Update angular monorepo

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@angular/animations (source)	19.2.20 → 19.2.25
@angular/common (source)	19.2.20 → 19.2.25
@angular/compiler (source)	19.2.20 → 19.2.25
@angular/compiler-cli (source)	19.2.20 → 19.2.25
@angular/core (source)	19.2.20 → 19.2.25
@angular/forms (source)	19.2.20 → 19.2.25
@angular/language-service (source)	19.2.20 → 19.2.25
@angular/platform-browser (source)	19.2.20 → 19.2.25
@angular/platform-browser-dynamic (source)	19.2.20 → 19.2.25
@angular/router (source)	19.2.20 → 19.2.25
zone.js (source, changelog)	^0.15.0 → ^0.16.0

---

Release Notes

angular/angular (@​angular/animations)

v19.2.25

Compare Source

platform-server

Commit	Type	Description
e2fb854d55	fix	throw on suspicious URLs and restrict protocol-relative URLs
0a8befb493	fix	update domino to latest version

v19.2.24

Compare Source

compiler

Commit	Type	Description
6ea6379123	fix	prevent namespaced SVG <style> elements from being stripped

v19.2.23

Compare Source

common

Commit	Type	Description
62dd27d6af	fix	add upper bounds for digitsInfo
17326725ba	fix	sanitize placeholder

compiler

Commit	Type	Description
932e0728db	fix	normalize tag names with custom namespaces in DomElementSchemaRegistry
2e3d0371ab	fix	sanitize dynamic href and xlink:href bindings on SVG a elements
fe1207e8c5	fix	strip namespaced SVG script elements during template compilation

core

Commit	Type	Description
c6bb0692e2	fix	reject script element as a dynamic component host
3960b21558	fix	sanitize meta selectors
3632fa4b69	fix	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation
620230dac4	fix	synchronize core sanitization schema with compiler
d31f84116c	fix	wrap i18n dynamic element property updates in active index states

http

Commit	Type	Description
9940ffd781	fix	exclude withCredentials requests from transfer cache
0f67f0b962	fix	skip TransferCache for cookie-bearing requests by default

platform-server

Commit	Type	Description
d187e8aeda	fix	normalize path parsing in ServerPlatformLocation
c75f60ef8a	fix	secure location and document initialization against SSRF and path hijack

service-worker

Commit	Type	Description
37ee9ffd9e	fix	preserve redirect policy on reconstructed asset requests
97f796203f	fix	Preserves explicit 'credentials: omit' in asset requests
5619120931	fix	Preserves HTTP cache mode in asset group requests

v19.2.22

Compare Source

core

Commit	Type	Description
83a640516f	fix	disallow event attribute bindings in host bindings unconditionally (#​68469)
24a0103a98	fix	validate security-sensitive attributes in i18n bindings (#​68469)

platform-server

Commit	Type	Description
8569db8875	fix	add allowedHosts option to renderModule and renderApplication
837a710217	fix	ensure origin has a trailing slash when parsing url (#​68469)

v19.2.21

Compare Source

platform-server

Commit	Type	Description
f3a5bfb949	fix	prevent SSRF bypasses via protocol-relative and backslash URLs

angular/angular (zone.js)

v0.16.2

Compare Source

• feat(zone.js): support vitest patching in zone.js/testing (#​68395) (62c6e3b), closes #​68395 #​68395
• fix(zone.js): allow draining microtasks in Promise.then (through flag) (fc6a7ee), closes angular#45273 angular#44446 angular#55590 angular#51328

v0.16.1

Compare Source

v0.16.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for lucky-concha-f3599f canceled.

Name	Link
🔨 Latest commit	9b6fab4
🔍 Latest deploy log	https://app.netlify.com/projects/lucky-concha-f3599f/deploys/6a258bfe69c6ab0008bcad5e

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: templates/web-front-end/angular/package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: @finos/web-front-end@0.0.0
npm error Found: zone.js@0.16.2
npm error node_modules/zone.js
npm error   zone.js@"^0.16.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer zone.js@"~0.15.0" from @angular/core@19.2.25
npm error node_modules/@angular/core
npm error   @angular/core@"^19.2.20" from the root project
npm error   peer @angular/core@"19.2.25" from @angular/animations@19.2.25
npm error   node_modules/@angular/animations
npm error     @angular/animations@"^19.2.20" from the root project
npm error   1 more (@angular/common)
npm error
npm error Fix the upstream dependency conflict, or retry this command with --force or --legacy-peer-deps to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-06-11T17_59_52_040Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-06-11T17_59_52_040Z-debug-0.log