dependabot[bot] opened a new pull request, #28454: URL: https://github.com/apache/flink/pull/28454
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 20.1.3 to 20.3.25. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases";>@angular/compiler's releases</a>.</em></p> <blockquote> <h2>20.3.25</h2> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/9f443bc24c79dca998c9434d1e235dc19dc29bba";><img src="https://img.shields.io/badge/9f443bc24c-fix-green"; alt="fix - 9f443bc24c" /></a></td> <td>Limits date format string length</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/566ad05f20732c38855353c3e73771ef9a34dadc";><img src="https://img.shields.io/badge/566ad05f20-fix-green"; alt="fix - 566ad05f20" /></a></td> <td>skip transfer cache for uncacheable HTTP traffic</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/1a62130a6bb313e4441f005e480768a360c71be5";><img src="https://img.shields.io/badge/1a62130a6b-fix-green"; alt="fix - 1a62130a6b" /></a></td> <td>use cryptographically secure SHA-256 for transfer cache key generation</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/a68ec702a056a2706a152fce29081241fd276f12";><img src="https://img.shields.io/badge/a68ec702a0-fix-green"; alt="fix - a68ec702a0" /></a></td> <td>sanitize two-way properties</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/768a349e6e54ff16deba4c1bfe12be9d0f55f443";><img src="https://img.shields.io/badge/768a349e6e-fix-green"; alt="fix - 768a349e6e" /></a></td> <td>harden TransferState restoration against DOM clobbering</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ca48b4728d5f6770be63a08f64a6432207ad54c0";><img src="https://img.shields.io/badge/ca48b4728d-fix-green"; alt="fix - ca48b4728d" /></a></td> <td>validate lowercase SVG animation attribute names (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/69270";>#69270</a>)</td> </tr> </tbody> </table> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/06be29826741212ca00e21efb6abff653e4541b5";><img src="https://img.shields.io/badge/06be298267-fix-green"; alt="fix - 06be298267" /></a></td> <td>preserve empty referrer option in HttpRequest</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/fa940e1f4de75c33ccca50357d941be53a5a0950";><img src="https://img.shields.io/badge/fa940e1f4d-fix-green"; alt="fix - fa940e1f4d" /></a></td> <td>Rejects non-HTTP(S) URLs in JSONP requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/e2ef1ce72ae084e01a76950c731052f4fa97fcdd";><img src="https://img.shields.io/badge/e2ef1ce72a-fix-green"; alt="fix - e2ef1ce72a" /></a></td> <td>skip transfer cache for fetch credentialed requests</td> </tr> </tbody> </table> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/49368c185907edb48467074c56e305abbfa3544a";><img src="https://img.shields.io/badge/49368c1859-fix-green"; alt="fix - 49368c1859" /></a></td> <td>harden platform location origin validation during SSR</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/d55c94ad811a15c9c255164a0d66892c645f602e";><img src="https://img.shields.io/badge/d55c94ad81-refactor-yellow"; alt="refactor - d55c94ad81" /></a></td> <td>deprecate ServerXhr (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/69256";>#69256</a>)</td> </tr> </tbody> </table> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d65a5f457b1afd6bdd4d952d3f213c6aa1aabcbc";><img src="https://img.shields.io/badge/d65a5f457b-fix-green"; alt="fix - d65a5f457b" /></a></td> <td>Strips sensitive headers on cross-origin redirects</td> </tr> </tbody> </table> <h2>Deprecations</h2> <h3>platform-server</h3> <ul> <li>XHR support in <code>@angular/platform-server</code> is deprecated. Use standard <code>fetch</code> APIs instead.</li> </ul> <h2>20.3.24</h2> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/6ca433e56bcf74fdb6ad01d3afdf59628fba69b6";><img src="https://img.shields.io/badge/6ca433e56b-fix-green"; alt="fix - 6ca433e56b" /></a></td> <td>throw on suspicious URLs and restrict protocol-relative URLs</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/8680b5152fe58ebde81e331b74ba806fc86514cc";><img src="https://img.shields.io/badge/8680b5152f-fix-green"; alt="fix - 8680b5152f" /></a></td> <td>update domino to latest version</td> </tr> </tbody> </table> <h2>20.3.23</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d40acc6431997b304ec54c951e55d2e52ed6f6dc";><img src="https://img.shields.io/badge/d40acc6431-fix-green"; alt="fix - d40acc6431" /></a></td> <td>prevent namespaced SVG <!-- raw HTML omitted --> elements from being stripped</td> </tr> </tbody> </table> <h2>20.3.22</h2> <h3>common</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md";>@angular/compiler's changelog</a>.</em></p> <blockquote> <h1>20.3.25 (2026-06-10)</h1> <h2>Deprecations</h2> <h3>platform-server</h3> <ul> <li>XHR support in <code>@angular/platform-server</code> is deprecated. Use standard <code>fetch</code> APIs instead.</li> </ul> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/9f443bc24c79dca998c9434d1e235dc19dc29bba";>9f443bc24c</a></td> <td>fix</td> <td>Limits date format string length</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/566ad05f20732c38855353c3e73771ef9a34dadc";>566ad05f20</a></td> <td>fix</td> <td>skip transfer cache for uncacheable HTTP traffic</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/1a62130a6bb313e4441f005e480768a360c71be5";>1a62130a6b</a></td> <td>fix</td> <td>use cryptographically secure SHA-256 for transfer cache key generation</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/a68ec702a056a2706a152fce29081241fd276f12";>a68ec702a0</a></td> <td>fix</td> <td>sanitize two-way properties</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/768a349e6e54ff16deba4c1bfe12be9d0f55f443";>768a349e6e</a></td> <td>fix</td> <td>harden TransferState restoration against DOM clobbering</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ca48b4728d5f6770be63a08f64a6432207ad54c0";>ca48b4728d</a></td> <td>fix</td> <td>validate lowercase SVG animation attribute names (<a href="https://redirect.github.com/angular/angular/pull/69270";>#69270</a>)</td> </tr> </tbody> </table> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/06be29826741212ca00e21efb6abff653e4541b5";>06be298267</a></td> <td>fix</td> <td>preserve empty referrer option in HttpRequest</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/fa940e1f4de75c33ccca50357d941be53a5a0950";>fa940e1f4d</a></td> <td>fix</td> <td>Rejects non-HTTP(S) URLs in JSONP requests</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/e2ef1ce72ae084e01a76950c731052f4fa97fcdd";>e2ef1ce72a</a></td> <td>fix</td> <td>skip transfer cache for fetch credentialed requests</td> </tr> </tbody> </table> <h3>platform-server</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/49368c185907edb48467074c56e305abbfa3544a";>49368c1859</a></td> <td>fix</td> <td>harden platform location origin validation during SSR</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/d55c94ad811a15c9c255164a0d66892c645f602e";>d55c94ad81</a></td> <td>refactor</td> <td>deprecate ServerXhr (<a href="https://redirect.github.com/angular/angular/pull/69256";>#69256</a>)</td> </tr> </tbody> </table> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d65a5f457b1afd6bdd4d952d3f213c6aa1aabcbc";>d65a5f457b</a></td> <td>fix</td> <td>Strips sensitive headers on cross-origin redirects</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>22.0.0 (2026-06-03)</h1> <p><a href="https://goo.gle/angular-v22-blog";>Blog post "Announcing Angular v22"</a>.</p> <h2>Breaking Changes</h2> <h3>compiler</h3> <ul> <li>This change will trigger the <code>nullishCoalescingNotNullable</code> and <code>optionalChainNotNullable</code> diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your <code>tsconfig</code> temporarily.</li> <li>data prefixed attribute no-longer bind inputs nor outputs.</li> <li>The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.</li> <li><code>in</code> variables will throw in template expressions.</li> </ul> <h3>compiler-cli</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular/commit/a68ec702a056a2706a152fce29081241fd276f12";><code>a68ec70</code></a> fix(compiler): sanitize two-way properties</li> <li><a href="https://github.com/angular/angular/commit/d40acc6431997b304ec54c951e55d2e52ed6f6dc";><code>d40acc6</code></a> fix(compiler): prevent namespaced SVG <style> elements from being stripped</li> <li><a href="https://github.com/angular/angular/commit/7ae6381a4845ad4b13a7a5574c5433b077c93c5c";><code>7ae6381</code></a> test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...</li> <li><a href="https://github.com/angular/angular/commit/36200bd81a3420d8222dfe10767437c383a20fe8";><code>36200bd</code></a> test(core): update spec files to match 20.3.x limits and actual contexts (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/68";>#68</a>...</li> <li><a href="https://github.com/angular/angular/commit/823b37f0468f7c8b38637ce93e26fc8db791b282";><code>823b37f</code></a> test(compiler): remove obsolete schema_extractor import (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/68926";>#68926</a>)</li> <li><a href="https://github.com/angular/angular/commit/e345a58069ede97250af449f5b7e9b94f828d30c";><code>e345a58</code></a> fix(core): normalize tag names in runtime i18n attribute security context loo...</li> <li><a href="https://github.com/angular/angular/commit/8f35b182b1479ed80d652f185c2c3ee5a82ea34c";><code>8f35b18</code></a> fix(compiler): normalize tag names with custom namespaces in DomElementSchema...</li> <li><a href="https://github.com/angular/angular/commit/64a89e917a0794a3d74713bdb4c9c63d703b317b";><code>64a89e9</code></a> fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...</li> <li><a href="https://github.com/angular/angular/commit/6404edfe0af3f27cb96737e72907553fb924d88a";><code>6404edf</code></a> fix(compiler): strip namespaced SVG script elements during template compilati...</li> <li><a href="https://github.com/angular/angular/commit/dc631efa96e787bee1277f324208f21c36c1fa71";><code>dc631ef</code></a> fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...</li> <li>Additional commits viewable in <a href="https://github.com/angular/angular/commits/v20.3.25/packages/compiler";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/flink/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
