Skip to content

Bump @angular/platform-server from 20.0.0 to 20.3.24 in /starters/angular/kanban#642

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/starters/angular/kanban/angular/platform-server-20.3.24
Open

Bump @angular/platform-server from 20.0.0 to 20.3.24 in /starters/angular/kanban#642
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/starters/angular/kanban/angular/platform-server-20.3.24

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/platform-server from 20.0.0 to 20.3.24.

Release notes

Sourced from @​angular/platform-server's releases.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description
fix - 3d135ce59b add upper bounds for digitsInfo
fix - 39a4b4cc8e sanitize placeholder

compiler

Commit Description
fix - 8f35b182b1 normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)
fix - 64a89e917a sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)
fix - 6404edfe0a strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description
fix - e345a58069 normalize tag names in runtime i18n attribute security context lookup (#68926)
fix - d86e4e7b2a reject script element as a dynamic component host (#68926)
fix - af04936045 sanitize meta selectors
fix - dc631efa96 support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)
fix - 909ef047b3 synchronize core sanitization schema with compiler (#68926)

http

Commit Description
fix - de7b2a62e7 exclude withCredentials requests from transfer cache
fix - 4233188d8e skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - 49a60f6045 secure location and document initialization against SSRF and path hijack

service-worker

Commit Description
fix - 5fdfd8a998 preserve redirect policy on reconstructed asset requests
fix - 83b022f2d0 Preserves explicit 'credentials: omit' in asset requests
fix - e617fa06eb Preserves HTTP cache mode in asset group requests

20.3.21

... (truncated)

Changelog

Sourced from @​angular/platform-server's changelog.

20.3.24 (2026-06-02)

platform-server

Commit Type Description
6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs
8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description
7f4ac78994 fix add upper bounds for digitsInfo
300f61feb3 fix sanitize placeholder

compiler

Commit Type Description
0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
eb1cbbf2eb fix prevent namespaced SVG elements from being stripped
cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description
ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)
e6fe77cc97 fix sanitize meta selectors
daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description
582a417bd2 fix exclude withCredentials requests from transfer cache
5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description
37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description
b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests
ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

... (truncated)

Commits
  • 6ca433e fix(platform-server): throw on suspicious URLs and restrict protocol-relative...
  • c99d9f0 refactor(platform-server): extract parseUrl regex and add comments for URL pa...
  • 49a60f6 fix(platform-server): secure location and document initialization against SSR...
  • f584840 fix(platform-server): add allowedHosts option to renderModule and `render...
  • 25e4e07 fix(platform-server): ensure origin has a trailing slash when parsing url (#6...
  • 303d4cd fix(platform-server): prevent SSRF bypasses via protocol-relative and backsla...
  • 4c66fe4 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
  • ee578d3 build: format md files
  • 5b0363c refactor(core): warning when hydration trigger is used without hydration b...
  • 542cd00 fix(core): do not rename ARIA property bindings to attributes (#64089)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump @angular/platform-server in /starters/angular/kanban
acd204b 
Bumps [@angular/platform-server](https://github.com/angular/angular/tree/HEAD/packages/platform-server) from 20.0.0 to 20.3.24.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/platform-server)

---
updated-dependencies:
- dependency-name: "@angular/platform-server"
  dependency-version: 20.3.24
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamesdaniels jamesdaniels Awaiting requested review from jamesdaniels jamesdaniels is a code owner

@Yuangwang Yuangwang Awaiting requested review from Yuangwang Yuangwang is a code owner

@annajowang annajowang Awaiting requested review from annajowang annajowang is a code owner

@abhis3 abhis3 Awaiting requested review from abhis3 abhis3 is a code owner

@falahat falahat Awaiting requested review from falahat falahat is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants