chore(deps): bump serialize-javascript, @angular-devkit/build-angular, @storybook/angular, terser-webpack-plugin and copy-webpack-plugin

[dependabot]

Bumps serialize-javascript to 7.0.4 and updates ancestor dependencies serialize-javascript, @angular-devkit/build-angular, @storybook/angular, terser-webpack-plugin and copy-webpack-plugin. These dependencies need to be updated together.

Updates serialize-javascript from 6.0.2 to 7.0.4

Release notes

Sourced from serialize-javascript's releases.

v7.0.4

What's Changed

• release: v7.0.4 by @​okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

• fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
• build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

---

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

• ci: bump GitHub Actions to latest versions by @​okuryu in yahoo/serialize-javascript#203
• ci: setup trusted publishing workflow by @​okuryu in yahoo/serialize-javascript#204
• release: v7.0.2 by @​okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

• Add warning about using this package to send arbitrary data to worker threads by @​valadaptive in yahoo/serialize-javascript#200
• security: sanitize function bodies by @​redonkulus in yahoo/serialize-javascript#199
• docs: tweak README by @​okuryu in yahoo/serialize-javascript#201
• release: v7.0.1 by @​okuryu in yahoo/serialize-javascript#202

New Contributors

• @​redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

• requires Node.js v20+

What's Changed

• Bump mocha from 10.2.0 to 10.4.0 by @​dependabot[bot] in yahoo/serialize-javascript#178
• Bump mocha from 10.4.0 to 10.5.2 by @​dependabot[bot] in yahoo/serialize-javascript#183
• Bump nyc from 15.1.0 to 17.0.0 by @​dependabot[bot] in yahoo/serialize-javascript#184
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot[bot] in yahoo/serialize-javascript#181
• Bump mocha from 10.5.2 to 10.7.0 by @​dependabot[bot] in yahoo/serialize-javascript#185
• Bump mocha from 10.7.0 to 10.7.3 by @​dependabot[bot] in yahoo/serialize-javascript#186
• Bump nyc from 17.0.0 to 17.1.0 by @​dependabot[bot] in yahoo/serialize-javascript#187
• Bump mocha from 10.7.3 to 10.8.2 by @​dependabot[bot] in yahoo/serialize-javascript#188
• feat: test on Node.js 22 and built-in test runner by @​okuryu in yahoo/serialize-javascript#192

... (truncated)

Commits

• eec32e0 release: v7.0.4
• d505715 7.0.3
• 2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
• 42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
• 44f544b release: v7.0.2 (#205)
• bba0ddd ci: setup trusted publishing workflow (#204)
• 235f6ea ci: bump GitHub Actions to latest versions (#203)
• f7fff15 release: v7.0.1 (#202)
• b4abd4c docs: tweak README (#201)
• 738a8e9 security: sanitize function bodies (#199)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.

Updates @angular-devkit/build-angular from 18.2.2 to 21.2.1

Release notes

Sourced from @​angular-devkit/build-angular's releases.

21.2.1

@​schematics/angular

Commit	Description
	prevent adding test dependencies when minimal option is enabled

@​angular/cli

Commit	Description
	correct dev dependency detection logic in ng add
	disable npm update notifier in package manager host
	ensure group members are updated to targeted version
	ignore unknown files when formatting schematic changes

@​angular-devkit/build-angular

Commit	Description
	update copy-webpack-plugin to v14.0.0

@​angular/build

Commit	Description
	bundle polyfills to preserve execution order in dev server
	conditionally allow vi.mock for non-relative imports
	resolve style include paths relative to ng-package.json in unit-test builder
	treat empty browsers array as undefined in unit-test builder
	fix memory leak in ng serve with i18n

@​angular/ssr

Commit	Description
	improve header validation logic
	introduce DI token to signal route discovery process

21.2.0

@​schematics/angular

Commit	Description
	add a '.prettierrc' file to generated workspaces and add Prettier as dev dependency
	add ng-add support for Vitest browser providers
	add actionable feedback to vitest-browser schematic

@​angular/cli

Commit	Description
	add markdown files to Prettier's formatting list
	automatic formatting files modified by schematics
	integrate file formatting into update migrations
	standardize MCP tools around workspace/project options
	correctly parse scoped packages in yarn classic list output
	enable shell option for Prettier execution on Windows platforms
	quote complex range specifiers in package manager
	renamed files by their new path in the schematic workflow
	simplify Angular version compatibility checks and add special handling for local builds of new major versions
	validate package manager version using semver.valid and throw an error if invalid

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

21.2.1 (2026-03-05)

@​angular/cli

Commit	Type	Description
ae4c28d00	fix	correct dev dependency detection logic in ng add
465073bc1	fix	disable npm update notifier in package manager host
36270634f	fix	ensure group members are updated to targeted version
d87dba6af	fix	ignore unknown files when formatting schematic changes

@​schematics/angular

Commit	Type	Description
72d466aa0	fix	prevent adding test dependencies when minimal option is enabled

@​angular-devkit/build-angular

Commit	Type	Description
0019d1c8e	fix	update copy-webpack-plugin to v14.0.0

@​angular/build

Commit	Type	Description
6ad860863	fix	bundle polyfills to preserve execution order in dev server
d17397375	fix	conditionally allow vi.mock for non-relative imports
0d49f86ed	fix	resolve style include paths relative to ng-package.json in unit-test builder
584f6a2d9	fix	treat empty browsers array as undefined in unit-test builder
6699cdc9b	perf	fix memory leak in ng serve with i18n

@​angular/ssr

Commit	Type	Description
43a9dfa66	fix	improve header validation logic
dee3717b3	fix	introduce DI token to signal route discovery process

20.3.19 (2026-03-04)

@​angular-devkit/build-angular

Commit	Type	Description

... (truncated)

Commits

• 74e254b release: cut the v21.2.1 release
• 500b47d ci: add issue_labels job to dev-infra workflow
• 33a3172 build: introduce package deprecation metadata and integrate it into the relea...
• 584f6a2 fix(@​angular/build): treat empty browsers array as undefined in unit-test bui...
• 0d49f86 fix(@​angular/build): resolve style include paths relative to `ng-package.json...
• d173973 fix(@​angular/build): conditionally allow vi.mock for non-relative imports
• e265b1c ci: update pull-request labeling action path
• 87a88ba build: update cross-repo angular dependencies
• 62b1500 ci: create gemini code reviewer configuration
• a6d5f33 build: update dependency aspect_rules_jasmine to v2.0.4
• Additional commits viewable in compare view

Updates @storybook/angular from 8.2.9 to 10.2.16

Release notes

Sourced from @​storybook/angular's releases.

v10.2.16

10.2.16

• CSF-Factories: Fix ConfigFile parser false warning on `definePreview({...}).type()` export default - #33885, thanks @​copilot-swe-agent!
• Core: Add host/origin validation to requests and websocket connections - #33835, thanks @​ghengeveld!
• Core: Add vike metadata frameworks - #33965, thanks @​yannbf!
• Core: Resolve builder preset path correctly in pnpm strict mode - #34032, thanks @​braedenfoster!
• Core: Update default allowed hosts in host validation middleware - #34045, thanks @​ghengeveld!

v10.2.15

10.2.15

• Core: Storybook failed to load iframe.html when publishing - #33896, thanks @​danielalanbates!
• Manager-API: Update refs sequentially in experimental_setFilter - #33958, thanks @​ia319!
• React: Handle render identifier in manifest snippet generation - #33940, thanks @​kasperpeulen!

v10.2.14

10.2.14

• CLI: Set STORYBOOK environment variable - #33938, thanks @​yannbf!
• UI: Prevent crash when tag filters contain undefined entries - #33931, thanks @​abhaysinh1000!

v10.2.13

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

v10.2.12

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

v10.2.11

10.2.11

• Addon-Vitest: Fix postinstall a11y installation - #33888, thanks @​valentinpalkovic!
• Manifests: Use correct story name - #33709, thanks @​JReinhold!
• Next.js: Handle legacyBehavior prop in Link mock component - #33862, thanks @​yatishgoel!
• React: Fix manifest stories empty when meta has no explicit title - #33878, thanks @​kasperpeulen!

v10.2.10

10.2.10

... (truncated)

Changelog

Sourced from @​storybook/angular's changelog.

10.2.16

• CSF-Factories: Fix ConfigFile parser false warning on definePreview({...}).type<T>() export default - #33885, thanks @​copilot-swe-agent!
• Core: Add host/origin validation to requests and websocket connections - #33835, thanks @​ghengeveld!
• Core: Add vike metadata frameworks - #33965, thanks @​yannbf!
• Core: Resolve builder preset path correctly in pnpm strict mode - #34032, thanks @​braedenfoster!
• Core: Update default allowed hosts in host validation middleware - #34045, thanks @​ghengeveld!

10.2.15

• Core: Storybook failed to load iframe.html when publishing - #33896, thanks @​danielalanbates!
• Manager-API: Update refs sequentially in experimental_setFilter - #33958, thanks @​ia319!
• React: Handle render identifier in manifest snippet generation - #33940, thanks @​kasperpeulen!

10.2.14

• CLI: Set STORYBOOK environment variable - #33938, thanks @​yannbf!
• UI: Prevent crash when tag filters contain undefined entries - #33931, thanks @​abhaysinh1000!

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

10.2.11

• Addon-Vitest: Fix postinstall a11y installation - #33888, thanks @​valentinpalkovic!
• Manifests: Use correct story name - #33709, thanks @​JReinhold!
• Next.js: Handle legacyBehavior prop in Link mock component - #33862, thanks @​yatishgoel!
• React: Fix manifest stories empty when meta has no explicit title - #33878, thanks @​kasperpeulen!

10.2.10

• Core: Require token for websocket connections - #33820, thanks @​ghengeveld!

10.2.9

• Addon-Vitest: Improve config file detection in monorepos - #33814, thanks @​valentinpalkovic!
• Builder-Vite: Update dependencies react-vite framework - #33810, thanks @​valentinpalkovic!
• Builder-Vite: Use relative path for mocker entry in production builds - #33792, thanks @​DukeDeSouth!

... (truncated)

Commits

• 8a7f39a Bump version from "10.2.15" to "10.2.16" [skip ci]
• 7b4ab63 Bump version from "10.2.14" to "10.2.15" [skip ci]
• 8392ec0 Bump version from "10.2.13" to "10.2.14" [skip ci]
• 305b534 Bump version from "10.2.12" to "10.2.13" [skip ci]
• 68f811f Bump version from "10.2.11" to "10.2.12" [skip ci]
• be01dca Bump version from "10.2.10" to "10.2.11" [skip ci]
• c812573 Bump version from "10.2.9" to "10.2.10" [skip ci]
• 4cdde82 Bump version from "10.2.8" to "10.2.9" [skip ci]
• 719b6ca Bump version from "10.2.7" to "10.2.8" [skip ci]
• 8d687ec Bump version from "10.2.6" to "10.2.7" [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​storybook/angular since your current version.

Updates terser-webpack-plugin from 5.3.10 to 5.3.17

Release notes

Sourced from terser-webpack-plugin's releases.

v5.3.17

5.3.17 (2026-03-03)

Bug Fixes

• update serialize-javascript (37c490c)

v5.3.16

5.3.16 (2025-12-11)

Bug Fixes

• handle empty files (#643) (05012e9)

v5.3.15

5.3.15 (2025-12-05)

Bug Fixes

• catch error when loading minimizers (#639) (586af0a)
• respect errors and warnings from minimizer without code (8607f79)

v5.3.14

5.3.14 (2025-03-06)

Bug Fixes

• types (#622) (84bb19b)
• use os.availableParallelism() for parallelism when it is available (#623) (1357994)

v5.3.13

5.3.13 (2025-03-05)

Bug Fixes

• ecma and module types in minimizer options (#620) (5aa43c2)

v5.3.12

5.3.12 (2025-02-27)

Bug Fixes

• allows minimizers to set worker thread support and don't use worker thread for swc and esbuild (#619) (15ddaab)

... (truncated)

Changelog

Sourced from terser-webpack-plugin's changelog.

5.3.17 (2026-03-03)

Bug Fixes

• update serialize-javascript (37c490c)

5.3.16 (2025-12-11)

Bug Fixes

• handle empty files (#643) (05012e9)

5.3.15 (2025-12-05)

Bug Fixes

• catch error when loading minimizers (#639) (586af0a)
• respect errors and warnings from minimizer without code (8607f79)

5.3.14 (2025-03-06)

Bug Fixes

• types (#622) (84bb19b)
• use os.availableParallelism() for parallelism when it is available (#623) (1357994)

5.3.13 (2025-03-05)

Bug Fixes

• ecma and module types in minimizer options (#620) (5aa43c2)

5.3.12 (2025-02-27)

Bug Fixes

• allows minimizers to set worker thread support and don't use worker thread for swc and esbuild (#619) (15ddaab)

5.3.11 (2024-12-13)

Bug Fixes

• avoid the deprecation message (0341ad1)

Commits

• 6f911ff chore(release): 5.3.17
• 37c490c fix: update serialize-javascript
• 207764f chore: deps update (#652)
• a85ab47 chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 (#648)
• 51ac072 chore(release): 5.3.16
• 05012e9 fix: handle empty files (#643)
• f337cee chore(release): 5.3.15
• 8607f79 fix: respect errors and warnings from minimizer without code
• 30182a3 chore(deps): bump js-yaml (#640)
• db35463 docs: update contributing
• Additional commits viewable in compare view

Updates copy-webpack-plugin from 4.6.0 to 14.0.0

Release notes

Sourced from copy-webpack-plugin's releases.

v14.0.0

14.0.0 (2026-03-02)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 20.9.0 (#819) (2881203)

Bug Fixes

• update serialize-javascript to fix security problems

v13.0.1

13.0.1 (2025-08-12)

Bug Fixes

• better handling globs for watching (#808) (a527c89)

v13.0.0

13.0.0 (2025-02-27)

⚠ BREAKING CHANGES

• switch from globby and fast-glob to tinyglobby (#795) (19fd937)

For more information please visit tinyglobby.

The breaking change only affects the developer who used these options - gitignore and ignoreFiles in the globOptions option.

Please migrate to the ignore option.

Bug Fixes

• concurrency option is limited to files now (#796) (d42469c)
• the order of patterns provided by the developer is respected

v12.0.2

12.0.2 (2024-01-17)

Bug Fixes

• improve perf (#764) (a7379a9)

v12.0.1

12.0.1 (2024-01-11)

... (truncated)

Changelog

Sourced from copy-webpack-plugin's changelog.

14.0.0 (2026-03-02)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 20.9.0 (#819) (2881203)

Bug Fixes

• update serialize-javascript to fix security problems

13.0.1 (2025-08-12)

Bug Fixes

• better handling globs for watching (#808) (a527c89)

13.0.0 (2025-02-27)

⚠ BREAKING CHANGES

• switch from globby and fast-glob to tinyglobby (#795) (19fd937)

For more information please visit tinyglobby.

The breaking change only affects the developer who used these options - gitignore and ignoreFiles in the globOptions option.

Please migrate to the ignore option.

Bug Fixes

• concurrency option is limited to files now (#796) (d42469c)
• the order of patterns provided by the developer is respected

12.0.2 (2024-01-17)

Bug Fixes

• improve perf (#764) (a7379a9)

12.0.1 (2024-01-11)

Bug Fixes

• improve perf (#760) (55036ab)

... (truncated)

Commits

• 18eb9d9 chore(release): 14.0.0
• 2881203 refactor!: minimum supported Node.js version is 20.9.0 (#819)
• 9dc3d31 chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 (#815)
• 5cf5a1d chore(deps): update (#814)
• 3dd5b6e chore(deps): bump js-yaml (#813)
• 9ac38bb chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#812)
• 6a16bac Update link to contributing guidelines in README
• a1625f9 chore: migrate from contrib (#810)
• 9f6f204 chore: update github actions/checkout from v4 to v5 (#809)
• 73a30bc chore(release): 13.0.1
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.