Bump @angular/core from 19.2.18 to 19.2.20#12
Conversation
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 19.2.18 to 19.2.20. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v19.2.20/packages/core) --- updated-dependencies: - dependency-name: "@angular/core" dependency-version: 19.2.20 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
Dependabot security update bumping @angular/core from 19.2.18 to 19.2.20, which includes security fixes for sanitizing translated attributes and blocking sensitive URI attributes from ICU messages.
Changes:
- Bump
@angular/coreversion from^19.2.18to^19.2.20inapps/admin/package.json - Update
package-lock.jsonwith resolved dependencies (including desktop-admin workspace additions)
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| apps/admin/package.json | Bumps @angular/core dependency version |
| package-lock.json | Updated lockfile reflecting the new version and workspace changes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
This Dependabot PR aims to upgrade the Angular Admin app’s Angular runtime by bumping @angular/core from 19.2.18 to 19.2.20, updating the root lockfile accordingly.
Changes:
- Bump
@angular/coreto^19.2.20inapps/admin/package.json. - Update
package-lock.jsonto reflect the new@angular/coreversion and other regenerated workspace dependency state (includingdesktop-admin).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
apps/admin/package.json |
Updates the Admin app’s @angular/core dependency version. |
package-lock.json |
Updates locked dependency graph for the repo, including Angular resolution and workspace packages. |
Comments suppressed due to low confidence (1)
apps/admin/package.json:20
@angular/coreis bumped to 19.2.20, but the rest of the Angular packages are still pinned to 19.2.18. Angular packages declare exact-version peerDependencies (e.g., forms/router peer on@angular/core: 19.2.18), so this will produce peer dependency conflicts and can lead to multiple Angular versions in the lockfile. Bump all@angular/*dependencies (and@angular/compiler-cli) to 19.2.20 together and regenerate the lockfile so all peers align on the same patch.
"@angular/animations": "^19.2.18",
"@angular/common": "^19.2.18",
"@angular/compiler": "^19.2.18",
"@angular/core": "^19.2.20",
"@angular/forms": "^19.2.18",
"@angular/platform-browser": "^19.2.18",
"@angular/platform-browser-dynamic": "^19.2.18",
"@angular/router": "^19.2.18",
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Bumps @angular/core from 19.2.18 to 19.2.20.
Release notes
Sourced from
@angular/core's releases.Changelog
Sourced from
@angular/core's changelog.... (truncated)
Commits
621c707fix(core): sanitize translated form attributesb89b0a8fix(core): sanitize translated attribute bindings with interpolations7475487fix(core): block creation of sensitive URI attributes from ICU messagesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.