Bump the angular group with 15 updates by dependabot[bot] · Pull Request #5841 · DSpace/dspace-angular

dependabot · 2026-06-10T17:53:56Z

Bumps the angular group with 15 updates:

Package	From	To
@angular/animations	`20.3.21`	`20.3.24`
@angular/common	`20.3.21`	`20.3.24`
@angular/compiler	`20.3.21`	`20.3.24`
@angular/core	`20.3.21`	`20.3.24`
@angular/forms	`20.3.21`	`20.3.24`
@angular/localize	`20.3.21`	`20.3.24`
@angular/platform-browser	`20.3.21`	`20.3.24`
@angular/platform-browser-dynamic	`20.3.21`	`20.3.24`
@angular/platform-server	`20.3.21`	`20.3.24`
@angular/router	`20.3.21`	`20.3.24`
@angular/ssr	`20.3.26`	`20.3.27`
@angular-devkit/build-angular	`20.3.26`	`20.3.27`
@angular/cli	`20.3.26`	`20.3.27`
@angular/compiler-cli	`20.3.21`	`20.3.24`
@ngtools/webpack	`20.3.26`	`20.3.27`

Updates @angular/animations from 20.3.21 to 20.3.24

Release notes

Sourced from @angular/animations's releases.

20.3.24

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

20.3.23

compiler

Commit Description

prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)

sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)

strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68926)

reject script element as a dynamic component host (#68926)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)

synchronize core sanitization schema with compiler (#68926)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

secure location and document initialization against SSRF and path hijack

service-worker

Commit Description

preserve redirect policy on reconstructed asset requests

Preserves explicit 'credentials: omit' in asset requests

Preserves HTTP cache mode in asset group requests

Changelog

Sourced from @angular/animations's changelog.

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

Commit Type Description

0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

eb1cbbf2eb fix prevent namespaced SVG elements from being stripped

cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description

ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)

e6fe77cc97 fix sanitize meta selectors

daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description

582a417bd2 fix exclude withCredentials requests from transfer cache

5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description

37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient

72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description

b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests

ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

... (truncated)

Commits

See full diff in compare view

Updates @angular/common from 20.3.21 to 20.3.24

Release notes

Sourced from @angular/common's releases.

20.3.24

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

20.3.23

compiler

Commit Description

prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)

sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)

strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68926)

reject script element as a dynamic component host (#68926)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)

synchronize core sanitization schema with compiler (#68926)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

secure location and document initialization against SSRF and path hijack

service-worker

Commit Description

preserve redirect policy on reconstructed asset requests

Preserves explicit 'credentials: omit' in asset requests

Preserves HTTP cache mode in asset group requests

Changelog

Sourced from @angular/common's changelog.

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

Commit Type Description

0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

eb1cbbf2eb fix prevent namespaced SVG elements from being stripped

cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description

ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)

e6fe77cc97 fix sanitize meta selectors

daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description

582a417bd2 fix exclude withCredentials requests from transfer cache

5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description

37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient

72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description

b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests

ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

... (truncated)

Commits

3d135ce fix(common): add upper bounds for digitsInfo
39a4b4c fix(common): sanitize placeholder
de7b2a6 fix(http): exclude withCredentials requests from transfer cache
4233188 fix(http): skip TransferCache for cookie-bearing requests by default
See full diff in compare view

Updates @angular/compiler from 20.3.21 to 20.3.24

Release notes

Sourced from @angular/compiler's releases.

20.3.24

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

20.3.23

compiler

Commit Description

prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)

sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)

strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68926)

reject script element as a dynamic component host (#68926)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)

synchronize core sanitization schema with compiler (#68926)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

secure location and document initialization against SSRF and path hijack

service-worker

Commit Description

preserve redirect policy on reconstructed asset requests

Preserves explicit 'credentials: omit' in asset requests

Preserves HTTP cache mode in asset group requests

Changelog

Sourced from @angular/compiler's changelog.

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

Commit Type Description

0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

eb1cbbf2eb fix prevent namespaced SVG elements from being stripped

cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description

ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)

e6fe77cc97 fix sanitize meta selectors

daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description

582a417bd2 fix exclude withCredentials requests from transfer cache

5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description

37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient

72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description

b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests

ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

... (truncated)

Commits

d40acc6 fix(compiler): prevent namespaced SVG <style> elements from being stripped
7ae6381 test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...
36200bd test(core): update spec files to match 20.3.x limits and actual contexts (#68...
823b37f test(compiler): remove obsolete schema_extractor import (#68926)
e345a58 fix(core): normalize tag names in runtime i18n attribute security context loo...
8f35b18 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
64a89e9 fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
6404edf fix(compiler): strip namespaced SVG script elements during template compilati...
dc631ef fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
3b66843 refactor(core): align namespaced attribute validation and security schema con...
See full diff in compare view

Updates @angular/core from 20.3.21 to 20.3.24

Release notes

Sourced from @angular/core's releases.

20.3.24

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

20.3.23

compiler

Commit Description

prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)

sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)

strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68926)

reject script element as a dynamic component host (#68926)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)

synchronize core sanitization schema with compiler (#68926)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

secure location and document initialization against SSRF and path hijack

service-worker

Commit Description

preserve redirect policy on reconstructed asset requests

Preserves explicit 'credentials: omit' in asset requests

Preserves HTTP cache mode in asset group requests

Changelog

Sourced from @angular/core's changelog.

20.3.24 (2026-06-02)

platform-server

Commit Type Description

6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs

8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description

7f4ac78994 fix add upper bounds for digitsInfo

300f61feb3 fix sanitize placeholder

compiler

Commit Type Description

0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)

eb1cbbf2eb fix prevent namespaced SVG elements from being stripped

cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)

782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description

ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)

e6fe77cc97 fix sanitize meta selectors

daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)

dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description

582a417bd2 fix exclude withCredentials requests from transfer cache

5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description

37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient

72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description

b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests

ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

... (truncated)

Commits

7ae6381 test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...
6595409 test(core): update golden symbols and host bindings sanitization spec (#68926)
d86e4e7 fix(core): reject script element as a dynamic component host (#68926)
b8f1f72 test(core): remove obsolete blockquote cite host binding tests (#68926)
36200bd test(core): update spec files to match 20.3.x limits and actual contexts (#68...
81e70d3 refactor(core): resolve merge conflicts in sanitization.ts (#68926)
909ef04 fix(core): synchronize core sanitization schema with compiler (#68926)
e345a58 fix(core): normalize tag names in runtime i18n attribute security context loo...
8f35b18 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
64a89e9 fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
Additional commits viewable in compare view

Updates @angular/forms from 20.3.21 to 20.3.24

Release notes

Sourced from @angular/forms's releases.

20.3.24

platform-server

Commit Description

throw on suspicious URLs and restrict protocol-relative URLs

update domino to latest version

20.3.23

compiler

Commit Description

prevent namespaced SVG elements from being stripped

20.3.22

common

Commit Description

add upper bounds for digitsInfo

sanitize placeholder

compiler

Commit Description

normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)

sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)

strip namespaced SVG script elements during template compilation (#68926)

core

Commit Description

normalize tag names in runtime i18n attribute security context lookup (#68926)

reject script element as a dynamic component host (#68926)

sanitize meta selectors

support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)

synchronize core sanitization schema with compiler (#68926)

http

Commit Description

exclude withCredentials requests from transfer cache

skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description

secure location and document initialization against SSRF and path hijack

service-worker

Commit Description

preserve redirect policy on reconstructed asset requests

Preserves explicit 'credentials: omit' in asset requests

Preserves ...
Description has been truncated

Bumps the angular group with 15 updates: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `20.3.21` | `20.3.24` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `20.3.21` | `20.3.24` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `20.3.21` | `20.3.24` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `20.3.21` | `20.3.24` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `20.3.21` | `20.3.24` | | [@angular/localize](https://github.com/angular/angular) | `20.3.21` | `20.3.24` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `20.3.21` | `20.3.24` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `20.3.21` | `20.3.24` | | [@angular/platform-server](https://github.com/angular/angular/tree/HEAD/packages/platform-server) | `20.3.21` | `20.3.24` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `20.3.21` | `20.3.24` | | [@angular/ssr](https://github.com/angular/angular-cli) | `20.3.26` | `20.3.27` | | [@angular-devkit/build-angular](https://github.com/angular/angular-cli) | `20.3.26` | `20.3.27` | | [@angular/cli](https://github.com/angular/angular-cli) | `20.3.26` | `20.3.27` | | [@angular/compiler-cli](https://github.com/angular/angular/tree/HEAD/packages/compiler-cli) | `20.3.21` | `20.3.24` | | [@ngtools/webpack](https://github.com/angular/angular-cli) | `20.3.26` | `20.3.27` | Updates `@angular/animations` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/animations) Updates `@angular/common` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/common) Updates `@angular/compiler` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/compiler) Updates `@angular/core` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/core) Updates `@angular/forms` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/forms) Updates `@angular/localize` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](angular/angular@v20.3.21...v20.3.24) Updates `@angular/platform-browser` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/platform-browser-dynamic) Updates `@angular/platform-server` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/platform-server) Updates `@angular/router` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/router) Updates `@angular/ssr` from 20.3.26 to 20.3.27 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v20.3.26...v20.3.27) Updates `@angular-devkit/build-angular` from 20.3.26 to 20.3.27 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v20.3.26...v20.3.27) Updates `@angular/cli` from 20.3.26 to 20.3.27 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v20.3.26...v20.3.27) Updates `@angular/compiler-cli` from 20.3.21 to 20.3.24 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.24/packages/compiler-cli) Updates `@ngtools/webpack` from 20.3.26 to 20.3.27 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v20.3.26...v20.3.27) --- updated-dependencies: - dependency-name: "@angular/animations" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/common" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/compiler" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/core" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/forms" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/localize" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/platform-browser" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/platform-browser-dynamic" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/platform-server" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/router" dependency-version: 20.3.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/ssr" dependency-version: 20.3.27 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular-devkit/build-angular" dependency-version: 20.3.27 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/cli" dependency-version: 20.3.27 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@angular/compiler-cli" dependency-version: 20.3.24 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular - dependency-name: "@ngtools/webpack" dependency-version: 20.3.27 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: angular ... Signed-off-by: dependabot[bot] <support@github.com>

tdonohue

👍 Tested via #5838

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 10, 2026

tdonohue added this to DSpace Maintenance (10.x, 9.x, 8.x) Jun 10, 2026

tdonohue added this to the 9.4 milestone Jun 10, 2026

tdonohue approved these changes Jun 10, 2026

View reviewed changes

github-project-automation Bot moved this to 👍 Reviewer Approved in DSpace Maintenance (10.x, 9.x, 8.x) Jun 10, 2026

tdonohue merged commit 0f20c42 into dspace-9_x Jun 10, 2026
19 checks passed

tdonohue deleted the dependabot/npm_and_yarn/dspace-9_x/angular-f766e66ec2 branch June 10, 2026 19:46

github-project-automation Bot moved this from 👍 Reviewer Approved to ✅ Done in DSpace Maintenance (10.x, 9.x, 8.x) Jun 10, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the angular group with 15 updates#5841

Bump the angular group with 15 updates#5841
tdonohue merged 1 commit into
dspace-9_xfrom
dependabot/npm_and_yarn/dspace-9_x/angular-f766e66ec2

dependabot Bot commented on behalf of github Jun 10, 2026

Uh oh!

tdonohue left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Commit	Description
	throw on suspicious URLs and restrict protocol-relative URLs
	update domino to latest version

Commit	Description
	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68926)
	sanitize dynamic href and xlink:href bindings on SVG a elements (#68926)
	strip namespaced SVG script elements during template compilation (#68926)

Commit	Description
	normalize tag names in runtime i18n attribute security context lookup (#68926)
	reject script element as a dynamic component host (#68926)
	sanitize meta selectors
	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68926)
	synchronize core sanitization schema with compiler (#68926)

Commit	Description
	exclude withCredentials requests from transfer cache
	skip TransferCache for cookie-bearing requests by default

Commit	Description
	preserve redirect policy on reconstructed asset requests
	Preserves explicit 'credentials: omit' in asset requests
	Preserves HTTP cache mode in asset group requests

Commit	Type	Description
6ca433e56b	fix	throw on suspicious URLs and restrict protocol-relative URLs
8680b5152f	fix	update domino to latest version

Commit	Type	Description
7f4ac78994	fix	add upper bounds for digitsInfo
300f61feb3	fix	sanitize placeholder

Commit	Type	Description
0b07f47bd6	fix	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
eb1cbbf2eb	fix	prevent namespaced SVG elements from being stripped
cc1378d54b	fix	sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
782e01594e	fix	strip namespaced SVG script elements during template compilation (#68925)

Commit	Type	Description
ff12fe55ac	fix	normalize tag names in runtime i18n attribute security context lookup (#68925)
e6fe77cc97	fix	sanitize meta selectors
daaf32937f	fix	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
dada86e43d	fix	synchronize core sanitization schema with compiler (#68925)

Commit	Type	Description
582a417bd2	fix	exclude withCredentials requests from transfer cache
5c6d6df34b	fix	skip TransferCache for cookie-bearing requests by default

Commit	Type	Description
37e8aadf87	fix	prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e	fix	secure location and document initialization against SSRF and path hijack

Commit	Type	Description
b8bd49341d	fix	Preserves explicit 'credentials: omit' in asset requests
ca32fc1000	fix	Preserves HTTP cache mode in asset group requests

Commit	Description
	preserve redirect policy on reconstructed asset requests
	Preserves explicit 'credentials: omit' in asset requests
	Preserves ... Description has been truncated

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 10, 2026

20.3.24

platform-server

20.3.23

compiler

20.3.22

common

compiler

core

http

platform-server

service-worker

20.3.24 (2026-06-02)

platform-server

21.2.15 (2026-05-28)

common

compiler

core

http

platform-server

service-worker

19.2.24 (2026-05-28)

20.3.24

platform-server

20.3.23

compiler

20.3.22

common

compiler

core

http

platform-server

service-worker

20.3.24 (2026-06-02)

platform-server

21.2.15 (2026-05-28)

common

compiler

core

http

platform-server

service-worker

19.2.24 (2026-05-28)

20.3.24

platform-server

20.3.23

compiler

20.3.22

common

compiler

core

http

platform-server

service-worker

20.3.24 (2026-06-02)

platform-server

21.2.15 (2026-05-28)

common

compiler

core

http

platform-server

service-worker

19.2.24 (2026-05-28)

20.3.24

platform-server

20.3.23

compiler

20.3.22

common

compiler

core

http

platform-server

service-worker

20.3.24 (2026-06-02)

platform-server

21.2.15 (2026-05-28)