build(deps): bump @angular/compiler from 20.3.6 to 20.3.18 in /samples/client/others/typescript-angular-v20#23240
Conversation
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 20.3.6 to 20.3.18. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.18/packages/compiler) --- updated-dependencies: - dependency-name: "@angular/compiler" dependency-version: 20.3.18 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="samples/client/others/typescript-angular-v20/package.json">
<violation number="1" location="samples/client/others/typescript-angular-v20/package.json:27">
P1: This bump leaves the sample on mismatched Angular patch versions: the lockfile resolves `@angular/compiler` 20.3.18, but `@angular/compiler-cli` and `@angular/core` stay on 20.3.6 and both require `@angular/compiler` 20.3.6. Update the companion Angular packages and lockfile together.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| "dependencies": { | ||
| "@angular/common": "^20.3.0", | ||
| "@angular/compiler": "^20.3.0", | ||
| "@angular/compiler": "^20.3.18", |
There was a problem hiding this comment.
P1: This bump leaves the sample on mismatched Angular patch versions: the lockfile resolves @angular/compiler 20.3.18, but @angular/compiler-cli and @angular/core stay on 20.3.6 and both require @angular/compiler 20.3.6. Update the companion Angular packages and lockfile together.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/others/typescript-angular-v20/package.json, line 27:
<comment>This bump leaves the sample on mismatched Angular patch versions: the lockfile resolves `@angular/compiler` 20.3.18, but `@angular/compiler-cli` and `@angular/core` stay on 20.3.6 and both require `@angular/compiler` 20.3.6. Update the companion Angular packages and lockfile together.</comment>
<file context>
@@ -24,7 +24,7 @@
"dependencies": {
"@angular/common": "^20.3.0",
- "@angular/compiler": "^20.3.0",
+ "@angular/compiler": "^20.3.18",
"@angular/core": "^20.3.0",
"@angular/forms": "^20.3.0",
</file context>
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
wing328
deleted the
dependabot/npm_and_yarn/samples/client/others/typescript-angular-v20/angular/compiler-20.3.18
branch
1 participant
Bumps @angular/compiler from 20.3.6 to 20.3.18.
Release notes
Sourced from
@angular/compiler's releases.... (truncated)
Changelog
Sourced from
@angular/compiler's changelog.... (truncated)
Commits
02fbf08fix(compiler): disallow translations of iframe srcc2c2b4afix(core): sanitize sensitive attributes on SVG script elementsd1ca8aefix(compiler): prevent XSS via SVG animationattributeNameand MathML/SVG URLsf689269Revert "fix(compiler): support one additional level of nesting in :host()"7b2e6caRevert "fix(compiler): support arbitrary nesting in :host-context()"6036eefRevert "fix(compiler): support commas in :host() argument"a44658bRevert "fix(compiler): support complex selectors in :nth-child()"9419ea3fix(compiler): support complex selectors in :nth-child()2531863test(compiler): add test for :host:has(> .foo)106b904fix(compiler): support commas in :host() argumentDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Summary by cubic
Upgrade
@angular/compilerto 20.3.18 in the TypeScript Angular v20 sample to pick up security hardening and compiler fixes. This blocks risky translations (e.g., iframe src) and tightens SVG/MathML URL handling.@angular/compilerfrom 20.3.6 to 20.3.18 insamples/client/others/typescript-angular-v20.Written for commit 0b9940f. Summary will update on new commits.