dependabot[bot] opened a new pull request, #4087: URL: https://github.com/apache/streampipes/pull/4087
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 19.2.13 to 19.2.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases";><code>@angular/compiler</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.18</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/26cdc53d9cf99ec41ffc0c71f58f8a14efc828d9";><img src="https://img.shields.io/badge/26cdc53d9c-fix-green"; alt="fix - 26cdc53d9c" /></a></td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <h2>19.2.17</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/7c42e2ebebc135e9949a9e9a0295ef3ccf261b82";><img src="https://img.shields.io/badge/7c42e2ebeb-fix-green"; alt="fix - 7c42e2ebeb" /></a></td> <td>prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</td> </tr> </tbody> </table> <h2>19.2.16</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc";><img src="https://img.shields.io/badge/05fe6686a9-fix-green"; alt="fix - 05fe6686a9" /></a></td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <h2>19.2.15</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/70d0639bc19e376af1a0491898f54a026d3227e2";><img src="https://img.shields.io/badge/70d0639bc1-fix-green"; alt="fix - 70d0639bc1" /></a></td> <td>introduce <code>BootstrapContext</code> for improved server bootstrapping (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/63639";>#63639</a>)</td> </tr> </tbody> </table> <h2>Breaking Changes</h2> <h3>core</h3> <ul> <li> <p>The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.</p> <p>Before:</p> <pre lang="ts"><code>const bootstrap = () => bootstrapApplication(AppComponent, config); </code></pre> <p>After:</p> <pre lang="ts"><code>const bootstrap = (context: BootstrapContext) => bootstrapApplication(AppComponent, config, context); </code></pre> <p>A schematic is provided to automatically update <code>main.server.ts</code> files to pass the <code>BootstrapContext</code> to the <code>bootstrapApplication</code> call.</p> <p>In addition, <code>getPlatform()</code> and <code>destroyPlatform()</code> will now return <code>null</code> and be a no-op respectively when running in a server environment.</p> </li> </ul> <p>For more information please see: <a href="https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7";>https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7</a></p> <h2>19.2.14</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/24bab55f0c89c4fe6037780fd7b2e8c8aa5429b2";><img src="https://img.shields.io/badge/24bab55f0c-fix-green"; alt="fix - 24bab55f0c" /></a></td> <td>lexer support for template literals in object literals (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/61601";>#61601</a>)</td> </tr> </tbody> </table> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md";><code>@angular/compiler</code>'s changelog</a>.</em></p> <blockquote> <h1>19.2.18 (2026-01-07)</h1> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/26cdc53d9cf99ec41ffc0c71f58f8a14efc828d9";>26cdc53d9c</a></td> <td>fix</td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>21.0.7 (2026-01-07)</h1> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/8e808740c9311daa0f1c9bab8596ed5e54bdcc6a";>8e808740c9</a></td> <td>fix</td> <td>better types for a few expression AST nodes</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/63b1cdcf70e6de448e8fa4ba1732d7bd7b5400d1";>63b1cdcf70</a></td> <td>fix</td> <td>produce accurate span for typeof and void expressions</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/3c3ae0cb64bb112d7167fd9b0bf7739f0c9e6a39";>3c3ae0cb64</a></td> <td>fix</td> <td>provide location information for literal map keys</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/523dbaf1c3646ce27f1cf2e4cfc84c730fea8da9";>523dbaf1c3</a></td> <td>fix</td> <td>stop ThisReceiver inheritance from ImplicitReceiver</td> </tr> </tbody> </table> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/4d9c4567edfb8dd424a3336ef54ffdfc6ca7c15f";>4d9c4567ed</a></td> <td>fix</td> <td>ensure component import diagnostics are reported within the <code>imports</code> expression</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/cd405685afbfad530de7fb841ad352d2b702a9a4";>cd405685af</a></td> <td>fix</td> <td>fix up spelling of diagnostic</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/778460fccac13d8667bb53fa24ba977a930c0253";>778460fcca</a></td> <td>fix</td> <td>support qualified names in <code>typeof</code> type references</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/7c74674eb07491f808f79976e3e21787a841aefb";>7c74674eb0</a></td> <td>fix</td> <td>avoid leaking view data in animations</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/0edbee4550e85b933e9bd2ba3c5511ef6fbf7304";>0edbee4550</a></td> <td>fix</td> <td>explicitly cast signal node value to String</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/f9c29572d28feef878c73edad562b3a6451825a6";>f9c29572d2</a></td> <td>fix</td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <h3>forms</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/e3fba182f90a2673040cf267a970c54c07d4840f";>e3fba182f9</a></td> <td>feat</td> <td>add <code>[formField]</code> directive</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/561772b152458e1d91d4bf3ef45d9645a731f2b1";>561772b152</a></td> <td>fix</td> <td>allow custom controls to require <code>dirty</code> input</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/f0fb1d8581671ca499bcb4790b0549825eb36a91";>f0fb1d8581</a></td> <td>fix</td> <td>allow custom controls to require <code>hidden</code> input</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ec110f170bbba95f023c8ae0e4429c35bfedc572";>ec110f170b</a></td> <td>fix</td> <td>allow custom controls to require <code>pending</code> input</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ae1dc16bb0d30b6e87b0f98b7989e6685d856e31";>ae1dc16bb0</a></td> <td>fix</td> <td>clean up abort listener after timeout</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/9748b0d5da6ffb1fd2498b23cc452240f46e0549";>9748b0d5da</a></td> <td>fix</td> <td>support custom controls with non signal-based models</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/6bd22df987e433a9e3cb759e35eb6403991cf4b7";>6bd22df987</a></td> <td>fix</td> <td>Support readonly arrays in signal forms</td> </tr> </tbody> </table> <h3>router</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/41cd4a6af800cf7807c46862c99ae036457d8fa7";>41cd4a6af8</a></td> <td>fix</td> <td>Fix RouterLink href not updating with <code>queryParamsHandling</code></td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/5e9e09aee0c08901d2a4d48b60bd13692c73e76e";>5e9e09aee0</a></td> <td>fix</td> <td>handle errors from view transition <code>updateCallbackDone</code> promise</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>21.1.0-next.4 (2025-12-17)</h1> <h2>Breaking Changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular/commit/26cdc53d9cf99ec41ffc0c71f58f8a14efc828d9";><code>26cdc53</code></a> fix(core): sanitize sensitive attributes on SVG script elements</li> <li><a href="https://github.com/angular/angular/commit/7c42e2ebebc135e9949a9e9a0295ef3ccf261b82";><code>7c42e2e</code></a> fix(compiler): prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</li> <li><a href="https://github.com/angular/angular/commit/24bab55f0c89c4fe6037780fd7b2e8c8aa5429b2";><code>24bab55</code></a> fix(compiler): lexer support for template literals in object literals (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/61601";>#61601</a>)</li> <li>See full diff in <a href="https://github.com/angular/angular/commits/v19.2.18/packages/compiler";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/streampipes/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
