TestBed and providers
• e2e9a9a fix(core): adds transfer cache to httpResource to fix hydration
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​angular/​core@​18.2.14
	@​angular/​compiler@​18.2.14
	@​angular/​platform-browser-dynamic@​18.2.14
	@​angular-devkit/​build-angular@​18.2.21
	@​angular/​router@​18.2.14
	@​angular/​cli@​18.2.21
	@​types/​jasmine@​5.1.15
	@​angular/​platform-browser@​18.2.14
	@​angular/​compiler-cli@​18.2.14
	single-spa-angular@​9.2.0
	@​angular/​animations@​18.2.14
	@​angular/​forms@​18.2.14
	@​angular/​cdk@​18.2.14
	@​angular/​common@​21.2.7
	@​angular/​material@​18.2.14
	karma-jasmine-html-reporter@​2.1.0
	rxjs@​7.8.2
	karma-chrome-launcher@​3.2.0
	karma-coverage@​2.2.1
	karma-jasmine@​5.1.0
	karma@​6.4.4
	single-spa@​5.9.5
	style-loader@​4.0.0
	@​astrouxds/​astro-web-components@​7.27.0
	jasmine-core@​5.4.0
	@​angular-builders/​custom-webpack@​18.0.0
	@​openc3/​js-common@​7.0.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @stencil/core is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/@astrouxds/astro-web-components@7.27.0 → npm/@stencil/core@3.4.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@stencil/core@3.4.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm esbuild-wasm is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@angular-devkit/build-angular@18.2.21 → npm/esbuild-wasm@0.23.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/esbuild-wasm@0.23.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud