Skip to content

build(deps): bump @angular/compiler from 20.3.15 to 20.3.16 #505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump @angular/compiler from 20.3.15 to 20.3.16 #505

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 9, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps @angular/compiler from 20.3.15 to 20.3.16.

Release notes

Sourced from @​angular/compiler's releases.

20.3.16

core

Commit Description
fix - c2c2b4aaa8 sanitize sensitive attributes on SVG script elements
Changelog

Sourced from @​angular/compiler's changelog.

20.3.16 (2026-01-07)

core

Commit Type Description
c2c2b4aaa8 fix sanitize sensitive attributes on SVG script elements

19.2.18 (2026-01-07)

core

Commit Type Description
26cdc53d9c fix sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit Type Description
8e808740c9 fix better types for a few expression AST nodes
63b1cdcf70 fix produce accurate span for typeof and void expressions
3c3ae0cb64 fix provide location information for literal map keys
523dbaf1c3 fix stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit Type Description
4d9c4567ed fix ensure component import diagnostics are reported within the imports expression
cd405685af fix fix up spelling of diagnostic
778460fcca fix support qualified names in typeof type references

core

Commit Type Description
7c74674eb0 fix avoid leaking view data in animations
0edbee4550 fix explicitly cast signal node value to String
f9c29572d2 fix sanitize sensitive attributes on SVG script elements

forms

Commit Type Description
e3fba182f9 feat add [formField] directive
561772b152 fix allow custom controls to require dirty input
f0fb1d8581 fix allow custom controls to require hidden input
ec110f170b fix allow custom controls to require pending input
ae1dc16bb0 fix clean up abort listener after timeout
9748b0d5da fix support custom controls with non signal-based models
6bd22df987 fix Support readonly arrays in signal forms

router

| Commit | Type | Description |

... (truncated)

Commits
  • c2c2b4a fix(core): sanitize sensitive attributes on SVG script elements
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 9, 2026
@semanticdiff-com
Copy link

semanticdiff-com bot commented Jan 9, 2026
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  package-lock.json  47% smaller
  package.json  0% smaller

@dependabot
build(deps): bump @angular/compiler from 20.3.15 to 20.3.16
40f7b1d 
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 20.3.15 to 20.3.16.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.16/packages/compiler)

---
updated-dependencies:
- dependency-name: "@angular/compiler"
  dependency-version: 20.3.16
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/angular/compiler-20.3.16 branch from 4357cc0 to 40f7b1d Compare January 12, 2026 14:38
joanise added a commit that referenced this pull request Jan 12, 2026
@joanise
build(deps): bump angular/core and /compiler to 20.3.16
5621d50 
and other peers that have to come along, plus rebuild a fresh
package-lock.json because otherwise the npm install just fails.

Replaces #505 and #506
@joanise joanise mentioned this pull request Jan 12, 2026
Merged
joanise added a commit that referenced this pull request Jan 12, 2026
@joanise
build(deps): bump angular/core and /compiler to 20.3.16 (#508)
b1c3085 
* build(deps): bump angular/core and /compiler to 20.3.16

and other peers that have to come along, plus rebuild a fresh
package-lock.json because otherwise the npm install just fails.

Replaces #505 and #506

* build: rebuild package-lock.json on a Linux machine

my rebuild on Windows was broken. :(
@joanise
Copy link
Member

joanise commented Jan 12, 2026

Replaced by #508 - a full package-lock.json rebuild was required to make this update possible.

@joanise joanise closed this Jan 12, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 12, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/angular/compiler-20.3.16 branch January 12, 2026 22:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joanise