chore(deps): bump @angular/core from 17.3.12 to 20.3.25#4678
chore(deps): bump @angular/core from 17.3.12 to 20.3.25#4678dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 17.3.12 to 20.3.25. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/core) --- updated-dependencies: - dependency-name: "@angular/core" dependency-version: 20.3.25 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
| Command | Status | Duration | Result |
|---|---|---|---|
nx test @e2e/angular-19-ssr |
❌ Failed | 2m 23s | View ↗ |
nx test @snippet/angular-17 |
❌ Failed | 2m 16s | View ↗ |
nx test @e2e/angular-17-ssr |
❌ Failed | 2m 14s | View ↗ |
nx test @e2e/angular-17 |
❌ Failed | 2m 13s | View ↗ |
nx test @snippet/angular-17-ssr |
❌ Failed | 2m 5s | View ↗ |
nx test @e2e/nextjs-sdk-next-app |
✅ Succeeded | 9m 5s | View ↗ |
nx test @e2e/qwik-city |
✅ Succeeded | 9m 3s | View ↗ |
nx test @e2e/nuxt |
✅ Succeeded | 7m 33s | View ↗ |
Additional runs (38) |
✅ Succeeded | ... | View ↗ |
💡 Dealing with memory or CPU issues? See memory and CPU details with the resource usage add-on ↗.
☁️ Nx Cloud last updated this comment at 2026-06-15 15:38:54 UTC
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit b8e291d. Configure here.
| "@angular/common": "^17.3.0", | ||
| "@angular/compiler": "^17.3.0", | ||
| "@angular/core": "^17.3.0", | ||
| "@angular/core": "^20.3.25", |
There was a problem hiding this comment.
Mismatched Angular framework versions
High Severity
This change sets @angular/core to ^20.3.25 while the other @angular/* packages, @angular/ssr, and Angular CLI dev tooling remain on ^17.3.x. Angular expects matching framework versions; the lockfile still resolves @angular/common, @angular/forms, and related 17.3.12 packages with peer requirements on @angular/core 17.3.12, not 20.x.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit b8e291d. Configure here.
Bumps @angular/core from 17.3.12 to 20.3.25.
Release notes
Sourced from @angular/core's releases.
... (truncated)
Changelog
Sourced from @angular/core's changelog.
... (truncated)
Commits
ca48b47fix(core): validate lowercase SVG animation attribute names (#69270)1a62130fix(common): use cryptographically secure SHA-256 for transfer cache key gene...49368c1fix(platform-server): harden platform location origin validation during SSR566ad05fix(common): skip transfer cache for uncacheable HTTP traffic768a349fix(core): harden TransferState restoration against DOM clobbering7ae6381test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...6595409test(core): update golden symbols and host bindings sanitization spec (#68926)d86e4e7fix(core): reject script element as a dynamic component host (#68926)b8f1f72test(core): remove obsolete blockquote cite host binding tests (#68926)36200bdtest(core): update spec files to match 20.3.x limits and actual contexts (#68...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
High Risk
Jumping core three major versions while sibling Angular packages stay on 17.x can break installs, builds, and e2e tests; core 20.x also brings security-hardening behavior changes in SSR/TransferState that may surface in SSR fixtures.
Overview
Bumps
@angular/corefrom^17.3.0(17.3.12) to^20.3.25in the Angular SDK dev/e2e/snippet workspaces and refreshesyarn.lock(adds the 20.3.25 resolution, drops the^17.3.0core entry).@angular/common,@angular/compiler, CLI, and the rest of the Angular 17 stack are unchanged, so these apps now mix core v20 with v17 framework packages. Published@builder.io/sdk-angularpeer range (>=17.3.0) is not updated in this diff.Reviewed by Cursor Bugbot for commit b8e291d. Bugbot is set up for automated code reviews on this repo. Configure here.