From b8971c5cd8ed46140f9de15bcf6acc888eb6eee8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 11:38:35 +1000
Subject: [PATCH 1/2] Bump @angular/cli from 18.1.4 to 18.2.0 in
 /web_embedding/ng-flutter (#2388)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 18.1.4
to 18.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular-cli/releases"><code>@​angular/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v18.2.0</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>18.2.0 (2024-08-14)</h1>
<h3><code>@​schematics/angular</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/4da922e4f4e905a1274e70adca1d875c025b8b46"><img
src="https://img.shields.io/badge/4da922e4f-feat-blue" alt="feat -
4da922e4f" /></a></td>
<td>use isolatedModules in generated project</td>
</tr>
</tbody>
</table>
<h3><code>@​angular/build</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/24aaf1e37f49735ce97fe72fced3d53b51d6b631"><img
src="https://img.shields.io/badge/24aaf1e37-feat-blue" alt="feat -
24aaf1e37" /></a></td>
<td>support import attribute based loader configuration</td>
</tr>
</tbody>
</table>
<h2>v18.2.0-rc.0</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>18.2.0-rc.0 (2024-08-07)</h1>
<h3><code>@​angular/build</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/182ecbd18817679b27441ffef2431f92910b592f"><img
src="https://img.shields.io/badge/182ecbd18-fix-green" alt="fix -
182ecbd18" /></a></td>
<td>allow explicitly disabling TypeScript incremental mode</td>
</tr>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/34908a3fcba304da6916b2113863751500268a8c"><img
src="https://img.shields.io/badge/34908a3fc-fix-green" alt="fix -
34908a3fc" /></a></td>
<td>lazy load Node.js inspector for dev server</td>
</tr>
</tbody>
</table>
<h2>v18.2.0-next.3</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>18.2.0-next.3 (2024-07-31)</h1>
<h3><code>@​angular/build</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/636cb6932425b838ccd14ae6ce8b51663e6ded47"><img
src="https://img.shields.io/badge/636cb6932-fix-green" alt="fix -
636cb6932" /></a></td>
<td>add CSP <code>nonce</code> attribute to script tags when inline
critical CSS is disabled</td>
</tr>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/7d52941a2e36b1e08001d7042c9d3e258d8e8b34"><img
src="https://img.shields.io/badge/7d52941a2-fix-green" alt="fix -
7d52941a2" /></a></td>
<td>prevent build failures with remote CSS imports when Tailwind is
configured</td>
</tr>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/0466fb74a2559e2b3cbcf0828de5b5e10b729ddb"><img
src="https://img.shields.io/badge/0466fb74a-fix-green" alt="fix -
0466fb74a" /></a></td>
<td>resolve error with <code>extract-i18n</code> builder for
libraries</td>
</tr>
</tbody>
</table>
<h2>v18.2.0-next.2</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>18.2.0-next.2 (2024-07-24)</h1>
<h3><code>@​angular/build</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/37a2138cb474778ef398a8d4129e1c389dde0f44"><img
src="https://img.shields.io/badge/37a2138cb-fix-green" alt="fix -
37a2138cb" /></a></td>
<td>account for HTML base HREF for dev-server externals</td>
</tr>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/8ff687d036085508fa18397d7a039ab33cc027c7"><img
src="https://img.shields.io/badge/8ff687d03-fix-green" alt="fix -
8ff687d03" /></a></td>
<td>correctly detect comma in Sass URL lexer</td>
</tr>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/6d6937587f8dfa95c951e775f97abde45710c8a6"><img
src="https://img.shields.io/badge/6d6937587-fix-green" alt="fix -
6d6937587" /></a></td>
<td>prevent redirection loop</td>
</tr>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/11a140babb72519a030997b7986946adefd0b824"><img
src="https://img.shields.io/badge/11a140bab-fix-green" alt="fix -
11a140bab" /></a></td>
<td>serve HTML files directly</td>
</tr>
</tbody>
</table>
<h2>v18.2.0-next.1</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>18.2.0-next.1 (2024-07-17)</h1>
<h3><code>@​angular-devkit/build-angular</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/9baae6e22c5ad89e2f05b55b46a91ef0fbbe79a2"><img
src="https://img.shields.io/badge/9baae6e22-fix-green" alt="fix -
9baae6e22" /></a></td>
<td>skip undefined files when generating budget stats</td>
</tr>
</tbody>
</table>
<h3><code>@​angular/build</code></h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular-cli/blob/main/CHANGELOG.md"><code>@​angular/cli</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>18.2.0 (2024-08-14)</h1>
<h3><code>@​schematics/angular</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/4da922e4f4e905a1274e70adca1d875c025b8b46">4da922e4f</a></td>
<td>feat</td>
<td>use isolatedModules in generated project</td>
</tr>
</tbody>
</table>
<h3><code>@​angular/build</code></h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://github.com/angular/angular-cli/commit/24aaf1e37f49735ce97fe72fced3d53b51d6b631">24aaf1e37</a></td>
<td>feat</td>
<td>support import attribute based loader configuration</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/angular/angular-cli/commit/ff5a0fe2125f7e6b4aa789171d660f2f2d8d6d9f"><code>ff5a0fe</code></a>
release: cut the v18.2.0 release</li>
<li><a
href="https://github.com/angular/angular-cli/commit/1a876a3153ca12e22c129b51bef5e88ec8c084ee"><code>1a876a3</code></a>
build: update Angular versions to 18.2 stable</li>
<li><a
href="https://github.com/angular/angular-cli/commit/eb9c7fee72a7164e354d1ace1bad6d54df7e4c62"><code>eb9c7fe</code></a>
build: remove unnecessary excludes from tsconfig.json</li>
<li><a
href="https://github.com/angular/angular-cli/commit/0c2ca9a040c0ce69ad363b8cb323af87c6b6e4e5"><code>0c2ca9a</code></a>
build: remove Bazel typings workaround</li>
<li><a
href="https://github.com/angular/angular-cli/commit/4528be1eaba299ec5dae978d6e25e29ef5db770d"><code>4528be1</code></a>
build: add missing <code>pkg_deps</code> for
<code>@angular/create</code></li>
<li><a
href="https://github.com/angular/angular-cli/commit/d14c9ab0d91411fd20c216d1e27b0233ae48e877"><code>d14c9ab</code></a>
refactor(<code>@​angular-devkit/build-angular</code>): reduce custom
code in browser-esbuil...</li>
<li><a
href="https://github.com/angular/angular-cli/commit/5eef87c25cc5242a774ca523517ae092923b179a"><code>5eef87c</code></a>
build: update all non-major dependencies</li>
<li><a
href="https://github.com/angular/angular-cli/commit/62c040a6a3924496347b439c756f31394fae65e8"><code>62c040a</code></a>
build: update all non-major dependencies</li>
<li><a
href="https://github.com/angular/angular-cli/commit/6351c44dfc903d25e5d1a14d03b90c23eeb31009"><code>6351c44</code></a>
release: cut the v18.2.0-rc.0 release</li>
<li><a
href="https://github.com/angular/angular-cli/commit/6419c2a2e2c1958689f8977c03ce865540350b3d"><code>6419c2a</code></a>
build: update angular</li>
<li>Additional commits viewable in <a
href="https://github.com/angular/angular-cli/compare/18.1.4...18.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/cli&package-manager=npm_and_yarn&previous-version=18.1.4&new-version=18.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 web_embedding/ng-flutter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/web_embedding/ng-flutter/package.json b/web_embedding/ng-flutter/package.json
index 52d72f5d3..5563fb61e 100644
--- a/web_embedding/ng-flutter/package.json
+++ b/web_embedding/ng-flutter/package.json
@@ -27,7 +27,7 @@
   },
   "devDependencies": {
     "@angular-devkit/build-angular": "^18.0.2",
-    "@angular/cli": "~18.1.0",
+    "@angular/cli": "~18.2.0",
     "@angular/compiler-cli": "^18.0.1",
     "@types/jasmine": "~5.1.0",
     "jasmine-core": "~5.2.0",

From 020ba09fe42cd97c9e17383bb4be043e60de7fba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 17:13:05 +1000
Subject: [PATCH 2/2] Bump github/codeql-action from 3.26.2 to 3.26.3 (#2391)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.2 to 3.26.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.25.12 - 12 Jul 2024</h2>
<ul>
<li>Improve the reliability and performance of analyzing code when
analyzing a compiled language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a> on GitHub Enterprise Server. This feature is already available
to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2353">#2353</a></li>
<li>Update default CodeQL bundle version to 2.18.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2364">#2364</a></li>
</ul>
<h2>3.25.11 - 28 Jun 2024</h2>
<ul>
<li>Avoid failing the workflow run if there is an error while uploading
debug artifacts. <a
href="https://redirect.github.com/github/codeql-action/pull/2349">#2349</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/883d8588e56d1753a8a58c1c86e88976f0c23449"><code>883d858</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2431">#2431</a>
from github/update-v3.26.3-b187c86ce</li>
<li><a
href="https://github.com/github/codeql-action/commit/e100cebbec1356794a5aaef00c9bb3bff114bdaa"><code>e100ceb</code></a>
Update changelog for v3.26.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/b187c86ce5456b99777446fbd009ce936d2c6cf4"><code>b187c86</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2430">#2430</a>
from github/henrymercer/windows-diagnostics-fix</li>
<li><a
href="https://github.com/github/codeql-action/commit/e2bb5a277705da6cf2110f35d228f5f93e694c5e"><code>e2bb5a2</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/e5a65875f9a0652d275278a1802b2b7a7252b545"><code>e5a6587</code></a>
Fix writing diagnostics on Windows</li>
<li><a
href="https://github.com/github/codeql-action/commit/5c681efc3f71cd6b47b1c14583c9e86913966e9f"><code>5c681ef</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2426">#2426</a>
from github/mergeback/v3.26.2-to-main-429e1977</li>
<li><a
href="https://github.com/github/codeql-action/commit/676519a88282d8e2d89fa38d2b61b8122b7449ad"><code>676519a</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/25a5b8f08cdeeffce170bbe78f0cb651b755430e"><code>25a5b8f</code></a>
Update changelog and version after v3.26.2</li>
<li>See full diff in <a
href="https://github.com/github/codeql-action/compare/429e1977040da7a23b6822b13c129cd1ba93dbb2...883d8588e56d1753a8a58c1c86e88976f0c23449">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.2&new-version=3.26.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/scorecards-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index f622a06e6..5ec3cb391 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2
+        uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449
         with:
           sarif_file: results.sarif

Commit	Description
	allow explicitly disabling TypeScript incremental mode
	lazy load Node.js inspector for dev server
Commit	Description
	add CSP `nonce` attribute to script tags when inline critical CSS is disabled
	prevent build failures with remote CSS imports when Tailwind is configured
	resolve error with `extract-i18n` builder for libraries
Commit	Description
	account for HTML base HREF for dev-server externals
	correctly detect comma in Sass URL lexer
	prevent redirection loop
	serve HTML files directly