Skip to content

build(deps): bump @angular/compiler from 21.2.9 to 21.2.17#21

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/compiler-21.2.17
Open

build(deps): bump @angular/compiler from 21.2.9 to 21.2.17#21
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/compiler-21.2.17

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps @angular/compiler from 21.2.9 to 21.2.17.

Release notes

Sourced from @​angular/compiler's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • dc9c996 fix(compiler): sanitize two-way properties
  • ae1c8a1 fix(compiler): move projection attributes into constants
  • eb1cbbf fix(compiler): prevent namespaced SVG <style> elements from being stripped
  • 29ceeff docs: fix typos in source code comments
  • 782e015 fix(compiler): strip namespaced SVG script elements during template compilati...
  • ff12fe5 fix(core): normalize tag names in runtime i18n attribute security context loo...
  • 0b07f47 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
  • cc1378d fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
  • daaf329 fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
  • 68282df fix(compiler): strip namespaced SVG script elements during template compilation
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@jdwillmsen jdwillmsen mentioned this pull request Jun 16, 2026
Merged
@jdwillmsen

jdwillmsen commented Jun 16, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/angular/compiler-21.2.17 branch from 04d71c5 to 60df5c7 Compare June 16, 2026 02:36
@nx-cloud

nx-cloud Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

View your CI Pipeline Execution ↗ for commit 60df5c7

Command Status Duration Result
nx affected -t build ✅ Succeeded 1m 33s View ↗
nx affected -t lint test ✅ Succeeded 1m 6s View ↗
nx-cloud record -- nx format:check ✅ Succeeded <1s View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗

☁️ Nx Cloud last updated this comment at 2026-06-16 03:06:50 UTC

@dependabot
build(deps): bump @angular/compiler from 21.2.9 to 21.2.17
208a253 
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 21.2.9 to 21.2.17.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/compiler)

---
updated-dependencies:
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.17
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/angular/compiler-21.2.17 branch from 60df5c7 to 208a253 Compare June 16, 2026 02:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdwillmsen