dependabot[bot] opened a new pull request, #28452: URL: https://github.com/apache/flink/pull/28452
Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 20.1.3 to 20.3.22. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases";>@angular/common's releases</a>.</em></p> <blockquote> <h2>20.3.22</h2> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/3d135ce59bbf7426825bc493bc681f266846ac79";><img src="https://img.shields.io/badge/3d135ce59b-fix-green"; alt="fix - 3d135ce59b" /></a></td> <td>add upper bounds for digitsInfo</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/39a4b4cc8e8d101a566a70658707bc9f53dd5883";><img src="https://img.shields.io/badge/39a4b4cc8e-fix-green"; alt="fix - 39a4b4cc8e" /></a></td> <td>sanitize placeholder</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/8f35b182b1479ed80d652f185c2c3ee5a82ea34c";><img src="https://img.shields.io/badge/8f35b182b1-fix-green"; alt="fix - 8f35b182b1" /></a></td> <td>normalize tag names with custom namespaces in DomElementSchemaRegistry (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/64a89e917a0794a3d74713bdb4c9c63d703b317b";><img src="https://img.shields.io/badge/64a89e917a-fix-green"; alt="fix - 64a89e917a" /></a></td> <td>sanitize dynamic href and xlink:href bindings on SVG a elements (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/6404edfe0af3f27cb96737e72907553fb924d88a";><img src="https://img.shields.io/badge/6404edfe0a-fix-green"; alt="fix - 6404edfe0a" /></a></td> <td>strip namespaced SVG script elements during template compilation (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68926";>#68926</a>)</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/e345a58069ede97250af449f5b7e9b94f828d30c";><img src="https://img.shields.io/badge/e345a58069-fix-green"; alt="fix - e345a58069" /></a></td> <td>normalize tag names in runtime i18n attribute security context lookup (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/d86e4e7b2ad0e667aeb0f8ed053e2cb2bd154b81";><img src="https://img.shields.io/badge/d86e4e7b2a-fix-green"; alt="fix - d86e4e7b2a" /></a></td> <td>reject script element as a dynamic component host (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/af04936045707dc871e135ebb7b8cd357ac154df";><img src="https://img.shields.io/badge/af04936045-fix-green"; alt="fix - af04936045" /></a></td> <td>sanitize meta selectors</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/dc631efa96e787bee1277f324208f21c36c1fa71";><img src="https://img.shields.io/badge/dc631efa96-fix-green"; alt="fix - dc631efa96" /></a></td> <td>support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/909ef047b3f93b44a7ba390332707239af2f73fe";><img src="https://img.shields.io/badge/909ef047b3-fix-green"; alt="fix - 909ef047b3" /></a></td> <td>synchronize core sanitization schema with compiler (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68926";>#68926</a>)</td> </tr> </tbody> </table> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/de7b2a62e7eded747c2a520c177cd41f60a96dcd";><img src="https://img.shields.io/badge/de7b2a62e7-fix-green"; alt="fix - de7b2a62e7" /></a></td> <td>exclude withCredentials requests from transfer cache</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/4233188d8e70283190ea87dbaa5a872269291b4a";><img src="https://img.shields.io/badge/4233188d8e-fix-green"; alt="fix - 4233188d8e" /></a></td> <td>skip TransferCache for cookie-bearing requests by default</td> </tr> </tbody> </table> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/49a60f60451a0772fb5de9e231a1872081b0467f";><img src="https://img.shields.io/badge/49a60f6045-fix-green"; alt="fix - 49a60f6045" /></a></td> <td>secure location and document initialization against SSRF and path hijack</td> </tr> </tbody> </table> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/5fdfd8a9983c2a19415afe26c03ffd544278a28f";><img src="https://img.shields.io/badge/5fdfd8a998-fix-green"; alt="fix - 5fdfd8a998" /></a></td> <td>preserve redirect policy on reconstructed asset requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/83b022f2d063b6b3171c2621f3d52c11971aacff";><img src="https://img.shields.io/badge/83b022f2d0-fix-green"; alt="fix - 83b022f2d0" /></a></td> <td>Preserves explicit 'credentials: omit' in asset requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/e617fa06ebad6e8495ff8f662805a24df73a78d4";><img src="https://img.shields.io/badge/e617fa06eb-fix-green"; alt="fix - e617fa06eb" /></a></td> <td>Preserves HTTP cache mode in asset group requests</td> </tr> </tbody> </table> <h2>20.3.21</h2> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/f584840e2e50f751397cf3fad5258e18e857427e";><img src="https://img.shields.io/badge/f584840e2e-fix-green"; alt="fix - f584840e2e" /></a></td> <td>add <code>allowedHosts</code> option to <code>renderModule</code> and <code>renderApplication</code></td> </tr> </tbody> </table> <h2>20.3.20</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/a9bcffdbc7697715f3d4fa91d924a5b905d637b0";><img src="https://img.shields.io/badge/a9bcffdbc7-fix-green"; alt="fix - a9bcffdbc7" /></a></td> <td>disallow event attribute bindings in host bindings unconditionally (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68468";>#68468</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/97eeb45cfa5fbd89013d75b5d862095d34b8ba58";><img src="https://img.shields.io/badge/97eeb45cfa-fix-green"; alt="fix - 97eeb45cfa" /></a></td> <td>validate security-sensitive attributes in i18n bindings (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/68468";>#68468</a>)</td> </tr> </tbody> </table> <h3>platform-server</h3> <p>| Commit | Description |</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md";>@angular/common's changelog</a>.</em></p> <blockquote> <h1>20.3.22 (2026-05-27)</h1> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/3d135ce59bbf7426825bc493bc681f266846ac79";>3d135ce59b</a></td> <td>fix</td> <td>add upper bounds for digitsInfo</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/39a4b4cc8e8d101a566a70658707bc9f53dd5883";>39a4b4cc8e</a></td> <td>fix</td> <td>sanitize placeholder</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/8f35b182b1479ed80d652f185c2c3ee5a82ea34c";>8f35b182b1</a></td> <td>fix</td> <td>normalize tag names with custom namespaces in DomElementSchemaRegistry (<a href="https://redirect.github.com/angular/angular/pull/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/64a89e917a0794a3d74713bdb4c9c63d703b317b";>64a89e917a</a></td> <td>fix</td> <td>sanitize dynamic href and xlink:href bindings on SVG a elements (<a href="https://redirect.github.com/angular/angular/pull/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/6404edfe0af3f27cb96737e72907553fb924d88a";>6404edfe0a</a></td> <td>fix</td> <td>strip namespaced SVG script elements during template compilation (<a href="https://redirect.github.com/angular/angular/pull/68926";>#68926</a>)</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/e345a58069ede97250af449f5b7e9b94f828d30c";>e345a58069</a></td> <td>fix</td> <td>normalize tag names in runtime i18n attribute security context lookup (<a href="https://redirect.github.com/angular/angular/pull/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/d86e4e7b2ad0e667aeb0f8ed053e2cb2bd154b81";>d86e4e7b2a</a></td> <td>fix</td> <td>reject script element as a dynamic component host (<a href="https://redirect.github.com/angular/angular/pull/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/af04936045707dc871e135ebb7b8cd357ac154df";>af04936045</a></td> <td>fix</td> <td>sanitize meta selectors</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/dc631efa96e787bee1277f324208f21c36c1fa71";>dc631efa96</a></td> <td>fix</td> <td>support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (<a href="https://redirect.github.com/angular/angular/pull/68926";>#68926</a>)</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/909ef047b3f93b44a7ba390332707239af2f73fe";>909ef047b3</a></td> <td>fix</td> <td>synchronize core sanitization schema with compiler (<a href="https://redirect.github.com/angular/angular/pull/68926";>#68926</a>)</td> </tr> </tbody> </table> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/de7b2a62e7eded747c2a520c177cd41f60a96dcd";>de7b2a62e7</a></td> <td>fix</td> <td>exclude withCredentials requests from transfer cache</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/4233188d8e70283190ea87dbaa5a872269291b4a";>4233188d8e</a></td> <td>fix</td> <td>skip TransferCache for cookie-bearing requests by default</td> </tr> </tbody> </table> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/49a60f60451a0772fb5de9e231a1872081b0467f";>49a60f6045</a></td> <td>fix</td> <td>secure location and document initialization against SSRF and path hijack</td> </tr> </tbody> </table> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/5fdfd8a9983c2a19415afe26c03ffd544278a28f";>5fdfd8a998</a></td> <td>fix</td> <td>preserve redirect policy on reconstructed asset requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/83b022f2d063b6b3171c2621f3d52c11971aacff";>83b022f2d0</a></td> <td>fix</td> <td>Preserves explicit 'credentials: omit' in asset requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/e617fa06ebad6e8495ff8f662805a24df73a78d4";>e617fa06eb</a></td> <td>fix</td> <td>Preserves HTTP cache mode in asset group requests</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>19.2.23 (2026-05-27)</h1> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/62dd27d6afe4bfd9d4fa8956c1fa191c9db61dfa";>62dd27d6af</a></td> <td>fix</td> <td>add upper bounds for digitsInfo</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/17326725baae510a420b9a22b4c2d25927dd91b4";>17326725ba</a></td> <td>fix</td> <td>sanitize placeholder</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/932e0728dba97d7a2dbe36e7d6429fa2087a20a9";>932e0728db</a></td> <td>fix</td> <td>normalize tag names with custom namespaces in DomElementSchemaRegistry</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/2e3d0371ab7726cec2979d8b8dc8f2a8393f9591";>2e3d0371ab</a></td> <td>fix</td> <td>sanitize dynamic href and xlink:href bindings on SVG a elements</td> </tr> </tbody> </table> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular/commit/3d135ce59bbf7426825bc493bc681f266846ac79";><code>3d135ce</code></a> fix(common): add upper bounds for digitsInfo</li> <li><a href="https://github.com/angular/angular/commit/39a4b4cc8e8d101a566a70658707bc9f53dd5883";><code>39a4b4c</code></a> fix(common): sanitize placeholder</li> <li><a href="https://github.com/angular/angular/commit/de7b2a62e7eded747c2a520c177cd41f60a96dcd";><code>de7b2a6</code></a> fix(http): exclude withCredentials requests from transfer cache</li> <li><a href="https://github.com/angular/angular/commit/4233188d8e70283190ea87dbaa5a872269291b4a";><code>4233188</code></a> fix(http): skip TransferCache for cookie-bearing requests by default</li> <li><a href="https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f";><code>0276479</code></a> fix(http): prevent XSRF token leakage to protocol-relative URLs</li> <li><a href="https://github.com/angular/angular/commit/a8c577d3af3e16074edb1d6660971cd0b0430ae2";><code>a8c577d</code></a> docs: add reference to Built-in Pipes in multiple pipe files</li> <li><a href="https://github.com/angular/angular/commit/8922cae0f965761af53d7269de93ccf40d8b175c";><code>8922cae</code></a> Revert "refactor(http): migrate XSRF classes to use inject() function"</li> <li><a href="https://github.com/angular/angular/commit/5047849a4a1857471b78b7ba874f39ecd6175a6b";><code>5047849</code></a> fix(common): remove placeholder image listeners once view is removed</li> <li><a href="https://github.com/angular/angular/commit/4c66fe479657155068a25d27640924f0fa05391d";><code>4c66fe4</code></a> refactor(core): mark <code>VERSION</code> as <code>@__PURE__</code> for better tree-shaking</li> <li><a href="https://github.com/angular/angular/commit/2ad6b729a1033fe354072893dd9686a5e9217cf7";><code>2ad6b72</code></a> refactor(http): migrate XSRF classes to use inject() function</li> <li>Additional commits viewable in <a href="https://github.com/angular/angular/commits/v20.3.22/packages/common";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/flink/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
