Skip to content

chore(deps): bump @angular/platform-browser-dynamic from 13.3.11 to 21.2.15#358

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/angular/platform-browser-dynamic-21.2.15
Closed

chore(deps): bump @angular/platform-browser-dynamic from 13.3.11 to 21.2.15#358
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/angular/platform-browser-dynamic-21.2.15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/platform-browser-dynamic from 13.3.11 to 21.2.15.

Release notes

Sourced from @​angular/platform-browser-dynamic's releases.

21.2.15

common

Commit Description
fix - 7f4ac78994 add upper bounds for digitsInfo
fix - 300f61feb3 sanitize placeholder

compiler

Commit Description
fix - 0b07f47bd6 normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
fix - eb1cbbf2eb prevent namespaced SVG elements from being stripped
fix - cc1378d54b sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
fix - 782e01594e strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description
fix - ff12fe55ac normalize tag names in runtime i18n attribute security context lookup (#68925)
fix - e6fe77cc97 sanitize meta selectors
fix - daaf32937f support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
fix - dada86e43d synchronize core sanitization schema with compiler (#68925)

http

Commit Description
fix - 582a417bd2 exclude withCredentials requests from transfer cache
fix - 5c6d6df34b skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - 37e8aadf87 prevent SSRF bypasses via backslash URLs in HttpClient
fix - 72696e244e secure location and document initialization against SSRF and path hijack

service-worker

Commit Description
fix - b8bd49341d Preserves explicit 'credentials: omit' in asset requests
fix - ca32fc1000 Preserves HTTP cache mode in asset group requests

21.2.14

compiler

Commit Description
fix - 68282dff9f strip namespaced SVG script elements during template compilation

core

Commit Description
fix - c0f52272ed do not insert todo when migrating void @​Output
fix - 938a7f3edd makes resource URL sanitizer lookup case-insensitive
fix - 0fb2724194 reject script element as a dynamic component host
fix - 49113ac0ef visit ICU expressions in signal migration schematics

router

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/platform-browser-dynamic's changelog.

21.2.15 (2026-05-28)

common

Commit Type Description
7f4ac78994 fix add upper bounds for digitsInfo
300f61feb3 fix sanitize placeholder

compiler

Commit Type Description
0b07f47bd6 fix normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
eb1cbbf2eb fix prevent namespaced SVG elements from being stripped
cc1378d54b fix sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
782e01594e fix strip namespaced SVG script elements during template compilation (#68925)

core

Commit Type Description
ff12fe55ac fix normalize tag names in runtime i18n attribute security context lookup (#68925)
e6fe77cc97 fix sanitize meta selectors
daaf32937f fix support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
dada86e43d fix synchronize core sanitization schema with compiler (#68925)

http

Commit Type Description
582a417bd2 fix exclude withCredentials requests from transfer cache
5c6d6df34b fix skip TransferCache for cookie-bearing requests by default

platform-server

Commit Type Description
37e8aadf87 fix prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e fix secure location and document initialization against SSRF and path hijack

service-worker

Commit Type Description
b8bd49341d fix Preserves explicit 'credentials: omit' in asset requests
ca32fc1000 fix Preserves HTTP cache mode in asset group requests

19.2.24 (2026-05-28)

compiler

Commit Type Description
6ea6379123 fix prevent namespaced SVG elements from being stripped

20.3.23 (2026-05-28)

compiler

... (truncated)

Commits
  • d3f67f6 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
  • 26fed34 build: format md files
  • c357650 refactor(core): Update tests for zoneless by default (#63668)
  • 2fcafb6 build: rename defaults2.bzl to defaults.bzl (#63383)
  • fa8d8b8 build: migrate all npm packages to use new rules_js based npm_package rule (#...
  • cbc258e build: remove ts_project_interop infrastructure (#62908)
  • 793ff35 build: move http_server and generate_api_docs into defaults2.bzl (#62878)
  • 8bf97d1 build: remove all usages of the interop_deps attr for ts_project and ng_proje...
  • 23d5877 build: migrate to new toolchain usage for api goldens (#62688)
  • b848590 build: migrate to use web test runner rules (#62292)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) from 13.3.11 to 21.2.15.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.15/packages/platform-browser-dynamic)

---
updated-dependencies:
- dependency-name: "@angular/platform-browser-dynamic"
  dependency-version: 21.2.15
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 28, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #368.

@dependabot dependabot Bot closed this Jun 3, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/angular/platform-browser-dynamic-21.2.15 branch June 3, 2026 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants