Angular developers should take note of the subtle yet present differences between @angular/core versions 10.0.9 and 10.0.10. Both versions, foundational for Angular applications, share the same core description, dependencies on tslib (version ^2.0.0), and peer dependencies on rxjs (version ^6.5.3) and zone.js (~0.10.3). They are also both licensed under MIT and maintained in the packages/core directory of the angular/angular Git repository. From the information, both versions are the same in terms of dependencies.
The key difference lies in the dist details and releaseDate. Version 10.0.10, released on August 17, 2020, has a slightly larger unpacked size of 17677955 bytes compared to version 10.0.9's 17667174 bytes, released on August 12, 2020. Both have the same fileCount. This indicates that version 10.0.10 incorporates some internal modifications or bug fixes that warrant the increased size.
While the data doesn't provide explicit details on what those modifications or bug fixes are, developers should consider upgrading to 10.0.10 to benefit from the latest improvements and potential security patches. Since a minor update, this update should retain backwards compatibility and be a seamless update. Check the official Angular changelog, or release notes to grasp the specific changes introduced in 10.0.10 and assess their relevance to their projects.
All the vulnerabilities related to the version 10.0.10 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
