Bump rollup and @angular-devkit/build-angular

[dependabot]

Bumps rollup to 4.52.0 and updates ancestor dependency @angular-devkit/build-angular. These dependencies need to be updated together.

Updates rollup from 2.1.0 to 4.52.0

Release notes

Sourced from rollup's releases.

v4.52.0

4.52.0

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#6087)
• Add support for x86_64-pc-windows-gnu platform (#6110)

Pull Requests

• #6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

v4.51.0

4.51.0

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#6108)

Bug Fixes

• Improve OpenHarmony build to work in more situations (#6115)

Pull Requests

• #6108: feat: support ROLLUP_FILE_URL_OBJ for URL object instead of string (@​guybedford, @​lukastaegert)
• #6112: Disable Cargo cache for Android (@​lukastaegert)
• #6113: fix(deps): update rust crate swc_compiler_base to v35 (@​renovate[bot])
• #6114: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6115: Disable local_dynamic_tls for OpenHarmony (@​hqzing)
• #6116: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6117: chore(deps): lock file maintenance (@​renovate[bot])

v4.50.2

4.50.2

2025-09-15

Bug Fixes

• Resolve an issue where unused destructured array pattern declarations would conflict with included variables (#6100)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

rollup changelog

2.79.1

2022-09-22

Bug Fixes

• Avoid massive performance degradation when creating thousands of chunks (#4643)

Pull Requests

• #4639: fix: typo docs and contributors link in CONTRIBUTING.md ( @​takurinton)
• #4641: Update type definition of resolveId (@​ivanjonas)
• #4643: Improve performance of chunk naming collision check ( @​lukastaegert)

2.79.0

2022-08-31

Features

• Add amd.forceJsExtensionForImports to enforce using .js extensions for relative AMD imports (#4607)

Pull Requests

• #4607: add option to keep extensions for amd (@​wh1tevs)

2.78.1

2022-08-19

Bug Fixes

• Avoid inferring "arguments" as name for a default export placeholder variable (#4613)

Pull Requests

• #4613: Prevent using arguments for generated variable names ( @​lukastaegert)

2.78.0

2022-08-14

Features

• Support writing plugin hooks as objects with a "handler" property (#4600)
• Allow changing execution order per plugin hook (#4600)
• Add flag to execute plugins in async parallel hooks sequentially (#4600)

... (truncated)

Commits

• 2029f63 4.52.0
• 039ba6b Fix release script for commits without GitHub authors
• 98f5d35 Automatically remove REPL artefacts label from PRs (#6118)
• 3f124ba fix: manualChunks and non manualChunks shared dependencies are merged with th...
• a0bb78c Add support x86_64-pc-windows-gnu (#6110)
• 1748736 4.51.0
• e518bde chore(deps): lock file maintenance (#6117)
• 9265955 Disable local_dynamic_tls for OpenHarmony (#6115)
• 0b8e19d fix(deps): update rust crate swc_compiler_base to v35 (#6113)
• b14f803 chore(deps): lock file maintenance minor/patch updates (#6116)
• Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 0.901.13 to 20.3.2

Release notes

Sourced from @​angular-devkit/build-angular's releases.

20.3.2

No release notes provided.

20.3.1

@​angular/build

Commit	Description
	add timestamp to bundle generation log
	update vite to version 7.1.5

20.3.0

@​angular/cli

Commit	Description
	improve bun lockfile detection and optimize lockfile checks

@​schematics/angular

Commit	Description
	align labels in ai-config schema

@​angular-devkit/build-angular

Commit	Description
	avoid extra tick in SSR builds

@​angular/build

Commit	Description
	preserve names in esbuild for improved debugging in dev mode

@​angular/ssr

Commit	Description
	introduce BootstrapContext for isolated server-side rendering

Breaking Changes

@​angular/ssr

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) =>
    bootstrapApplication(AppComponent, config, context);

For more information please see: GHSA-68x2-mx4q-78m7

20.3.0-rc.0

@​angular/cli

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

20.3.2 (2025-09-17)

19.2.17 (2025-09-17)

@​angular/build

Commit	Type	Description
365d525b5	fix	update vite to 6.3.6

20.3.1 (2025-09-11)

@​angular/build

Commit	Type	Description
be60be499	fix	add timestamp to bundle generation log
d60f4e53d	fix	update vite to version 7.1.5

18.2.21 (2025-09-10)

Breaking Changes

@​angular/ssr

• The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

  Before:

  const bootstrap = () => bootstrapApplication(AppComponent, config);

  After:

  const bootstrap = (context: BootstrapContext) =>
    bootstrapApplication(AppComponent, config, context);

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.