build: update cross-repo angular dependencies (22.0.x)

[angular-robot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@angular-devkit/build-angular	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular-devkit/core	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular-devkit/schematics	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/build	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/cli	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/common (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/compiler (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/compiler-cli (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/core (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/forms (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/localize	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/ng-dev	74db100 → 5d98425					devDependencies	digest
@angular/platform-browser (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/platform-browser-dynamic (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/platform-server (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/router (source)	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@angular/ssr	22.0.0 → 22.0.1					pnpm.catalog.default	patch
@schematics/angular	22.0.0 → 22.0.1					pnpm.catalog.default	patch
devinfra	e78f06f → b9d15e3					git_override	digest
rules_angular	02e0d38 → 0571709					git_override	digest
rules_browsers	c7e596a → 3e345a4					git_override	digest
rules_sass	77d16f9 → 1e456af					git_override	digest

🔡 If you wish to disable git hash updates, add ":disableDigestUpdates" to the extends array in your config.

---

• If you want to rebase/retry this PR, check this box

---

Release Notes

angular/angular-cli (@​angular-devkit/build-angular)

v22.0.1

Compare Source

@​angular/cli

Commit	Type	Description
b54e9a549	fix	do not sort migrations of the same version alphabetically
d33311612	fix	fallback to local package.json for schematic detection on first run
918102a93	fix	isolate temporary package installation from parent pnpm workspace
b048b5f4a	fix	remove forceAuth and unscoped credential parsing
277934035	fix	validate registry option is a valid URL in ng add
4510dae02	perf	optimize update schematic registry query counts by fetching package metadata lazily

@​schematics/angular

Commit	Type	Description
c80012294	fix	fix browserMode option mapping in refactor-jasmine-vitest
a9b6bd904	fix	safely comment out multiline statements in refactor-jasmine-vitest
12199df00	fix	use null objects and callbacks in karma-to-vitest migration

@​angular/build

Commit	Type	Description
89d1be979	fix	allow disabling Vitest isolation from builder
d45b84be9	fix	exclude JSON imports from Vite dependency optimization
e3cab4ddd	fix	prevent concurrent stylesheet bundling esbuild context leaks
bd413b0eb	fix	restrict application builder output paths to output directory

angular/angular (@​angular/common)

v22.0.1

Compare Source

Deprecations

platform-server

• XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.
  (cherry picked from commit 8446e46)

common

Commit	Type	Description
c4b5fa3c92	fix	escape CSS string-terminating characters in escapeCssUrl
dfff57ede9	fix	Limits date format string length
3c2892c8df	fix	prevent prototype pollution in formatDateTime
1d87c49f6e	fix	use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit	Type	Description
1ee224ca30	fix	disallow i18n event attributes
a56f1cdf8f	fix	more robust logic to check if regex can be optimized
5946c18275	fix	sanitize href/xlink:href attributes of any element of the MathML namespace
393b84caf8	fix	sanitize two-way properties

compiler-cli

Commit	Type	Description
3d9ca2f173	fix	bind switch exhaustive check expressions

core

Commit	Type	Description
669146b0e7	fix	disable WebMCP during SSR
562a566ead	fix	Handle synchronous errors in PendingTasks.run function
fa546f382d	fix	harden TransferState restoration against DOM clobbering
29fdb98684	fix	prevent dangling prevConsumer reference from leaking destroyed views (#​68681)
cdcea80327	fix	require WebMCP tool descriptions
4289c4c840	fix	update comment for Default change detection
3dd433b39a	fix	use Object.hasOwn to handle null-prototype objects in toStylingKeyValueArray
045bb736b3	fix	validate lowercase SVG animation attribute names

forms

Commit	Type	Description
11836a670a	fix	delay mcp reading the form model by a tick
85d2d100e3	fix	harden FormGroup control lookups against prototype shadowing
e51ad374ea	fix	remove animationstart listener on component destroy to prevent memory leak
55b7b5a6b6	fix	set additionalProperties: false on generated WebMCP form

http

Commit	Type	Description
ffb06c0514	fix	ensure query parameters are inserted before URL fragments
2dd65d21e6	fix	pass down the reportUploadProgress and reportDownloadProgress on post/patch requests
4254eb416c	fix	preserve empty referrer option in HttpRequest
167bd4c162	fix	Rejects non-HTTP(S) URLs in JSONP requests

language-service

Commit	Type	Description
43a0e28729	fix	prevent external template inlay hints from appearing in TS files

platform-server

Commit	Type	Description
ed48ca7f51	fix	harden platform location origin validation during SSR
1881ede3a7	refactor	deprecate ServerXhr

router

Commit	Type	Description
43edc8410f	fix	use native URL object for navigation boundary and comparison

service-worker

Commit	Type	Description
cf97b1f828	fix	Strips sensitive headers on cross-origin redirects