dependabot[bot] opened a new pull request, #27718: URL: https://github.com/apache/flink/pull/27718
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 20.1.3 to 20.3.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases";><code>@angular/core</code>'s releases</a>.</em></p> <blockquote> <h2>20.3.17</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/7f9de3c118383c09fa8851708c66ec94453a9680";><img src="https://img.shields.io/badge/7f9de3c118-fix-green"; alt="fix - 7f9de3c118" /></a></td> <td>block creation of sensitive URI attributes from ICU messages</td> </tr> </tbody> </table> <h2>Breaking Changes</h2> <h3>core</h3> <ul> <li> <p>Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.</p> <p>(cherry picked from commit 03da204b6daa5e4583e0d0968c2107390bbd8235)</p> </li> </ul> <h2>20.3.16</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/c2c2b4aaa84c67d2eccd4ef4f94b5ea444a7f73a";><img src="https://img.shields.io/badge/c2c2b4aaa8-fix-green"; alt="fix - c2c2b4aaa8" /></a></td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <h2>20.3.15</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d1ca8ae04390f050039fdb653a6147d75d48f81e";><img src="https://img.shields.io/badge/d1ca8ae043-fix-green"; alt="fix - d1ca8ae043" /></a></td> <td>prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</td> </tr> </tbody> </table> <h2>20.3.14</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f";><img src="https://img.shields.io/badge/0276479e7d-fix-green"; alt="fix - 0276479e7d" /></a></td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <h2>20.3.13</h2> <p>No release notes provided.</p> <h2>20.3.12</h2> <p>No release notes provided.</p> <h2>20.3.11</h2> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/5047849a4a1857471b78b7ba874f39ecd6175a6b";><img src="https://img.shields.io/badge/5047849a4a-fix-green"; alt="fix - 5047849a4a" /></a></td> <td>remove placeholder image listeners once view is removed</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/f9d08180876eb0aee5e5c489be734b07a7cc664e";><img src="https://img.shields.io/badge/f9d0818087-fix-green"; alt="fix - f9d0818087" /></a></td> <td>support arbitrary nesting in :host-context()</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/106b9040dfe03bd8deb0eabccc29e07f734b6ab5";><img src="https://img.shields.io/badge/106b9040df-fix-green"; alt="fix - 106b9040df" /></a></td> <td>support commas in :host() argument</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/9419ea348a296b50f13ac2e23ea9a00b336989b8";><img src="https://img.shields.io/badge/9419ea348a-fix-green"; alt="fix - 9419ea348a" /></a></td> <td>support complex selectors in :nth-child()</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/036c5d2a073f8e48704ec0d405ca997eedb721e9";><img src="https://img.shields.io/badge/036c5d2a07-fix-green"; alt="fix - 036c5d2a07" /></a></td> <td>support one additional level of nesting in :host()</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> </table> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md";><code>@angular/core</code>'s changelog</a>.</em></p> <blockquote> <h1>20.3.17 (2026-02-25)</h1> <h2>Breaking Changes</h2> <h3>core</h3> <ul> <li> <p>Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.</p> <p>(cherry picked from commit 03da204b6daa5e4583e0d0968c2107390bbd8235)</p> </li> </ul> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/7f9de3c118383c09fa8851708c66ec94453a9680";>7f9de3c118</a></td> <td>fix</td> <td>block creation of sensitive URI attributes from ICU messages</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>21.2.0 (2026-02-25)</h1> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/18003a33bb0d6bb09def8a0e5939fa24069696eb";>18003a33bb</a></td> <td>feat</td> <td>add an 'outlet' injector option for ngTemplateOutlet</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/8bbe6dc46c9dc13bafa81a60c7613b84b5ca3761";>8bbe6dc46c</a></td> <td>feat</td> <td>Add Location strategies to manage trailing slash on write</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/51cc91480761b7275c15b5600381207f8ca00ee5";>51cc914807</a></td> <td>feat</td> <td>support height in ImageLoaderConfig and built-in loaders</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/72534e2a3458df4e1bb097973872f00bbb92be42";>72534e2a34</a></td> <td>feat</td> <td>Add support for the <code>instanceof</code> binary operator</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/95b3f37d4a7d9a38f616d56df746dfcda3c2139b";>95b3f37d4a</a></td> <td>feat</td> <td>Exhaustive checks for switch blocks</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/04ba09a8d9454013bebdd643eacb737642161952";>04ba09a8d9</a></td> <td>feat</td> <td>support <code>AstVisitor.visitEmptyExpr()</code></td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ce80136e7b9f0024d49fce835cffa024c4505855";>ce80136e7b</a></td> <td>fix</td> <td>optimize away unnecessary restore/reset view calls</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/3242a61bae02253d13abb510b666376c665e61ac";>3242a61bae</a></td> <td>fix</td> <td>variable counter visiting some expressions twice</td> </tr> </tbody> </table> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/473dd3e1cbd4fe3fa88ae4d5358eee35c11acb1b";>473dd3e1cb</a></td> <td>fix</td> <td>attach source spans to object literal keys in TCB</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/a904d9f77b56feab407f75f8d0527fa512d5dafb";>a904d9f77b</a></td> <td>fix</td> <td>support nested component declaration</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/2ea6dfc6c9ca11e96a2654510c980419899f8d04";>2ea6dfc6c9</a></td> <td>fix</td> <td>update diagnostic to flag no-op arrow functions in listeners</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/8d5210c9fedd8abdd810d7a89ec7ee9a1234f5c1";>8d5210c9fe</a></td> <td>feat</td> <td>add ChangeDetectionStrategy.Eager alias for Default</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/92d2498910caed06c182b67e39726e1441418698";>92d2498910</a></td> <td>feat</td> <td>add host node to DeferBlockData (<a href="https://redirect.github.com/angular/angular/pull/66546";>#66546</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ea2016a6dce58f95ecab7c773d5dcde274354e1a";>ea2016a6dc</a></td> <td>feat</td> <td>add support for nested animations</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/81cabc14777a3b4966c29d60e1505aca8c29b71c";>81cabc1477</a></td> <td>feat</td> <td>add support for TypeScript 6</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/1ba9b7ac5001b315cc9df78c518964dbf479d647";>1ba9b7ac50</a></td> <td>feat</td> <td>resource composition via snapshots</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/d9923b72a20972ba6bf728d78f1afac6936ade18";>d9923b72a2</a></td> <td>feat</td> <td>support arrow functions in expressions</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/a7e8abbb7e738ba338c3f50c76934c99925954e5";>a7e8abbb7e</a></td> <td>fix</td> <td>correctly handle SkipSelf when resolving from embedded view injector</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/0806ee38269b664f535e10d4d501b88370d3b44c";>0806ee3826</a></td> <td>fix</td> <td>prevent animated element duplication with dynamic components in zoneless mode</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ed78fa05c710ebafb355ae00a85b190a118b6cc4";>ed78fa05c7</a></td> <td>fix</td> <td>Remove note to skip arrow functions in best practices</td> </tr> </tbody> </table> <h3>forms</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> </table> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular/commit/7f9de3c118383c09fa8851708c66ec94453a9680";><code>7f9de3c</code></a> fix(core): block creation of sensitive URI attributes from ICU messages</li> <li><a href="https://github.com/angular/angular/commit/c2c2b4aaa84c67d2eccd4ef4f94b5ea444a7f73a";><code>c2c2b4a</code></a> fix(core): sanitize sensitive attributes on SVG script elements</li> <li><a href="https://github.com/angular/angular/commit/d1ca8ae04390f050039fdb653a6147d75d48f81e";><code>d1ca8ae</code></a> fix(compiler): prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</li> <li><a href="https://github.com/angular/angular/commit/820bb3991c907384e656cc71b9483fe552ddb602";><code>820bb39</code></a> Revert "refactor(core): let the profiler handle asymmetric events leniently"</li> <li><a href="https://github.com/angular/angular/commit/2dccdcd6bc7708825294f0ab52bd0680f4318fcd";><code>2dccdcd</code></a> Revert "fix(core): notify profiler events in case of errors"</li> <li><a href="https://github.com/angular/angular/commit/a966ff18d49c674ca0467d493473c90be969e1a6";><code>a966ff1</code></a> refactor(core): let the profiler handle asymmetric events leniently</li> <li><a href="https://github.com/angular/angular/commit/52cf65892a29d4e863e916bb7e9d890aad402882";><code>52cf658</code></a> fix(core): notify profiler events in case of errors</li> <li><a href="https://github.com/angular/angular/commit/daae2636d5ed221fc84b0dbaa67fe26198015f71";><code>daae263</code></a> docs: Adds links to relevant guides for APIs in core package</li> <li><a href="https://github.com/angular/angular/commit/d10f1107a8db80f35c0f3b67a002949a33b65e2b";><code>d10f110</code></a> docs: add documentation for HostAttributeToken</li> <li><a href="https://github.com/angular/angular/commit/2c3691dc1a8b5c805d1cf96b74c66127a8d88e4c";><code>2c3691d</code></a> docs: add documentation for DOCUMENT injection token usage in SSR</li> <li>Additional commits viewable in <a href="https://github.com/angular/angular/commits/v20.3.17/packages/core";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/flink/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
