Skip to content

chore(deps): bump @angular/platform-server from 19.2.22 to 19.2.25 in /Templates/Angular/Eaf.ProjectName.UI#81

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/Templates/Angular/Eaf.ProjectName.UI/angular/platform-server-19.2.25
Open

chore(deps): bump @angular/platform-server from 19.2.22 to 19.2.25 in /Templates/Angular/Eaf.ProjectName.UI#81
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/Templates/Angular/Eaf.ProjectName.UI/angular/platform-server-19.2.25

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/platform-server from 19.2.22 to 19.2.25.

Release notes

Sourced from @​angular/platform-server's releases.

19.2.25

platform-server

Commit Description
fix - e2fb854d55 throw on suspicious URLs and restrict protocol-relative URLs
fix - 0a8befb493 update domino to latest version

19.2.24

compiler

Commit Description
fix - 6ea6379123 prevent namespaced SVG elements from being stripped

19.2.23

common

Commit Description
fix - 62dd27d6af add upper bounds for digitsInfo
fix - 17326725ba sanitize placeholder

compiler

Commit Description
fix - 932e0728db normalize tag names with custom namespaces in DomElementSchemaRegistry
fix - 2e3d0371ab sanitize dynamic href and xlink:href bindings on SVG a elements
fix - fe1207e8c5 strip namespaced SVG script elements during template compilation

core

Commit Description
fix - c6bb0692e2 reject script element as a dynamic component host
fix - 3960b21558 sanitize meta selectors
fix - 3632fa4b69 support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation
fix - 620230dac4 synchronize core sanitization schema with compiler
fix - d31f84116c wrap i18n dynamic element property updates in active index states

http

Commit Description
fix - 9940ffd781 exclude withCredentials requests from transfer cache
fix - 0f67f0b962 skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - d187e8aeda normalize path parsing in ServerPlatformLocation
fix - c75f60ef8a secure location and document initialization against SSRF and path hijack

service-worker

Commit Description
fix - 37ee9ffd9e preserve redirect policy on reconstructed asset requests
fix - 97f796203f Preserves explicit 'credentials: omit' in asset requests
fix - 5619120931 Preserves HTTP cache mode in asset group requests
Changelog

Sourced from @​angular/platform-server's changelog.

19.2.25 (2026-06-02)

platform-server

Commit Type Description
e2fb854d55 fix throw on suspicious URLs and restrict protocol-relative URLs
0a8befb493 fix update domino to latest version

20.3.24 (2026-06-02)

platform-server

Commit Type Description
6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs
8680b5152f fix update domino to latest version

21.2.15 (2026-05-28)

common

Commit Type Description
7f4ac78994 fix add upper bounds for digitsInfo
300f61feb3 fix sanitize placeholder

compiler

Commit Type Description
0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
eb1cbbf2eb fix prevent namespaced SVG elements from being stripped
cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description
ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)
e6fe77cc97 fix sanitize meta selectors
daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description
582a417bd2 fix exclude withCredentials requests from transfer cache
5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description
37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e fix secure location and document initialization against SSRF and path hijack

... (truncated)

Commits
  • e2fb854 fix(platform-server): throw on suspicious URLs and restrict protocol-relative...
  • a0193fa refactor(platform-server): extract parseUrl regex and add comments for URL pa...
  • c75f60e fix(platform-server): secure location and document initialization against SSR...
  • e8d35f9 Revert "revert: revert all changes until fdc1b48f32e52da7684583811a6a3090f641...
  • 4747fe2 revert: revert all changes until fdc1b48f32e52da7684583811a6a3090f6418d5e
  • d187e8a fix(platform-server): normalize path parsing in ServerPlatformLocation
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump @angular/platform-server
4267ea1 
Bumps [@angular/platform-server](https://github.com/angular/angular/tree/HEAD/packages/platform-server) from 19.2.22 to 19.2.25.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v19.2.25/packages/platform-server)

---
updated-dependencies:
- dependency-name: "@angular/platform-server"
  dependency-version: 19.2.25
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
@sonarqubecloud

sonarqubecloud Bot commented Jun 15, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants