Skip to content

chore(deps): bump @angular/platform-browser-dynamic from 13.3.11 to 21.2.16#368

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/angular/platform-browser-dynamic-21.2.16
Closed

chore(deps): bump @angular/platform-browser-dynamic from 13.3.11 to 21.2.16#368
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/angular/platform-browser-dynamic-21.2.16

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/platform-browser-dynamic from 13.3.11 to 21.2.16.

Release notes

Sourced from @​angular/platform-browser-dynamic's releases.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Description
fix - 66821c4ed5 throw on suspicious URLs and restrict protocol-relative URLs
fix - d3170031b6 update domino to latest version

21.2.15

common

Commit Description
fix - 7f4ac78994 add upper bounds for digitsInfo
fix - 300f61feb3 sanitize placeholder

compiler

Commit Description
fix - 0b07f47bd6 normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
fix - eb1cbbf2eb prevent namespaced SVG elements from being stripped
fix - cc1378d54b sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
fix - 782e01594e strip namespaced SVG script elements during template compilation (#68925)

core

Commit Description
fix - ff12fe55ac normalize tag names in runtime i18n attribute security context lookup (#68925)
fix - e6fe77cc97 sanitize meta selectors
fix - daaf32937f support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
fix - dada86e43d synchronize core sanitization schema with compiler (#68925)

http

Commit Description
fix - 582a417bd2 exclude withCredentials requests from transfer cache
fix - 5c6d6df34b skip TransferCache for cookie-bearing requests by default

platform-server

Commit Description
fix - 37e8aadf87 prevent SSRF bypasses via backslash URLs in HttpClient
fix - 72696e244e secure location and document initialization against SSRF and path hijack

... (truncated)

Changelog

Sourced from @​angular/platform-browser-dynamic's changelog.

21.2.16 (2026-06-03)

common

Commit Type Description
f6d8e642b0 fix only strip a literal /index.html suffix from URLs

compiler

Commit Type Description
ae1c8a1f7a fix move projection attributes into constants

core

Commit Type Description
3fd6897a67 fix harden inherit definition feature against polluted prototypes
7e38336dc7 fix use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit Type Description
66821c4ed5 fix throw on suspicious URLs and restrict protocol-relative URLs
d3170031b6 fix update domino to latest version

19.2.25 (2026-06-02)

platform-server

Commit Type Description
e2fb854d55 fix throw on suspicious URLs and restrict protocol-relative URLs
0a8befb493 fix update domino to latest version

20.3.24 (2026-06-02)

platform-server

Commit Type Description
6ca433e56b fix throw on suspicious URLs and restrict protocol-relative URLs
8680b5152f fix update domino to latest version

22.0.0-rc.3 (2026-06-01)

common

Commit Type Description
4795b35d5b fix only strip a literal /index.html suffix from URLs

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • d3f67f6 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
  • 26fed34 build: format md files
  • c357650 refactor(core): Update tests for zoneless by default (#63668)
  • 2fcafb6 build: rename defaults2.bzl to defaults.bzl (#63383)
  • fa8d8b8 build: migrate all npm packages to use new rules_js based npm_package rule (#...
  • cbc258e build: remove ts_project_interop infrastructure (#62908)
  • 793ff35 build: move http_server and generate_api_docs into defaults2.bzl (#62878)
  • 8bf97d1 build: remove all usages of the interop_deps attr for ts_project and ng_proje...
  • 23d5877 build: migrate to new toolchain usage for api goldens (#62688)
  • b848590 build: migrate to use web test runner rules (#62292)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) from 13.3.11 to 21.2.16.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.16/packages/platform-browser-dynamic)

---
updated-dependencies:
- dependency-name: "@angular/platform-browser-dynamic"
  dependency-version: 21.2.16
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #370.

@dependabot dependabot Bot closed this Jun 4, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/angular/platform-browser-dynamic-21.2.16 branch June 4, 2026 03:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants