Title: Bump @angular/compiler from 20.0.2 to 20.3.16 by dependabot[bot] · Pull Request #296 · plotly/angular-plotly.js · GitHub
Open Graph Title: Bump @angular/compiler from 20.0.2 to 20.3.16 by dependabot[bot] · Pull Request #296 · plotly/angular-plotly.js
X Title: Bump @angular/compiler from 20.0.2 to 20.3.16 by dependabot[bot] · Pull Request #296 · plotly/angular-plotly.js
Description: Bumps @angular/compiler from 20.0.2 to 20.3.16.
Release notes
Sourced from @angular/compiler's releases.
20.3.16
core
Commit
Description
sanitize sensitive attributes on SVG script elements
20.3.15
compiler
Commit
Description
prevent XSS via SVG animation attributeName and MathML/SVG URLs
20.3.14
http
Commit
Description
prevent XSRF token leakage to protocol-relative URLs
20.3.13
No release notes provided.
20.3.12
No release notes provided.
20.3.11
common
Commit
Description
remove placeholder image listeners once view is removed
compiler
Commit
Description
support arbitrary nesting in :host-context()
support commas in :host() argument
support complex selectors in :nth-child()
support one additional level of nesting in :host()
core
Commit
Description
skip leave animations on view swaps
20.3.10
compiler-cli
Commit
Description
make required inputs diagnostic less noisy
migrations
Commit
Description
Prevent removal of templates referenced with preceding whitespace characters
... (truncated)
Changelog
Sourced from @angular/compiler's changelog.
20.3.16 (2026-01-07)
core
Commit
Type
Description
c2c2b4aaa8
fix
sanitize sensitive attributes on SVG script elements
19.2.18 (2026-01-07)
core
Commit
Type
Description
26cdc53d9c
fix
sanitize sensitive attributes on SVG script elements
21.0.7 (2026-01-07)
compiler
Commit
Type
Description
8e808740c9
fix
better types for a few expression AST nodes
63b1cdcf70
fix
produce accurate span for typeof and void expressions
3c3ae0cb64
fix
provide location information for literal map keys
523dbaf1c3
fix
stop ThisReceiver inheritance from ImplicitReceiver
compiler-cli
Commit
Type
Description
4d9c4567ed
fix
ensure component import diagnostics are reported within the imports expression
cd405685af
fix
fix up spelling of diagnostic
778460fcca
fix
support qualified names in typeof type references
core
Commit
Type
Description
7c74674eb0
fix
avoid leaking view data in animations
0edbee4550
fix
explicitly cast signal node value to String
f9c29572d2
fix
sanitize sensitive attributes on SVG script elements
forms
Commit
Type
Description
e3fba182f9
feat
add [formField] directive
561772b152
fix
allow custom controls to require dirty input
f0fb1d8581
fix
allow custom controls to require hidden input
ec110f170b
fix
allow custom controls to require pending input
ae1dc16bb0
fix
clean up abort listener after timeout
9748b0d5da
fix
support custom controls with non signal-based models
6bd22df987
fix
Support readonly arrays in signal forms
router
| Commit | Type | Description |
... (truncated)
Commits
c2c2b4a fix(core): sanitize sensitive attributes on SVG script elements
d1ca8ae fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
f689269 Revert "fix(compiler): support one additional level of nesting in :host()"
7b2e6ca Revert "fix(compiler): support arbitrary nesting in :host-context()"
6036eef Revert "fix(compiler): support commas in :host() argument"
a44658b Revert "fix(compiler): support complex selectors in :nth-child()"
9419ea3 fix(compiler): support complex selectors in :nth-child()
2531863 test(compiler): add test for :host:has(> .foo)
106b904 fix(compiler): support commas in :host() argument
f9d0818 fix(compiler): support arbitrary nesting in :host-context()
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps @angular/compiler from 20.0.2 to 20.3.16. Release notes Sourced from @angular/compiler's releases. 20.3.16 core Commit Description sanitize sensitive attributes on SVG script e...
X Description: Bumps @angular/compiler from 20.0.2 to 20.3.16. Release notes Sourced from @angular/compiler's releases. 20.3.16 core Commit Description sanitize sensitive attributes on SVG scri...
Opengraph URL: https://github.com/plotly/angular-plotly.js/pull/296
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:3233e8d2-82b7-b949-edbf-e2c5d04cc7e6 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 82AA:1C9258:E89D2:147ABE:696E488E |
| html-safe-nonce | cc307898a96a0db0d400a653bd9ad64c23e6b0c4d0b16d6ea3883af12d53c258 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4MkFBOjFDOTI1ODpFODlEMjoxNDdBQkU6Njk2RTQ4OEUiLCJ2aXNpdG9yX2lkIjoiODAwNTcwMDYwMzQ5NDY4MDcxOCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 183ff9e342fa40a04b2fcb3b44182418a515778076698435d1a78cbcd70ce610 |
| hovercard-subject-tag | pull_request:3160599384 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/plotly/angular-plotly.js/pull/296/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps @angular/compiler from 20.0.2 to 20.3.16. Release notes Sourced from @angular/compiler's releases. 20.3.16 core Commit Description sanitize sensitive attributes on SVG script e... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 3d96554e55b469c47dbcd31f74dc86278872b170531e84c6ce7f3389673e01d1 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/plotly/angular-plotly.js git https://github.com/plotly/angular-plotly.js.git |
| octolytics-dimension-user_id | 5997976 |
| octolytics-dimension-user_login | plotly |
| octolytics-dimension-repository_id | 125262347 |
| octolytics-dimension-repository_nwo | plotly/angular-plotly.js |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 125262347 |
| octolytics-dimension-repository_network_root_nwo | plotly/angular-plotly.js |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | ef576694863a4c791d0a5cc9d2b84384d4414bcd |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width