Skip to content

chore(deps): bump @angular/core from 19.2.18 to 19.2.20 in the npm_and_yarn group across 1 directory#3

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-26c0fdf869
Closed

chore(deps): bump @angular/core from 19.2.18 to 19.2.20 in the npm_and_yarn group across 1 directory#3
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-26c0fdf869

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 17, 2026

Bumps the npm_and_yarn group with 1 update in the / directory: @angular/core.

Updates @angular/core from 19.2.18 to 19.2.20

Release notes

Sourced from @​angular/core's releases.

19.2.20

compiler

Commit Description
fix - 5be912eb55 disallow translations of iframe src

core

Commit Description
fix - b89b0a83a4 sanitize translated attribute bindings with interpolations
fix - 621c7071ad sanitize translated form attributes

19.2.19

core

Commit Description
fix - 747548721d block creation of sensitive URI attributes from ICU messages

Breaking Changes

core

  • Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

    (cherry picked from commit 03da204b6daa5e4583e0d0968c2107390bbd8235)

Changelog

Sourced from @​angular/core's changelog.

19.2.20 (2026-03-12)

compiler

Commit Type Description
5be912eb55 fix disallow translations of iframe src

core

Commit Type Description
b89b0a83a4 fix sanitize translated attribute bindings with interpolations
621c7071ad fix sanitize translated form attributes

20.3.18 (2026-03-12)

compiler

Commit Type Description
02fbf08890 fix disallow translations of iframe src

core

Commit Type Description
72126f9a08 fix sanitize translated attribute bindings with interpolations
626bc8bc20 fix sanitize translated form attributes

22.0.0-next.3 (2026-03-12)

compiler

Commit Type Description
78dea55351 fix disallow translations of iframe src

core

Commit Type Description
999c14eaab fix reverts "feat(core): add support for nested animations"
de0eb4c656 fix sanitize translated form attributes

21.2.4 (2026-03-12)

compiler

Commit Type Description
ed2d324f9c fix disallow translations of iframe src

core

Commit Type Description

... (truncated)

Commits
  • 621c707 fix(core): sanitize translated form attributes
  • b89b0a8 fix(core): sanitize translated attribute bindings with interpolations
  • 7475487 fix(core): block creation of sensitive URI attributes from ICU messages
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump @angular/core
29b54fe 
Bumps the npm_and_yarn group with 1 update in the / directory: [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core).


Updates `@angular/core` from 19.2.18 to 19.2.20
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v19.2.20/packages/core)

---
updated-dependencies:
- dependency-name: "@angular/core"
  dependency-version: 19.2.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 17, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Mar 17, 2026

Superseded by #6.

@dependabot dependabot Bot closed this Mar 17, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-26c0fdf869 branch March 17, 2026 10:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants