dependabot[bot] opened a new pull request, #27397: URL: https://github.com/apache/flink/pull/27397
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 20.1.3 to 20.3.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases";><code>@angular/compiler</code>'s releases</a>.</em></p> <blockquote> <h2>20.3.16</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/c2c2b4aaa84c67d2eccd4ef4f94b5ea444a7f73a";><img src="https://img.shields.io/badge/c2c2b4aaa8-fix-green"; alt="fix - c2c2b4aaa8" /></a></td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <h2>20.3.15</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/d1ca8ae04390f050039fdb653a6147d75d48f81e";><img src="https://img.shields.io/badge/d1ca8ae043-fix-green"; alt="fix - d1ca8ae043" /></a></td> <td>prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</td> </tr> </tbody> </table> <h2>20.3.14</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f";><img src="https://img.shields.io/badge/0276479e7d-fix-green"; alt="fix - 0276479e7d" /></a></td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <h2>20.3.13</h2> <p>No release notes provided.</p> <h2>20.3.12</h2> <p>No release notes provided.</p> <h2>20.3.11</h2> <h3>common</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/5047849a4a1857471b78b7ba874f39ecd6175a6b";><img src="https://img.shields.io/badge/5047849a4a-fix-green"; alt="fix - 5047849a4a" /></a></td> <td>remove placeholder image listeners once view is removed</td> </tr> </tbody> </table> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/f9d08180876eb0aee5e5c489be734b07a7cc664e";><img src="https://img.shields.io/badge/f9d0818087-fix-green"; alt="fix - f9d0818087" /></a></td> <td>support arbitrary nesting in :host-context()</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/106b9040dfe03bd8deb0eabccc29e07f734b6ab5";><img src="https://img.shields.io/badge/106b9040df-fix-green"; alt="fix - 106b9040df" /></a></td> <td>support commas in :host() argument</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/9419ea348a296b50f13ac2e23ea9a00b336989b8";><img src="https://img.shields.io/badge/9419ea348a-fix-green"; alt="fix - 9419ea348a" /></a></td> <td>support complex selectors in :nth-child()</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/036c5d2a073f8e48704ec0d405ca997eedb721e9";><img src="https://img.shields.io/badge/036c5d2a07-fix-green"; alt="fix - 036c5d2a07" /></a></td> <td>support one additional level of nesting in :host()</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/dcdd1bcdbbd2a2fb4bd1fc4330259824d0bc8cb9";><img src="https://img.shields.io/badge/dcdd1bcdbb-fix-green"; alt="fix - dcdd1bcdbb" /></a></td> <td>skip leave animations on view swaps</td> </tr> </tbody> </table> <h2>20.3.10</h2> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/840db59dc1a9beb0b4e63799b5d56c2f096a1bab";><img src="https://img.shields.io/badge/840db59dc1-fix-green"; alt="fix - 840db59dc1" /></a></td> <td>make required inputs diagnostic less noisy</td> </tr> </tbody> </table> <h3>migrations</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/a45e6b2b66f669c532d6bffbab65058edabcacd9";><img src="https://img.shields.io/badge/a45e6b2b66-fix-green"; alt="fix - a45e6b2b66" /></a></td> <td>Prevent removal of templates referenced with preceding whitespace characters</td> </tr> </tbody> </table> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md";><code>@angular/compiler</code>'s changelog</a>.</em></p> <blockquote> <h1>20.3.16 (2026-01-07)</h1> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/c2c2b4aaa84c67d2eccd4ef4f94b5ea444a7f73a";>c2c2b4aaa8</a></td> <td>fix</td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>19.2.18 (2026-01-07)</h1> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/26cdc53d9cf99ec41ffc0c71f58f8a14efc828d9";>26cdc53d9c</a></td> <td>fix</td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>21.0.7 (2026-01-07)</h1> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/8e808740c9311daa0f1c9bab8596ed5e54bdcc6a";>8e808740c9</a></td> <td>fix</td> <td>better types for a few expression AST nodes</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/63b1cdcf70e6de448e8fa4ba1732d7bd7b5400d1";>63b1cdcf70</a></td> <td>fix</td> <td>produce accurate span for typeof and void expressions</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/3c3ae0cb64bb112d7167fd9b0bf7739f0c9e6a39";>3c3ae0cb64</a></td> <td>fix</td> <td>provide location information for literal map keys</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/523dbaf1c3646ce27f1cf2e4cfc84c730fea8da9";>523dbaf1c3</a></td> <td>fix</td> <td>stop ThisReceiver inheritance from ImplicitReceiver</td> </tr> </tbody> </table> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/4d9c4567edfb8dd424a3336ef54ffdfc6ca7c15f";>4d9c4567ed</a></td> <td>fix</td> <td>ensure component import diagnostics are reported within the <code>imports</code> expression</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/cd405685afbfad530de7fb841ad352d2b702a9a4";>cd405685af</a></td> <td>fix</td> <td>fix up spelling of diagnostic</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/778460fccac13d8667bb53fa24ba977a930c0253";>778460fcca</a></td> <td>fix</td> <td>support qualified names in <code>typeof</code> type references</td> </tr> </tbody> </table> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/7c74674eb07491f808f79976e3e21787a841aefb";>7c74674eb0</a></td> <td>fix</td> <td>avoid leaking view data in animations</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/0edbee4550e85b933e9bd2ba3c5511ef6fbf7304";>0edbee4550</a></td> <td>fix</td> <td>explicitly cast signal node value to String</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/f9c29572d28feef878c73edad562b3a6451825a6";>f9c29572d2</a></td> <td>fix</td> <td>sanitize sensitive attributes on SVG script elements</td> </tr> </tbody> </table> <h3>forms</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/angular/angular/commit/e3fba182f90a2673040cf267a970c54c07d4840f";>e3fba182f9</a></td> <td>feat</td> <td>add <code>[formField]</code> directive</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/561772b152458e1d91d4bf3ef45d9645a731f2b1";>561772b152</a></td> <td>fix</td> <td>allow custom controls to require <code>dirty</code> input</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/f0fb1d8581671ca499bcb4790b0549825eb36a91";>f0fb1d8581</a></td> <td>fix</td> <td>allow custom controls to require <code>hidden</code> input</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ec110f170bbba95f023c8ae0e4429c35bfedc572";>ec110f170b</a></td> <td>fix</td> <td>allow custom controls to require <code>pending</code> input</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/ae1dc16bb0d30b6e87b0f98b7989e6685d856e31";>ae1dc16bb0</a></td> <td>fix</td> <td>clean up abort listener after timeout</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/9748b0d5da6ffb1fd2498b23cc452240f46e0549";>9748b0d5da</a></td> <td>fix</td> <td>support custom controls with non signal-based models</td> </tr> <tr> <td><a href="https://github.com/angular/angular/commit/6bd22df987e433a9e3cb759e35eb6403991cf4b7";>6bd22df987</a></td> <td>fix</td> <td>Support readonly arrays in signal forms</td> </tr> </tbody> </table> <h3>router</h3> <p>| Commit | Type | Description |</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular/commit/c2c2b4aaa84c67d2eccd4ef4f94b5ea444a7f73a";><code>c2c2b4a</code></a> fix(core): sanitize sensitive attributes on SVG script elements</li> <li><a href="https://github.com/angular/angular/commit/d1ca8ae04390f050039fdb653a6147d75d48f81e";><code>d1ca8ae</code></a> fix(compiler): prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</li> <li><a href="https://github.com/angular/angular/commit/f689269ecaf3a2ed5ba6003f6b89284ed45ab380";><code>f689269</code></a> Revert "fix(compiler): support one additional level of nesting in :host()"</li> <li><a href="https://github.com/angular/angular/commit/7b2e6caaf818cbac0d780538aca2347571adc9be";><code>7b2e6ca</code></a> Revert "fix(compiler): support arbitrary nesting in :host-context()"</li> <li><a href="https://github.com/angular/angular/commit/6036eef73c9d0a54d3133556b14b4441ca1796f9";><code>6036eef</code></a> Revert "fix(compiler): support commas in :host() argument"</li> <li><a href="https://github.com/angular/angular/commit/a44658ba3ef0440db455440d4d598190485a7e70";><code>a44658b</code></a> Revert "fix(compiler): support complex selectors in :nth-child()"</li> <li><a href="https://github.com/angular/angular/commit/9419ea348a296b50f13ac2e23ea9a00b336989b8";><code>9419ea3</code></a> fix(compiler): support complex selectors in :nth-child()</li> <li><a href="https://github.com/angular/angular/commit/2531863909a30b693416562de80f2a6dcff2576f";><code>2531863</code></a> test(compiler): add test for :host:has(> .foo)</li> <li><a href="https://github.com/angular/angular/commit/106b9040dfe03bd8deb0eabccc29e07f734b6ab5";><code>106b904</code></a> fix(compiler): support commas in :host() argument</li> <li><a href="https://github.com/angular/angular/commit/f9d08180876eb0aee5e5c489be734b07a7cc664e";><code>f9d0818</code></a> fix(compiler): support arbitrary nesting in :host-context()</li> <li>Additional commits viewable in <a href="https://github.com/angular/angular/commits/v20.3.16/packages/compiler";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/flink/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
