Skip to content

chore(deps): bump @angular/compiler from 21.2.10 to 21.2.17 in /frontend#5810

Merged
aglinxinyuan merged 4 commits into
mainfrom
dependabot/npm_and_yarn/frontend/angular/compiler-21.2.17
Jun 20, 2026
Merged

chore(deps): bump @angular/compiler from 21.2.10 to 21.2.17 in /frontend#5810
aglinxinyuan merged 4 commits into
mainfrom
dependabot/npm_and_yarn/frontend/angular/compiler-21.2.17

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps @angular/compiler from 21.2.10 to 21.2.17.

Release notes

Sourced from @​angular/compiler's releases.

21.2.17

common

Commit Description
fix - 86a56dc279 Limits date format string length
fix - d846326b07 skip transfer cache for uncacheable HTTP traffic
fix - bc55749698 use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - dc9c99636d sanitize two-way properties

core

Commit Description
fix - 1523061137 harden TransferState restoration against DOM clobbering
fix - 88832c84f8 validate lowercase SVG animation attribute names (#69269)

http

Commit Description
fix - bcb1b7ea25 preserve empty referrer option in HttpRequest
fix - a810a319d1 Rejects non-HTTP(S) URLs in JSONP requests
fix - e245d40c4d skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 35510746b7 harden platform location origin validation during SSR
refactor - 13fb0afe93 deprecate ServerXhr (#69255)

service-worker

Commit Description
fix - b9d29381bb Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

21.2.16

common

Commit Description
fix - f6d8e642b0 only strip a literal /index.html suffix from URLs

compiler

Commit Description
fix - ae1c8a1f7a move projection attributes into constants

core

Commit Description
fix - 3fd6897a67 harden inherit definition feature against polluted prototypes
fix - 7e38336dc7 use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

21.2.17 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
86a56dc279 fix Limits date format string length
d846326b07 fix skip transfer cache for uncacheable HTTP traffic
bc55749698 fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
dc9c99636d fix sanitize two-way properties

core

Commit Type Description
1523061137 fix harden TransferState restoration against DOM clobbering
88832c84f8 fix validate lowercase SVG animation attribute names (#69269)

http

Commit Type Description
bcb1b7ea25 fix preserve empty referrer option in HttpRequest
a810a319d1 fix Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
35510746b7 fix harden platform location origin validation during SSR
13fb0afe93 refactor deprecate ServerXhr (#69255)

service-worker

Commit Type Description
b9d29381bb fix Strips sensitive headers on cross-origin redirects

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

| Commit | Type | Description |

... (truncated)

Commits
  • dc9c996 fix(compiler): sanitize two-way properties
  • ae1c8a1 fix(compiler): move projection attributes into constants
  • eb1cbbf fix(compiler): prevent namespaced SVG <style> elements from being stripped
  • 29ceeff docs: fix typos in source code comments
  • 782e015 fix(compiler): strip namespaced SVG script elements during template compilati...
  • ff12fe5 fix(core): normalize tag names in runtime i18n attribute security context loo...
  • 0b07f47 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
  • cc1378d fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
  • daaf329 fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
  • 68282df fix(compiler): strip namespaced SVG script elements during template compilation
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump @angular/compiler from 21.2.10 to 21.2.17 in /frontend
03b3c10 
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 21.2.10 to 21.2.17.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v21.2.17/packages/compiler)

---
updated-dependencies:
- dependency-name: "@angular/compiler"
  dependency-version: 21.2.17
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 19, 2026
@github-actions github-actions Bot added the frontend Changes related to the frontend GUI label Jun 19, 2026
@aglinxinyuan aglinxinyuan requested a review from Copilot June 19, 2026 23:51
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the frontend’s Angular compiler dependency to a newer 21.2.x patch release, reflecting a routine dependency maintenance/security bump in the Angular toolchain.

Changes:

  • Bump @angular/compiler from 21.2.10 to 21.2.17 in frontend/package.json.
  • Update frontend/yarn.lock to resolve @angular/compiler at 21.2.17.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
frontend/package.json Updates @angular/compiler dependency version to 21.2.17.
frontend/yarn.lock Refreshes lockfile entries to reflect the new @angular/compiler version.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread frontend/package.json
@aglinxinyuan
Merge branch 'main' into dependabot/npm_and_yarn/frontend/angular/com…
ce1ea0b 
…piler-21.2.17
@aglinxinyuan
chore(deps): bump @angular/compiler-cli and @angular/localize to 21.2.17
a79391b 
Keep the Angular build toolchain in lockstep with @angular/compiler 21.2.17. @angular/compiler-cli declares a strict peerDependency on @angular/compiler, and @angular/localize pins both @angular/compiler and @angular/compiler-cli, so leaving them at 21.2.10 left those peers unmet (the build-critical compiler/compiler-cli pin in particular). Regenerated yarn.lock accordingly.

Signed-off-by: Xinyuan Lin <xinyual3@uci.edu>
@aglinxinyuan aglinxinyuan enabled auto-merge June 20, 2026 00:07
@codecov-commenter

codecov-commenter commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.40%. Comparing base (0eb7baa) to head (1c151d1).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #5810      +/-   ##
============================================
- Coverage     53.43%   53.40%   -0.04%     
+ Complexity     2695     2691       -4     
============================================
  Files          1099     1099              
  Lines         42541    42541              
  Branches       4577     4577              
============================================
- Hits          22732    22719      -13     
- Misses        18476    18485       +9     
- Partials       1333     1337       +4
Flag Coverage Δ *Carryforward flag
access-control-service 70.44% <ø> (ø) Carriedforward from a79391b
agent-service 34.36% <ø> (ø) Carriedforward from a79391b
amber 54.00% <ø> (-0.04%) ⬇️ Carriedforward from a79391b
computing-unit-managing-service 1.65% <ø> (ø) Carriedforward from a79391b
config-service 56.71% <ø> (ø) Carriedforward from a79391b
file-service 57.06% <ø> (ø) Carriedforward from a79391b
frontend 48.05% <ø> (-0.04%) ⬇️
pyamber 90.13% <ø> (ø) Carriedforward from a79391b
python 90.80% <ø> (ø) Carriedforward from a79391b
workflow-compiling-service 58.69% <ø> (ø) Carriedforward from a79391b

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@aglinxinyuan aglinxinyuan added this pull request to the merge queue Jun 20, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jun 20, 2026
@aglinxinyuan aglinxinyuan added this pull request to the merge queue Jun 20, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jun 20, 2026
@aglinxinyuan aglinxinyuan enabled auto-merge June 20, 2026 01:21
@aglinxinyuan aglinxinyuan added this pull request to the merge queue Jun 20, 2026
Merged via the queue into main with commit f2867f0 Jun 20, 2026
17 checks passed
@aglinxinyuan aglinxinyuan deleted the dependabot/npm_and_yarn/frontend/angular/compiler-21.2.17 branch June 20, 2026 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aglinxinyuan aglinxinyuan aglinxinyuan approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file frontend Changes related to the frontend GUI javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@codecov-commenter @aglinxinyuan @ezeovercome-oss