Update angular monorepo to v21.2.17

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@angular/animations (source)	21.2.13 → 21.2.17
@angular/common (source)	21.2.13 → 21.2.17
@angular/compiler (source)	21.2.13 → 21.2.17
@angular/compiler-cli (source)	21.2.13 → 21.2.17
@angular/core (source)	21.2.13 → 21.2.17
@angular/forms (source)	21.2.13 → 21.2.17
@angular/platform-browser (source)	21.2.13 → 21.2.17
@angular/platform-browser-dynamic (source)	21.2.13 → 21.2.17
@angular/router (source)	21.2.13 → 21.2.17

---

Release Notes

angular/angular (@​angular/animations)

v21.2.17

Compare Source

v21.2.16

Compare Source

v21.2.15

Compare Source

common

Commit	Type	Description
7f4ac78994	fix	add upper bounds for digitsInfo
300f61feb3	fix	sanitize placeholder

compiler

Commit	Type	Description
0b07f47bd6	fix	normalize tag names with custom namespaces in DomElementSchemaRegistry (#​68925)
eb1cbbf2eb	fix	prevent namespaced SVG <style> elements from being stripped
cc1378d54b	fix	sanitize dynamic href and xlink:href bindings on SVG a elements (#​68925)
782e01594e	fix	strip namespaced SVG script elements during template compilation (#​68925)

core

Commit	Type	Description
ff12fe55ac	fix	normalize tag names in runtime i18n attribute security context lookup (#​68925)
e6fe77cc97	fix	sanitize meta selectors
daaf32937f	fix	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#​68925)
dada86e43d	fix	synchronize core sanitization schema with compiler (#​68925)

http

Commit	Type	Description
582a417bd2	fix	exclude withCredentials requests from transfer cache
5c6d6df34b	fix	skip TransferCache for cookie-bearing requests by default

platform-server

Commit	Type	Description
37e8aadf87	fix	prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e	fix	secure location and document initialization against SSRF and path hijack

service-worker

Commit	Type	Description
b8bd49341d	fix	Preserves explicit 'credentials: omit' in asset requests
ca32fc1000	fix	Preserves HTTP cache mode in asset group requests

v21.2.14

Compare Source

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

angular/angular (@​angular/common)

v21.2.17

Compare Source

Deprecations

platform-server

• XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit	Type	Description
86a56dc279	fix	Limits date format string length
d846326b07	fix	skip transfer cache for uncacheable HTTP traffic
bc55749698	fix	use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit	Type	Description
dc9c99636d	fix	sanitize two-way properties

core

Commit	Type	Description
1523061137	fix	harden TransferState restoration against DOM clobbering
88832c84f8	fix	validate lowercase SVG animation attribute names (#​69269)

http

Commit	Type	Description
bcb1b7ea25	fix	preserve empty referrer option in HttpRequest
a810a319d1	fix	Rejects non-HTTP(S) URLs in JSONP requests
e245d40c4d	fix	skip transfer cache for fetch credentialed requests

platform-server

Commit	Type	Description
35510746b7	fix	harden platform location origin validation during SSR
13fb0afe93	refactor	deprecate ServerXhr (#​69255)

service-worker

Commit	Type	Description
b9d29381bb	fix	Strips sensitive headers on cross-origin redirects

v21.2.16

Compare Source

v21.2.15

Compare Source

common

Commit	Type	Description
7f4ac78994	fix	add upper bounds for digitsInfo
300f61feb3	fix	sanitize placeholder

compiler

Commit	Type	Description
0b07f47bd6	fix	normalize tag names with custom namespaces in DomElementSchemaRegistry (#​68925)
eb1cbbf2eb	fix	prevent namespaced SVG <style> elements from being stripped
cc1378d54b	fix	sanitize dynamic href and xlink:href bindings on SVG a elements (#​68925)
782e01594e	fix	strip namespaced SVG script elements during template compilation (#​68925)

core

Commit	Type	Description
ff12fe55ac	fix	normalize tag names in runtime i18n attribute security context lookup (#​68925)
e6fe77cc97	fix	sanitize meta selectors
daaf32937f	fix	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#​68925)
dada86e43d	fix	synchronize core sanitization schema with compiler (#​68925)

http

Commit	Type	Description
582a417bd2	fix	exclude withCredentials requests from transfer cache
5c6d6df34b	fix	skip TransferCache for cookie-bearing requests by default

platform-server

Commit	Type	Description
37e8aadf87	fix	prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e	fix	secure location and document initialization against SSRF and path hijack

service-worker

Commit	Type	Description
b8bd49341d	fix	Preserves explicit 'credentials: omit' in asset requests
ca32fc1000	fix	Preserves HTTP cache mode in asset group requests

v21.2.14

Compare Source

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

angular/angular (@​angular/compiler-cli)

v21.2.17

Compare Source

v21.2.16

Compare Source

common

Commit	Type	Description
f6d8e642b0	fix	only strip a literal /index.html suffix from URLs

compiler

Commit	Type	Description
ae1c8a1f7a	fix	move projection attributes into constants

core

Commit	Type	Description
3fd6897a67	fix	harden inherit definition feature against polluted prototypes
7e38336dc7	fix	use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit	Type	Description
66821c4ed5	fix	throw on suspicious URLs and restrict protocol-relative URLs
d3170031b6	fix	update domino to latest version

v21.2.15

Compare Source

common

Commit	Type	Description
7f4ac78994	fix	add upper bounds for digitsInfo
300f61feb3	fix	sanitize placeholder

compiler

Commit	Type	Description
0b07f47bd6	fix	normalize tag names with custom namespaces in DomElementSchemaRegistry (#​68925)
eb1cbbf2eb	fix	prevent namespaced SVG <style> elements from being stripped
cc1378d54b	fix	sanitize dynamic href and xlink:href bindings on SVG a elements (#​68925)
782e01594e	fix	strip namespaced SVG script elements during template compilation (#​68925)

core

Commit	Type	Description
ff12fe55ac	fix	normalize tag names in runtime i18n attribute security context lookup (#​68925)
e6fe77cc97	fix	sanitize meta selectors
daaf32937f	fix	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#​68925)
dada86e43d	fix	synchronize core sanitization schema with compiler (#​68925)

http

Commit	Type	Description
582a417bd2	fix	exclude withCredentials requests from transfer cache
5c6d6df34b	fix	skip TransferCache for cookie-bearing requests by default

platform-server

Commit	Type	Description
37e8aadf87	fix	prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e	fix	secure location and document initialization against SSRF and path hijack

service-worker

Commit	Type	Description
b8bd49341d	fix	Preserves explicit 'credentials: omit' in asset requests
ca32fc1000	fix	Preserves HTTP cache mode in asset group requests

v21.2.14

Compare Source

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

angular/angular (@​angular/router)

v21.2.17

Compare Source

v21.2.16

Compare Source

common

Commit	Type	Description
f6d8e642b0	fix	only strip a literal /index.html suffix from URLs

compiler

Commit	Type	Description
ae1c8a1f7a	fix	move projection attributes into constants

core

Commit	Type	Description
3fd6897a67	fix	harden inherit definition feature against polluted prototypes
7e38336dc7	fix	use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit	Type	Description
66821c4ed5	fix	throw on suspicious URLs and restrict protocol-relative URLs
d3170031b6	fix	update domino to latest version

v21.2.15

Compare Source

common

Commit	Type	Description
7f4ac78994	fix	add upper bounds for digitsInfo
300f61feb3	fix	sanitize placeholder

compiler

Commit	Type	Description
0b07f47bd6	fix	normalize tag names with custom namespaces in DomElementSchemaRegistry (#​68925)
eb1cbbf2eb	fix	prevent namespaced SVG <style> elements from being stripped
cc1378d54b	fix	sanitize dynamic href and xlink:href bindings on SVG a elements (#​68925)
782e01594e	fix	strip namespaced SVG script elements during template compilation (#​68925)

core

Commit	Type	Description
ff12fe55ac	fix	normalize tag names in runtime i18n attribute security context lookup (#​68925)
e6fe77cc97	fix	sanitize meta selectors
daaf32937f	fix	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#​68925)
dada86e43d	fix	synchronize core sanitization schema with compiler (#​68925)

http

Commit	Type	Description
582a417bd2	fix	exclude withCredentials requests from transfer cache
5c6d6df34b	fix	skip TransferCache for cookie-bearing requests by default

platform-server

Commit	Type	Description
37e8aadf87	fix	prevent SSRF bypasses via backslash URLs in HttpClient
72696e244e	fix	secure location and document initialization against SSRF and path hijack

service-worker

Commit	Type	Description
b8bd49341d	fix	Preserves explicit 'credentials: omit' in asset requests
ca32fc1000	fix	Preserves HTTP cache mode in asset group requests

v21.2.14

Compare Source

compiler

Commit	Type	Description
68282dff9f	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c0f52272ed	fix	do not insert todo when migrating void @​Output
938a7f3edd	fix	makes resource URL sanitizer lookup case-insensitive
0fb2724194	fix	reject script element as a dynamic component host
49113ac0ef	fix	visit ICU expressions in signal migration schematics

router

Commit	Type	Description
099bf577ee	fix	skip scroll-to-top on initial navigation when hydrating

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.