fix(security): update Angular packages to address CVEs

Browse source

- CVE-2025-66035: XSRF token leakage via protocol-relative URLs
- CVE-2025-66412: Stored XSS via SVG animation and MathML attributes
- CVE-2025-66414: DNS rebinding in @modelcontextprotocol/sdk

Updated @angular/* packages to 20.3.15 and @angular/cli to 20.3.13.

...

This commit is contained in:

Johannes Millan 2025-12-23 14:10:16 +01:00

parent c4023b4f45

commit efb164c1fe

2 changed files with 531 additions and 1008 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

1511

package-lock.json generated

View file

File diff suppressed because it is too large Load diff