Skip to content

Bump @angular/platform-server from 19.1.4 to 19.2.23#3203

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/platform-server-19.2.23
Closed

Bump @angular/platform-server from 19.1.4 to 19.2.23#3203
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular/platform-server-19.2.23

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/platform-server from 19.1.4 to 19.2.23.

Release notes

Sourced from @​angular/platform-server's releases.

19.2.23

common

Commit Description
fix - 62dd27d6af add upper bounds for digitsInfo
fix - 17326725ba sanitize placeholder

compiler

Commit Description
fix - 932e0728db normalize tag names with custom namespaces in DomElementSchemaRegistry
fix - 2e3d0371ab sanitize dynamic href and xlink:href bindings on SVG a elements
fix - fe1207e8c5 strip namespaced SVG script elements during template compilation

core

Commit Description
fix - c6bb0692e2 reject script element as a dynamic component host
fix - 3960b21558 sanitize meta selectors
fix - 3632fa4b69 support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation
fix - 620230dac4 synchronize core sanitization schema with compiler
fix - d31f84116c wrap i18n dynamic element property updates in active index states

http

Commit Description
fix - 9940ffd781 exclude withCredentials requests from transfer cache
fix - 0f67f0b962 skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - d187e8aeda normalize path parsing in ServerPlatformLocation
fix - c75f60ef8a secure location and document initialization against SSRF and path hijack

service-worker

Commit Description
fix - 37ee9ffd9e preserve redirect policy on reconstructed asset requests
fix - 97f796203f Preserves explicit 'credentials: omit' in asset requests
fix - 5619120931 Preserves HTTP cache mode in asset group requests

19.2.22

core

Commit Description
fix - 83a640516f disallow event attribute bindings in host bindings unconditionally (#68469)
fix - 24a0103a98 validate security-sensitive attributes in i18n bindings (#68469)

platform-server

Commit Description
fix - 8569db8875 add allowedHosts option to renderModule and renderApplication
fix - 837a710217 ensure origin has a trailing slash when parsing url (#68469)

19.2.21

... (truncated)

Changelog

Sourced from @​angular/platform-server's changelog.

19.2.23 (2026-05-27)

common

Commit Type Description
62dd27d6af fix add upper bounds for digitsInfo
17326725ba fix sanitize placeholder

compiler

Commit Type Description
932e0728db fix normalize tag names with custom namespaces in DomElementSchemaRegistry
2e3d0371ab fix sanitize dynamic href and xlink:href bindings on SVG a elements
fe1207e8c5 fix strip namespaced SVG script elements during template compilation

core

Commit Type Description
c6bb0692e2 fix reject script element as a dynamic component host
3960b21558 fix sanitize meta selectors
3632fa4b69 fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation
620230dac4 fix synchronize core sanitization schema with compiler
d31f84116c fix wrap i18n dynamic element property updates in active index states

http

Commit Type Description
9940ffd781 fix exclude withCredentials requests from transfer cache
0f67f0b962 fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description
d187e8aeda fix normalize path parsing in ServerPlatformLocation
c75f60ef8a fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description
37ee9ffd9e fix preserve redirect policy on reconstructed asset requests
97f796203f fix Preserves explicit 'credentials: omit' in asset requests
5619120931 fix Preserves HTTP cache mode in asset group requests

21.2.14 (2026-05-20)

compiler

Commit Type Description
68282dff9f fix strip namespaced SVG script elements during template compilation

core

Commit Type Description
c0f52272ed fix do not insert todo when migrating void @​Output
938a7f3edd fix makes resource URL sanitizer lookup case-insensitive

... (truncated)

Commits
  • c75f60e fix(platform-server): secure location and document initialization against SSR...
  • e8d35f9 Revert "revert: revert all changes until fdc1b48f32e52da7684583811a6a3090f641...
  • 4747fe2 revert: revert all changes until fdc1b48f32e52da7684583811a6a3090f6418d5e
  • d187e8a fix(platform-server): normalize path parsing in ServerPlatformLocation
  • 8569db8 fix(platform-server): add allowedHosts option to renderModule and `render...
  • 837a710 fix(platform-server): ensure origin has a trailing slash when parsing url (#6...
  • f3a5bfb fix(platform-server): prevent SSRF bypasses via protocol-relative and backsla...
  • 70d0639 fix(core): introduce BootstrapContext for improved server bootstrapping (#6...
  • a6d5479 build: migrate platform-server to rules_js (#61619)
  • 8e54b57 build: move private testing helpers outside platform-browser/testing (#61571)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump @angular/platform-server from 19.1.4 to 19.2.23
6b5025a 
Bumps [@angular/platform-server](https://github.com/angular/angular/tree/HEAD/packages/platform-server) from 19.1.4 to 19.2.23.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v19.2.23/packages/platform-server)

---
updated-dependencies:
- dependency-name: "@angular/platform-server"
  dependency-version: 19.2.23
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #3208.

@dependabot dependabot Bot closed this Jun 15, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/angular/platform-server-19.2.23 branch June 15, 2026 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants