Releases · angular/angular

compiler

Commit	Description
	allow safe navigation to correctly narrow down nullables
	Angular expressions with optional chaining returns `undefined`
	Support comments in html element.
	abstract emitter producing incorrect code for dynamic imports
	Don't bind inputs/outputs for `data-` attributes
	don't escape dollar sign in literal expression
	enforce parentheses containing arguments for :host-context
	invalid type checking code if field name needs to be quoted
	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68868)
	preserve leading commas in animation definitions
	remove dedicated support for legacy shadow DOM selectors
	remove deprecated shadow CSS encapsulation polyfills
	sanitize dynamic href and xlink:href bindings on SVG a elements (#68868)
	simplify handling of colon host with a selector list
	stop generating unused field
	throw on duplicate input/outputs
	throw on invalid in expressions
	type check invalid for loops

compiler-cli

Commit	Description
	add support for Node.js 26.0.0
	Adds warning for prefetch without main defer trigger
	support external TCBs with copied content in specific mode
	animation events not type checked properly when bound through HostListener decorator
	resolve TCB mapping failure for safe property reads with as any
	transform dropping exclamationToken from properties
	introduce NG8023 compile-time diagnostic for duplicate selectors

core

Commit	Description
	add `IdleRequestOptions` support to `IdleService`
	add `provideWebMcpTools`
	Add a `injectAsync` helper function
	Add a schematics to migrate `provideHttpClient` to keep using the `HttpXhrBackend` implementation.
	add ability to cache resources for SSR
	Add migration to add `ChangeDetectionStrategy.Eager` where applicable
	add special return statuses for resource params
	add TestBed.getFixture
	allow debouncing signals
	Allow other expression for exhaustive typechecking
	allow synchronous values for stream Resources
	bootstrap via `ApplicationRef` with config
	de-duplicate host directives
	drop support for TypeScript 5.9
	enhance profiling with documentation URLs
	export experimental `declareWebMcpTool` support
	implement Angular DI graph in-page AI tool
	introduce `@Service` decorator
	re-introduce nested leave animations scoped to component boundaries
	register AI runtime debugging tools
	Set default Component changeDetection strategy ...

common

Commit	Description
	only strip a literal /index.html suffix from URLs

compiler

Commit	Description
	move projection attributes into constants

core

Commit	Description
	harden inherit definition feature against polluted prototypes
	use Object.create(null) for LOCALE_DATA as a hardening measure

platform-server

Commit	Description
	throw on suspicious URLs and restrict protocol-relative URLs
	update domino to latest version

Breaking Changes

The extension now bundles TypeScript version 6.0, which itself includes breaking
changes, including new defaults such as strict being true. You will need to explicitly set
"strict": false in your tsconfig.json. Alternatively, the extension supports configuring the tsdk in the same way as the built in TS/JS extension.

Fixes and features

fix(language-service): Add support for @Input with transforms (dc9c72da9b)
feat(language-service): add Document Symbols support for Angular templates (cfd0f9950c)
feat(language-service): add angular template inlay hints support (5a6d88626b)
feat(language-service): Add support for idle timeout in defer blocks (c6f98c723c)

platform-server

Commit	Description
	throw on suspicious URLs and restrict protocol-relative URLs
	update domino to latest version

platform-server

Commit	Description
	throw on suspicious URLs and restrict protocol-relative URLs
	update domino to latest version

common

Commit	Description
	only strip a literal /index.html suffix from URLs

compiler

Commit	Description
	move projection attributes into constants

core

Commit	Description
	use Object.create(null) for LOCALE_DATA as a hardening measure

migrations

Commit	Description
	Make the safe optional chaining idempotent

platform-server

Commit	Description
	throw on suspicious URLs and restrict protocol-relative URLs

common

Commit	Description
	add upper bounds for digitsInfo
	sanitize placeholder

compiler

Commit	Description
	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68868)
	prevent namespaced SVG <style> elements from being stripped
	sanitize dynamic href and xlink:href bindings on SVG a elements (#68868)

core

Commit	Description
	do not register dom triggers when defer blocks are in manual mode
	normalize tag names in runtime i18n attribute security context lookup (#68868)
	prevent rxResource from leaking a subscription
	sanitize meta selectors

forms

Commit	Description
	avoid redundant invalidations in parser errors signal

http

Commit	Description
	exclude withCredentials requests from transfer cache
	Introduce a max buffer size for fetch requests on SSR
	prevent `httpResource` from leaking a subscription
	skip TransferCache for cookie-bearing requests by default

platform-server

Commit	Description
	prevent SSRF bypasses via backslash URLs in HttpClient
	secure location and document initialization against SSRF and path hijack

service-worker

Commit	Description
	Preserves explicit 'credentials: omit' in asset requests
	Preserves HTTP cache mode in asset group requests

common

Commit	Description
	add upper bounds for digitsInfo
	sanitize placeholder

compiler

Commit	Description
	normalize tag names with custom namespaces in DomElementSchemaRegistry (#68925)
	prevent namespaced SVG <style> elements from being stripped
	sanitize dynamic href and xlink:href bindings on SVG a elements (#68925)
	strip namespaced SVG script elements during template compilation (#68925)

core

Commit	Description
	normalize tag names in runtime i18n attribute security context lookup (#68925)
	sanitize meta selectors
	support prefix-insensitive DOM schema lookups and compile-time i18n attribute validation (#68925)
	synchronize core sanitization schema with compiler (#68925)