Bump @angular/ssr from 20.0.0 to 20.3.21 in /starters/angular/ecommerce

[dependabot]

Bumps @angular/ssr from 20.0.0 to 20.3.21.

Release notes

Sourced from @​angular/ssr's releases.

20.3.21

@​angular/ssr

Commit	Description
	disallow x-forwarded-prefix starting with a backslash
	ensure unique values in redirect response Vary header
	support custom headers in redirect responses

20.3.20

@​angular/build

Commit	Description
	pass process environment variables to prerender workers

20.3.19

@​angular-devkit/build-angular

Commit	Description
	update copy-webpack-plugin to v14.0.0

20.3.18

@​angular-devkit/core

Commit	Description
	update ajv to 8.18.0

@​angular/build

Commit	Description
	update rollup to 4.59.0

20.3.17

@​angular/ssr

Commit	Description
	prevent open redirect via X-Forwarded-Prefix header
	validate host headers to prevent header-based SSRF

20.3.16

@​angular/cli

Commit	Description
	update dependency @​modelcontextprotocol/sdk to v1.26.0

20.3.15

@​angular/cli

Commit	Description
	update pacote to v21.0.4

@​angular-devkit/build-angular

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/ssr's changelog.

20.3.21 (2026-03-19)

@​angular/ssr

Commit	Type	Description
1dc6992a5	fix	disallow x-forwarded-prefix starting with a backslash
0a2ff0b2b	fix	ensure unique values in redirect response Vary header
cdbac82a8	fix	support custom headers in redirect responses

22.0.0-next.2 (2026-03-18)

@​angular/cli

Commit	Type	Description
c9f07db8f	fix	use parsed package name for migrate-only updates

@​schematics/angular

Commit	Type	Description
6572a6944	fix	default components to OnPush change detection

@​angular/build

Commit	Type	Description
9b33e1781	fix	alias createRequire banner import to avoid duplicate binding
4643a8a3b	fix	only use external packages for polyfills when no local files are present

@​angular/ssr

Commit	Type	Description
4d564f66f	fix	disallow x-forwarded-prefix starting with a backslash
ff1160e30	fix	ensure unique values in redirect response Vary header
998b8298e	fix	support custom headers in redirect responses

21.2.3 (2026-03-18)

@​angular/cli

... (truncated)

Commits

• 34d5245 release: cut the v20.3.21 release
• 0a2ff0b fix(@​angular/ssr): ensure unique values in redirect response Vary header
• cdbac82 fix(@​angular/ssr): support custom headers in redirect responses
• 1dc6992 fix(@​angular/ssr): disallow x-forwarded-prefix starting with a backslash
• 1e7d877 release: cut the v20.3.20 release
• 0fd6823 fix(@​angular/build): pass process environment variables to prerender workers
• 93a6f36 release: cut the v20.3.19 release
• 0299b4d fix(@​angular-devkit/build-angular): update copy-webpack-plugin to v14.0.0
• 05b3511 release: cut the v20.3.18 release
• 39596d5 fix(@​angular-devkit/core): update ajv to 8.18.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.