Angular: v19.2.23 Release

common

| Commit | Description | | -- | -- | | | add upper bounds for digitsInfo | | | sanitize placeholder |

compiler

| Commit | Description | | -- | -- | | | normalize tag names with custom namespaces in DomElementSchemaRegistry | | | sanitize dynamic href and xlink:href bindings on SVG a elements | | | strip namespaced SVG script elements during template compilation |

core

| Commit | Description | | -- | -- | | | reject script element as a dynamic component host | | | sanitize meta selectors | | | support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation | | | synchronize core sanitization schema with compiler | | | wrap i18n dynamic element property updates in active index states |

http

| Commit | Description | | -- | -- | | | exclude withCredentials requests from transfer cache | | | skip TransferCache for cookie-bearing requests by default |

platform-server

| Commit | Description | | -- | -- | | | normalize path parsing in ServerPlatformLocation | | | secure location and document initialization against SSRF and path hijack |

service-worker

| Commit | Description | | -- | -- | | | preserve redirect policy on reconstructed asset requests | | | Preserves explicit 'credentials: omit' in asset requests | | | Preserves HTTP cache mode in asset group requests |