chore(deps): bump @angular/common from 21.2.15 to 22.0.0

[dependabot]

Bumps @angular/common from 21.2.15 to 22.0.0.

Release notes

Sourced from @​angular/common's releases.

VSCode Extension: 22.0.0

Breaking Changes

The extension now bundles TypeScript version 6.0, which itself includes breaking changes, including new defaults such as strict being true. You will need to explicitly set "strict": false in your tsconfig.json. Alternatively, the extension supports configuring the tsdk in the same way as the built in TS/JS extension.

Fixes and features

• fix(language-service): Add support for @Input with transforms (dc9c72da9b)
• feat(language-service): add Document Symbols support for Angular templates (cfd0f9950c)
• feat(language-service): add angular template inlay hints support (5a6d88626b)
• feat(language-service): Add support for idle timeout in defer blocks (c6f98c723c)

22.0.0

compiler

Commit	Description
	allow safe navigation to correctly narrow down nullables
	Angular expressions with optional chaining returns undefined
	Support comments in html element.
	abstract emitter producing incorrect code for dynamic imports
	Don't bind inputs/outputs for data- attributes
	don't escape dollar sign in literal expression
	enforce parentheses containing arguments for :host-context
	invalid type checking code if field name needs to be quoted
	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68868)
	preserve leading commas in animation definitions
	remove dedicated support for legacy shadow DOM selectors
	remove deprecated shadow CSS encapsulation polyfills
	sanitize dynamic href and xlink:href bindings on SVG a elements (#68868)
	simplify handling of colon host with a selector list
	stop generating unused field
	throw on duplicate input/outputs
	throw on invalid in expressions
	type check invalid for loops

compiler-cli

Commit	Description
	add support for Node.js 26.0.0
	Adds warning for prefetch without main defer trigger
	support external TCBs with copied content in specific mode
	animation events not type checked properly when bound through HostListener decorator
	resolve TCB mapping failure for safe property reads with as any
	transform dropping exclamationToken from properties
	introduce NG8023 compile-time diagnostic for duplicate selectors

core

Commit	Description
	add IdleRequestOptions support to IdleService
	add provideWebMcpTools

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

• This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
• data prefixed attribute no-longer bind inputs nor outputs.
• The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
• in variables will throw in template expressions.

compiler-cli

• Elements with multiple matching selectors will now throw at compile time.

core

• The second arguement of appRef.bootstrap does not accept any anymore. Make sure the element you pass is not nullable.
• • TypeScript versions older than 6.0 are no longer supported.
• Leave animations are no longer limited to the element being removed.
• Component with undefined changeDetection property are now OnPush by default. Specify changeDetection: ChangeDetectionStrategy.Eager to keep the previous behavior.
• change AnimationCallbackEvent.animationComplete signature
• ChangeDetectorRef.checkNoChanges was removed. In tests use fixture.detectChanges() instead.
• createNgModuleRef was removed, use createNgModule instead
• ComponentFactoryResolver and ComponentFactory are no longer available. Pass the component class directly to APIs that previously required a factory, such as ViewContainerRef.createComponent or use the standalone createComponentFunction.
• ComponentFactoryResolver and ComponentFactory are no longer available. Pass the component class directly to APIs that previously required a factory, such as ViewContainerRef.createComponent or use the standalone createComponent function.

forms

• min and max validation rules no longer support string values. Bound values must be numbers or null.

http

• Use the HttpXhrBackend with provideHttpClient(withXhr) if you want to keep supporting upload progress reports.

platform-browser

• This removes styles when they appear to no longer be used by an associated host. However other DOM on the page may still be affected by those styles if not leveraging ViewEncapsulation.Emulated or if those styles are used by elements outside of Angular, potentially causing other DOM to appear unstyled.
• Hammer.js integration has been removed. Use your own implementation.

router

• The return type for TitleStrategy.getResolvedTitleForRoute was previously 'any' while the actual return type could only be either string or undefined. The return type now reflects the possible values correctly. Code that reads the value may need to be adjusted.

  (cherry picked from commit ad37f52c1212164c51ffcc533067af05c2c33c89)

• The currentSnapshot parameter in CanMatchFn and the canMatch method of the CanMatch interface is now required. While this was already the behavior of the Router at runtime, existing class implementations of CanMatch must now include the third argument to satisfy the interface.

• paramsInheritanceStrategy now defaults to 'always'

  The default value of paramsInheritanceStrategy has been changed from 'emptyOnly' to 'always'. This means that route parameters are inherited from all parent routes by default. To restore the previous behavior, set paramsInheritanceStrategy to 'emptyOnly' in your router configuration.

• provideRoutes() has been removed. Use provideRouter() or ROUTES as multi token if necessary.

upgrade

• Deprecated getAngularLib/setAngularLib have been removed use getAngularJSGlobal/setAngularJSGlobal instead.

Deprecations

http

• withFetch is now deprecated, it can be safely removed.
• The reportProgress option is deprecated please use reportUploadProgress & reportDownloadProgress instead.

compiler

... (truncated)

Commits

• 4795b35 fix(common): only strip a literal /index.html suffix from URLs
• f7b3ed8 fix(http): Introduce a max buffer size for fetch requests on SSR
• 618c850 fix(http): exclude withCredentials requests from transfer cache
• 86390f2 fix(http): skip TransferCache for cookie-bearing requests by default
• e6cfaf5 fix(http): prevent httpResource from leaking a subscription
• a97d5ec build: update minimum supported Node.js versions
• 7d1fbc1 fix(common): sanitize placeholder
• ae2cb00 fix(common): add upper bounds for digitsInfo
• cc0fa6e refactor(http): update HTTP resource options APIs to stable
• ad717df refactor(core): use the @Service decorator where possible.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like @angular/common is up-to-date now, so this is no longer needed.

[skynet2]

Superseded by #16 — a consolidated PR that pins every GitHub Action to a commit SHA at its latest version and updates the full Angular toolchain to v22 (plus clears the lodash/dompurify CVEs via overrides). This bump is already included there, so closing to avoid duplicate/conflicting updates.