Skip to content

chore(deps): bump @angular/common from 15.2.10 to 20.3.25#105

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/common-20.3.25
Closed

chore(deps): bump @angular/common from 15.2.10 to 20.3.25#105
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/common-20.3.25

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/common from 15.2.10 to 20.3.25.

Release notes

Sourced from @​angular/common's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • 06be298 fix(http): preserve empty referrer option in HttpRequest
  • 9f443bc fix(common): Limits date format string length
  • fa940e1 fix(http): Rejects non-HTTP(S) URLs in JSONP requests
  • 1a62130 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • 566ad05 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e2ef1ce fix(http): skip transfer cache for fetch credentialed requests
  • 3d135ce fix(common): add upper bounds for digitsInfo
  • 39a4b4c fix(common): sanitize placeholder
  • de7b2a6 fix(http): exclude withCredentials requests from transfer cache
  • 4233188 fix(http): skip TransferCache for cookie-bearing requests by default
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Coverage report

St.
Category Percentage Covered / Total
🟡 Statements 75% 30/40
🟡 Branches 60% 3/5
🟢 Functions 83.33% 5/6
🟡 Lines 72.97% 27/37

Test suite run success

10 tests passing in 2 suites.

Report generated by 🧪jest coverage report action from dc2bda8

Show full coverage report
St File % Stmts % Branch % Funcs % Lines Uncovered Line #s
🟡 All files 75 60 83.33 72.97
🔴  src 0 100 100 0
🔴   public-api.ts 0 100 100 0 5-13
🟢  src/lib 93.33 60 100 92.59
🟢   fingerprint.module.ts 100 100 100 100
🟢   fingerprint.providers.ts 100 100 100 100
🟢   fingerprint.service.ts 89.47 60 100 88.88 57,64
🟢   version.ts 100 100 100 100
🟡  src/lib/tokens 66.66 100 0 66.66
🟡   fingerprint-angular-settings-token.ts 66.66 100 0 66.66 7

@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/angular/common-20.3.25 branch from dc2bda8 to f5bd159 Compare July 13, 2026 09:32
Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 15.2.10 to 20.3.25.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/common)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 20.3.25
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/angular/common-20.3.25 branch from f5bd159 to 8a848af Compare July 13, 2026 14:21
@github-actions

Copy link
Copy Markdown
Contributor

⚠️ This PR doesn't contain any changesets. If there are user-facing changes, don't forget to run:

pnpm exec changeset

to create a changeset.

@github-actions

Copy link
Copy Markdown
Contributor

Wrong commit message format detected

We use Semantic Commit Messages in our project.

Warning
Probably you forgot to activate local git hooks.

Run the next command in the project root to activate local hooks:

sh ./install_hooks.sh

More info you can find in job logs

Commitlint Errors

@ilfa ilfa closed this Jul 17, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/angular/common-20.3.25 branch July 17, 2026 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant