Skip to content

chore(deps-dev): bump @angular/compiler-cli from 20.3.10 to 20.3.24#11256

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/compiler-cli-20.3.24
Closed

chore(deps-dev): bump @angular/compiler-cli from 20.3.10 to 20.3.24#11256
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/compiler-cli-20.3.24

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/compiler-cli from 20.3.10 to 20.3.24.

Release notes

Sourced from @​angular/compiler-cli's releases.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description
fix - 3d135ce59b add upper bounds for digitsInfo
fix - 39a4b4cc8e sanitize placeholder

compiler

Commit Description
fix - 8f35b182b1 normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)
fix - 64a89e917a sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)
fix - 6404edfe0a strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description
fix - e345a58069 normalize tag names in runtime i18n attribute security context lookup (#68926)
fix - d86e4e7b2a reject script element as a dynamic component host (#68926)
fix - af04936045 sanitize meta selectors
fix - dc631efa96 support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)
fix - 909ef047b3 synchronize core sanitization schema with compiler (#68926)

http

Commit Description
fix - de7b2a62e7 exclude withCredentials requests from transfer cache
fix - 4233188d8e skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - 49a60f6045 secure location and document initialization against SSRF and path hijack

service-worker

Commit Description
fix - 5fdfd8a998 preserve redirect policy on reconstructed asset requests
fix - 83b022f2d0 Preserves explicit 'credentials: omit' in asset requests
fix - e617fa06eb Preserves HTTP cache mode in asset group requests

20.3.21

... (truncated)

Changelog

Sourced from @​angular/compiler-cli's changelog.

20.3.24 (2026-06-02)

platform-server

Commit Type Description
6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs
8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description
7f4ac78994 fix add upper bounds for digitsInfo
300f61feb3 fix sanitize placeholder

compiler

Commit Type Description
0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
eb1cbbf2eb fix prevent namespaced SVG elements from being stripped
cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description
ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)
e6fe77cc97 fix sanitize meta selectors
daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description
582a417bd2 fix exclude withCredentials requests from transfer cache
5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description
37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description
b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests
ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

... (truncated)

Commits
  • 7ae6381 test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...
  • 6404edf fix(compiler): strip namespaced SVG script elements during template compilati...
  • a9bcffd fix(core): disallow event attribute bindings in host bindings unconditionally...
  • c2c2b4a fix(core): sanitize sensitive attributes on SVG script elements
  • d1ca8ae fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
  • ee578d3 build: format md files
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump @angular/compiler-cli from 20.3.10 to 20.3.24
d70c983 
Bumps [@angular/compiler-cli](https://github.com/angular/angular/tree/HEAD/packages/compiler-cli) from 20.3.10 to 20.3.24.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/compiler-cli)

---
updated-dependencies:
- dependency-name: "@angular/compiler-cli"
  dependency-version: 20.3.24
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file JavaScript patch labels Jun 3, 2026
@nx-cloud

nx-cloud Bot commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit d70c983

Command Status Duration Result
nx test apps-automated -c=android ✅ Succeeded 3m 41s View ↗
nx run-many --target=test --configuration=ci --... ✅ Succeeded 3s View ↗

☁️ Nx Cloud last updated this comment at 2026-06-03 14:59:22 UTC

@dependabot @github

dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/angular/compiler-cli-20.3.24 branch June 4, 2026 22:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file JavaScript patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NathanWalker