Skip to content

chore(deps): bump @angular/platform-server from 20.3.21 to 20.3.24#1373

Merged
just1and0 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/platform-server-20.3.24
Jun 19, 2026
Merged

chore(deps): bump @angular/platform-server from 20.3.21 to 20.3.24#1373
just1and0 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/platform-server-20.3.24

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps @angular/platform-server from 20.3.21 to 20.3.24.

Release notes

Sourced from @​angular/platform-server's releases.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description
fix - 3d135ce59b add upper bounds for digitsInfo
fix - 39a4b4cc8e sanitize placeholder

compiler

Commit Description
fix - 8f35b182b1 normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)
fix - 64a89e917a sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)
fix - 6404edfe0a strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description
fix - e345a58069 normalize tag names in runtime i18n attribute security context lookup (#68926)
fix - d86e4e7b2a reject script element as a dynamic component host (#68926)
fix - af04936045 sanitize meta selectors
fix - dc631efa96 support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)
fix - 909ef047b3 synchronize core sanitization schema with compiler (#68926)

http

Commit Description
fix - de7b2a62e7 exclude withCredentials requests from transfer cache
fix - 4233188d8e skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - 49a60f6045 secure location and document initialization against SSRF and path hijack

service-worker

Commit Description
fix - 5fdfd8a998 preserve redirect policy on reconstructed asset requests
fix - 83b022f2d0 Preserves explicit 'credentials: omit' in asset requests
fix - e617fa06eb Preserves HTTP cache mode in asset group requests
Changelog

Sourced from @​angular/platform-server's changelog.

20.3.24 (2026-06-02)

platform-server

Commit Type Description
6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs
8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description
7f4ac78994 fix add upper bounds for digitsInfo
300f61feb3 fix sanitize placeholder

compiler

Commit Type Description
0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
eb1cbbf2eb fix prevent namespaced SVG elements from being stripped
cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description
ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)
e6fe77cc97 fix sanitize meta selectors
daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description
582a417bd2 fix exclude withCredentials requests from transfer cache
5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description
37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description
b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests
ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

... (truncated)

Commits
  • 6ca433e fix(platform-server): throw on suspicious URLs and restrict protocol-relative...
  • c99d9f0 refactor(platform-server): extract parseUrl regex and add comments for URL pa...
  • 49a60f6 fix(platform-server): secure location and document initialization against SSR...
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
@just1and0 just1and0 self-requested a review June 18, 2026 12:37
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/angular/platform-server-20.3.24 branch 2 times, most recently from 0446c80 to 4377e0f Compare June 18, 2026 12:56
@just1and0

just1and0 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
chore(deps): bump @angular/platform-server from 20.3.21 to 20.3.24
9e70e89 
Bumps [@angular/platform-server](https://github.com/angular/angular/tree/HEAD/packages/platform-server) from 20.3.21 to 20.3.24.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/platform-server)

---
updated-dependencies:
- dependency-name: "@angular/platform-server"
  dependency-version: 20.3.24
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/angular/platform-server-20.3.24 branch from 4377e0f to 9e70e89 Compare June 18, 2026 13:05
@just1and0 just1and0 merged commit 90525ae into main Jun 19, 2026
13 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/angular/platform-server-20.3.24 branch June 19, 2026 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikehardy mikehardy mikehardy approved these changes

@just1and0 just1and0 just1and0 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@just1and0 @mikehardy