You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Establishes full documentation extraction parity with the json_api Bazel rule target.
Standardizes the accompanying toolbar component showcase into the clean aria-toolbar path.
Re-routes dev-app navigation links and migrates public API golden records.
SimpleCombobox has been promoted to Combobox. All simple-combobox prefixed symbols, selectors, and tokens have been renamed to use the combobox prefix.
refactor(aria/combobox): relocate and restructure autocomplete and toolbar examples
Relocate the autocomplete examples to src/components-examples/aria/autocomplete and toolbar examples to src/components-examples/aria/toolbar.
Restore naming continuity with the historical codebase by stripping redundant prefixes from example filenames and component selectors.
The injector parameter of the ConfigurableFocusTrap and FocusTrap constructors is now required.
The boolean parameter of ConfigurableFocusTrapFactory.create has been replaced with a config object.
MESSAGES_CONTAINER_ID has been removed.
The event parameter of DropListRef.drop is now required.
ContextMenuTracker has been renamed to MenuTracker.
material
MatListOption.checkboxPosition has been removed. use togglePosition instead.
MatListOptionCheckboxPosition has been renamed to MatListOptionTogglePosition.
ArrowViewState has been removed.
ArrowViewStateTransition has been removed.
multiple
A bunch of constructors that with rest arguments have been removed. If you were extending Material/CDK components, you may have to update your super calls accordingly.
Renames the values input/model to value in Combobox, Listbox, Tree, Menu, Toolbar, and Select. Users must update their templates to use the value property instead of values.
To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.
To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.
#374132de5d2 Thanks @clr182! - logs: the console-log integration now respects opt_out_capturing() — it checks is_capturing() before emitting, so log events stop on opt-out (and resume on opt-in).
(2026-06-04)
#3736374962a Thanks @arnohillen! - replay: re-apply scroll positions after fast-forward/seek. Scrolls applied mid-catch-up could clamp to 0 when the target wasn't scrollable yet (e.g. scroll-revealed sheets/modals whose content sits below the fold), leaving the content scrolled out of view on replay. The last scroll per node is now re-applied in the flush stage once layout has settled. posthog-js is bumped too so the rebuilt bundle containing the fix is published.
(2026-06-03)
#35704a27ced Thanks @gruessi! - fix(record): release iframe documents and observers on iframe removal — same-origin iframes mounted and unmounted while session recording is active no longer leak their Document, every node serialized into the mirror, or one MutationObserver per mount. Closes eight retainer chains: load-listener disposers, named pagehide handlers, the recordCrossOriginIframes cleanup gate (now applied to same-origin too), captured Document / Window sets that survive iframe.src swap-to-about:blank before removal, and the global mutationBuffers[] / handlers[] arrays which previously accumulated forever. Validated end-to-end: a host page that mounts/unmounts 5 blob-URL iframes every 2s for 110s went from +118 MB / +390 leaked HTMLDocuments to ~0 MB / 0.
(2026-06-03)
#37171688b38 Thanks @turnipdabeets! - Move the OpenTelemetry logs dependencies to devDependencies. They are only used to build the CDN-served logs extension chunk, which inlines them, so consumers no longer install the transitive protobufjs (whose eval("require") tripped unsafe-eval Content Security Policies).
If you imported @opentelemetry/* directly while relying on it being hoisted from posthog-js, add it to your own dependencies. (2026-06-03)
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@angular/build@21.2.14. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
Obfuscated code: npm posthog-js is 90.0% likely obfuscated
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/posthog-js@1.379.3. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
Obfuscated code: npm posthog-js is 90.0% likely obfuscated
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/posthog-js@1.379.3. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
21.2.15→21.2.1621.2.13→21.2.1422.0.0-rc.2→22.0.021.2.13→21.2.1421.2.15→21.2.1622.0.0-rc.2→22.0.021.2.15→21.2.1622.0.0-rc.2→22.0.021.2.15→21.2.1622.0.0-rc.2→22.0.021.2.15→21.2.1622.0.0-rc.2→22.0.021.2.15→21.2.1622.0.0-rc.2→22.0.021.2.13→21.2.1421.2.15→21.2.1622.0.0-rc.2→22.0.021.2.15→21.2.1621.2.15→21.2.1622.0.0-rc.2→22.0.05.28.0→5.30.02.1.1→2.1.21.376.4→1.379.34.22.3→4.22.48.0.14→8.0.164.1.7→4.1.8Release Notes
angular/angular (@angular/animations)
v21.2.16Compare Source
angular/angular-cli (@angular/build)
v21.2.14Compare Source
@angular/cli
@angular/build
angular/components (@angular/cdk)
v22.0.0Compare Source
Breaking Changes
aria
The legacy combobox and autocomplete implementations have been removed. Use the new standalone combobox instead.
comboboxentry points.SIMPLE_COMBOBOX_POPUP->COMBOBOX_POPUP).json_apiBazel rule target.aria-toolbarpath.SimpleComboboxhas been promoted toCombobox. Allsimple-comboboxprefixed symbols, selectors, and tokens have been renamed to use thecomboboxprefix.Relocate the autocomplete examples to
src/components-examples/aria/autocompleteand toolbar examples tosrc/components-examples/aria/toolbar.cdk
CDK_DESCRIBEDBY_HOST_ATTRIBUTEhas been removed.CDK_DESCRIBEDBY_ID_PREFIXhas been removed.injectorparameter of theConfigurableFocusTrapandFocusTrapconstructors is now required.ConfigurableFocusTrapFactory.createhas been replaced with a config object.MESSAGES_CONTAINER_IDhas been removed.eventparameter ofDropListRef.dropis now required.ContextMenuTrackerhas been renamed toMenuTracker.material
MatListOption.checkboxPositionhas been removed. usetogglePositioninstead.MatListOptionCheckboxPositionhas been renamed toMatListOptionTogglePosition.ArrowViewStatehas been removed.ArrowViewStateTransitionhas been removed.multiple
supercalls accordingly.Renames the values input/model to value in Combobox, Listbox, Tree, Menu, Toolbar, and Select. Users must update their templates to use the value property instead of values.
google-maps
material
cdk
aria
multiple
v22.0.0-rc.3: 22.0.0-rc.3Compare Source
material
angular/angular (@angular/common)
v21.2.16Compare Source
angular/angular (@angular/compiler)
v21.2.16Compare Source
common
compiler
core
platform-server
sanity-io/sanity (@sanity/types)
v5.30.0Compare Source
Sanity Studio v5.30.0
This release includes various improvements and bug fixes.
For the complete changelog with all details, please visit:
www.sanity.io/changelog/studio-NS4yOS4w
Install or upgrade Sanity Studio
To upgrade to this version, run:
To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.
📓 Full changelog
2ae1370cf5baebdf8fc74v5.29.0Compare Source
Sanity Studio v5.29.0
This release includes various improvements and bug fixes.
For the complete changelog with all details, please visit:
www.sanity.io/changelog/studio-NS4yOC4w
Install or upgrade Sanity Studio
To upgrade to this version, run:
To initiate a new Sanity Studio project or learn more about upgrading, please refer to our comprehensive guide on Installing and Upgrading Sanity Studio.
📓 Full changelog
3fa8dc546f9caa30f89d5054950f3a2fc8b8df5ed300aa75307d4dd9472c31421c6530daf6c3534982cf4c3064b2273ad607cda4665872fesxzz/obug (obug)
v2.1.2Compare Source
No significant changes
View changes on GitHub
PostHog/posthog-js (posthog-js)
v1.379.3Compare Source
1.379.3
Patch Changes
32de5d2Thanks @clr182! - logs: the console-log integration now respectsopt_out_capturing()— it checksis_capturing()before emitting, so log events stop on opt-out (and resume on opt-in).(2026-06-04)
v1.379.2Compare Source
1.379.2
Patch Changes
374962aThanks @arnohillen! - replay: re-apply scroll positions after fast-forward/seek. Scrolls applied mid-catch-up could clamp to 0 when the target wasn't scrollable yet (e.g. scroll-revealed sheets/modals whose content sits below the fold), leaving the content scrolled out of view on replay. The last scroll per node is now re-applied in the flush stage once layout has settled.posthog-jsis bumped too so the rebuilt bundle containing the fix is published.(2026-06-03)
v1.379.1Compare Source
1.379.1
Patch Changes
#3570
4a27cedThanks @gruessi! - fix(record): release iframe documents and observers on iframe removal — same-origin iframes mounted and unmounted while session recording is active no longer leak theirDocument, every node serialized into the mirror, or oneMutationObserverper mount. Closes eight retainer chains: load-listener disposers, named pagehide handlers, therecordCrossOriginIframescleanup gate (now applied to same-origin too), capturedDocument/Windowsets that surviveiframe.srcswap-to-about:blankbefore removal, and the globalmutationBuffers[]/handlers[]arrays which previously accumulated forever. Validated end-to-end: a host page that mounts/unmounts 5 blob-URL iframes every 2s for 110s went from +118 MB / +390 leakedHTMLDocuments to ~0 MB / 0.(2026-06-03)
#3717
1688b38Thanks @turnipdabeets! - Move the OpenTelemetry logs dependencies todevDependencies. They are only used to build the CDN-servedlogsextension chunk, which inlines them, so consumers no longer install the transitiveprotobufjs(whoseeval("require")trippedunsafe-evalContent Security Policies).If you imported
@opentelemetry/*directly while relying on it being hoisted fromposthog-js, add it to your own dependencies. (2026-06-03)Updated dependencies []:
v1.379.0Compare Source
1.379.0
Minor Changes
c487070Thanks @marandaneto! - Add$sdk_dist_channelevent property for browser SDKnpmandcdndistribution channels.(2026-06-02)
Patch Changes
v1.378.1Compare Source
1.378.1
Pat
Configuration
📅 Schedule: (in timezone Asia/Shanghai)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.