[PR #770] Bump @angular/common from 13.0.0 to 20.3.25 in /angular/angular #17433

Open
opened 2026-07-11 15:51:10 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/docker/awesome-compose/pull/770
Author: @dependabot[bot]
Created: 6/20/2026
Status: 🔄 Open

Base: masterHead: dependabot/npm_and_yarn/angular/angular/angular/common-20.3.25


📝 Commits (1)

  • 5e197d8 Bump @angular/common from 13.0.0 to 20.3.25 in /angular/angular

📊 Changes

2 files changed (+8945 additions, -5231 deletions)

View changed files

📝 angular/angular/package-lock.json (+8944 -5230)
📝 angular/angular/package.json (+1 -1)

📄 Description

Bumps @angular/common from 13.0.0 to 20.3.25.

Release notes

Sourced from @​angular/common's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • 06be298 fix(http): preserve empty referrer option in HttpRequest
  • 9f443bc fix(common): Limits date format string length
  • fa940e1 fix(http): Rejects non-HTTP(S) URLs in JSONP requests
  • 1a62130 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • 566ad05 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e2ef1ce fix(http): skip transfer cache for fetch credentialed requests
  • 3d135ce fix(common): add upper bounds for digitsInfo
  • 39a4b4c fix(common): sanitize placeholder
  • de7b2a6 fix(http): exclude withCredentials requests from transfer cache
  • 4233188 fix(http): skip TransferCache for cookie-bearing requests by default
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/docker/awesome-compose/pull/770 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/20/2026 **Status:** 🔄 Open **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/angular/angular/angular/common-20.3.25` --- ### 📝 Commits (1) - [`5e197d8`](https://github.com/docker/awesome-compose/commit/5e197d8a1e84a0e1720490f8aec61fd99fa3283e) Bump @angular/common from 13.0.0 to 20.3.25 in /angular/angular ### 📊 Changes **2 files changed** (+8945 additions, -5231 deletions) <details> <summary>View changed files</summary> 📝 `angular/angular/package-lock.json` (+8944 -5230) 📝 `angular/angular/package.json` (+1 -1) </details> ### 📄 Description Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 13.0.0 to 20.3.25. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases">@​angular/common's releases</a>.</em></p> <blockquote> <h2>20.3.25</h2> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/9f443bc24c79dca998c9434d1e235dc19dc29bba"><img src="https://img.shields.io/badge/9f443bc24c-fix-green" alt="fix - 9f443bc24c" /></a></td> <td>Limits date format string length</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/566ad05f20732c38855353c3e73771ef9a34dadc"><img src="https://img.shields.io/badge/566ad05f20-fix-green" alt="fix - 566ad05f20" /></a></td> <td>skip transfer cache for uncacheable HTTP traffic</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/1a62130a6bb313e4441f005e480768a360c71be5"><img src="https://img.shields.io/badge/1a62130a6b-fix-green" alt="fix - 1a62130a6b" /></a></td> <td>use cryptographically secure SHA-256 for transfer cache key generation</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/a68ec702a056a2706a152fce29081241fd276f12"><img src="https://img.shields.io/badge/a68ec702a0-fix-green" alt="fix - a68ec702a0" /></a></td> <td>sanitize two-way properties</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/768a349e6e54ff16deba4c1bfe12be9d0f55f443"><img src="https://img.shields.io/badge/768a349e6e-fix-green" alt="fix - 768a349e6e" /></a></td> <td>harden TransferState restoration against DOM clobbering</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ca48b4728d5f6770be63a08f64a6432207ad54c0"><img src="https://img.shields.io/badge/ca48b4728d-fix-green" alt="fix - ca48b4728d" /></a></td> <td>validate lowercase SVG animation attribute names (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/69270">#69270</a>)</td> </tr> </tbody> </table> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/06be29826741212ca00e21efb6abff653e4541b5"><img src="https://img.shields.io/badge/06be298267-fix-green" alt="fix - 06be298267" /></a></td> <td>preserve empty referrer option in HttpRequest</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/fa940e1f4de75c33ccca50357d941be53a5a0950"><img src="https://img.shields.io/badge/fa940e1f4d-fix-green" alt="fix - fa940e1f4d" /></a></td> <td>Rejects non-HTTP(S) URLs in JSONP requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/e2ef1ce72ae084e01a76950c731052f4fa97fcdd"><img src="https://img.shields.io/badge/e2ef1ce72a-fix-green" alt="fix - e2ef1ce72a" /></a></td> <td>skip transfer cache for fetch credentialed requests</td> </tr> </tbody> </table> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/49368c185907edb48467074c56e305abbfa3544a"><img src="https://img.shields.io/badge/49368c1859-fix-green" alt="fix - 49368c1859" /></a></td> <td>harden platform location origin validation during SSR</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/d55c94ad811a15c9c255164a0d66892c645f602e"><img src="https://img.shields.io/badge/d55c94ad81-refactor-yellow" alt="refactor - d55c94ad81" /></a></td> <td>deprecate ServerXhr (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/69256">#69256</a>)</td> </tr> </tbody> </table> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d65a5f457b1afd6bdd4d952d3f213c6aa1aabcbc"><img src="https://img.shields.io/badge/d65a5f457b-fix-green" alt="fix - d65a5f457b" /></a></td> <td>Strips sensitive headers on cross-origin redirects</td> </tr> </tbody> </table> <h2>Deprecations</h2> <h3>platform-server</h3> <ul> <li>XHR support in <code>@angular/platform-server</code> is deprecated. Use standard <code>fetch</code> APIs instead.</li> </ul> <h2>20.3.24</h2> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/6ca433e56bcf74fdb6ad01d3afdf59628fba69b6"><img src="https://img.shields.io/badge/6ca433e56b-fix-green" alt="fix - 6ca433e56b" /></a></td> <td>throw on suspicious URLs and restrict protocol-relative URLs</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/8680b5152fe58ebde81e331b74ba806fc86514cc"><img src="https://img.shields.io/badge/8680b5152f-fix-green" alt="fix - 8680b5152f" /></a></td> <td>update domino to latest version</td> </tr> </tbody> </table> <h2>20.3.23</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d40acc6431997b304ec54c951e55d2e52ed6f6dc"><img src="https://img.shields.io/badge/d40acc6431-fix-green" alt="fix - d40acc6431" /></a></td> <td>prevent namespaced SVG <!-- raw HTML omitted --> elements from being stripped</td> </tr> </tbody> </table> <h2>20.3.22</h2> <h3>common</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md">@​angular/common's changelog</a>.</em></p> <blockquote> <h1>20.3.25 (2026-06-10)</h1> <h2>Deprecations</h2> <h3>platform-server</h3> <ul> <li>XHR support in <code>@angular/platform-server</code> is deprecated. Use standard <code>fetch</code> APIs instead.</li> </ul> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/9f443bc24c79dca998c9434d1e235dc19dc29bba">9f443bc24c</a></td> <td>fix</td> <td>Limits date format string length</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/566ad05f20732c38855353c3e73771ef9a34dadc">566ad05f20</a></td> <td>fix</td> <td>skip transfer cache for uncacheable HTTP traffic</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/1a62130a6bb313e4441f005e480768a360c71be5">1a62130a6b</a></td> <td>fix</td> <td>use cryptographically secure SHA-256 for transfer cache key generation</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/a68ec702a056a2706a152fce29081241fd276f12">a68ec702a0</a></td> <td>fix</td> <td>sanitize two-way properties</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/768a349e6e54ff16deba4c1bfe12be9d0f55f443">768a349e6e</a></td> <td>fix</td> <td>harden TransferState restoration against DOM clobbering</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ca48b4728d5f6770be63a08f64a6432207ad54c0">ca48b4728d</a></td> <td>fix</td> <td>validate lowercase SVG animation attribute names (<a href="https://redirect.github.com/angular/angular/pull/69270">#69270</a>)</td> </tr> </tbody> </table> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/06be29826741212ca00e21efb6abff653e4541b5">06be298267</a></td> <td>fix</td> <td>preserve empty referrer option in HttpRequest</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/fa940e1f4de75c33ccca50357d941be53a5a0950">fa940e1f4d</a></td> <td>fix</td> <td>Rejects non-HTTP(S) URLs in JSONP requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/e2ef1ce72ae084e01a76950c731052f4fa97fcdd">e2ef1ce72a</a></td> <td>fix</td> <td>skip transfer cache for fetch credentialed requests</td> </tr> </tbody> </table> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/49368c185907edb48467074c56e305abbfa3544a">49368c1859</a></td> <td>fix</td> <td>harden platform location origin validation during SSR</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/d55c94ad811a15c9c255164a0d66892c645f602e">d55c94ad81</a></td> <td>refactor</td> <td>deprecate ServerXhr (<a href="https://redirect.github.com/angular/angular/pull/69256">#69256</a>)</td> </tr> </tbody> </table> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d65a5f457b1afd6bdd4d952d3f213c6aa1aabcbc">d65a5f457b</a></td> <td>fix</td> <td>Strips sensitive headers on cross-origin redirects</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>22.0.0 (2026-06-03)</h1> <p><a href="https://goo.gle/angular-v22-blog">Blog post &quot;Announcing Angular v22&quot;</a>.</p> <h2>Breaking Changes</h2> <h3>compiler</h3> <ul> <li>This change will trigger the <code>nullishCoalescingNotNullable</code> and <code>optionalChainNotNullable</code> diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your <code>tsconfig</code> temporarily.</li> <li>data prefixed attribute no-longer bind inputs nor outputs.</li> <li>The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.</li> <li><code>in</code> variables will throw in template expressions.</li> </ul> <h3>compiler-cli</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular/commit/06be29826741212ca00e21efb6abff653e4541b5"><code>06be298</code></a> fix(http): preserve empty referrer option in HttpRequest</li> <li><a href="https://github.com/angular/angular/commit/9f443bc24c79dca998c9434d1e235dc19dc29bba"><code>9f443bc</code></a> fix(common): Limits date format string length</li> <li><a href="https://github.com/angular/angular/commit/fa940e1f4de75c33ccca50357d941be53a5a0950"><code>fa940e1</code></a> fix(http): Rejects non-HTTP(S) URLs in JSONP requests</li> <li><a href="https://github.com/angular/angular/commit/1a62130a6bb313e4441f005e480768a360c71be5"><code>1a62130</code></a> fix(common): use cryptographically secure SHA-256 for transfer cache key gene...</li> <li><a href="https://github.com/angular/angular/commit/566ad05f20732c38855353c3e73771ef9a34dadc"><code>566ad05</code></a> fix(common): skip transfer cache for uncacheable HTTP traffic</li> <li><a href="https://github.com/angular/angular/commit/e2ef1ce72ae084e01a76950c731052f4fa97fcdd"><code>e2ef1ce</code></a> fix(http): skip transfer cache for fetch credentialed requests</li> <li><a href="https://github.com/angular/angular/commit/3d135ce59bbf7426825bc493bc681f266846ac79"><code>3d135ce</code></a> fix(common): add upper bounds for digitsInfo</li> <li><a href="https://github.com/angular/angular/commit/39a4b4cc8e8d101a566a70658707bc9f53dd5883"><code>39a4b4c</code></a> fix(common): sanitize placeholder</li> <li><a href="https://github.com/angular/angular/commit/de7b2a62e7eded747c2a520c177cd41f60a96dcd"><code>de7b2a6</code></a> fix(http): exclude withCredentials requests from transfer cache</li> <li><a href="https://github.com/angular/angular/commit/4233188d8e70283190ea87dbaa5a872269291b4a"><code>4233188</code></a> fix(http): skip TransferCache for cookie-bearing requests by default</li> <li>Additional commits viewable in <a href="https://github.com/angular/angular/commits/v20.3.25/packages/common">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/common&package-manager=npm_and_yarn&previous-version=13.0.0&new-version=20.3.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/docker/awesome-compose/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-07-11 15:51:10 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-compose#17433