Angular core version 10.0.12 is a minor release succeeding version 10.0.11 in the widely used Angular framework. Both versions share the same core description as "Angular - the core framework" and maintain identical dependency specifications, relying on tslib version ^2.0.0 and peer dependencies including rxjs version ^6.5.3 and zone.js version ~0.10.3. The licensing remains consistent under the MIT license. The package repository also stays the same, pointing to the Angular GitHub repository.
A notable difference lies in the unpacked size of the distribution. Version 10.0.12 weighs in at 17,678,908 bytes compared to 17,677,955 bytes for version 10.0.11. This increase, although small, indicates potential additions or modifications to the core code. This difference could be due to bug fixes, performance improvements, or minor feature enhancements implemented in the newer version. The release date also separates the two versions, with 10.0.12 being published on August 24, 2020, after version 10.0.11 released on August 19, 2020. Developers should consider upgrading to version 10.0.12 to benefit from these potentially included bug fixes and improvements, even though the changes might not be substantial. Verify carefully if upgrading does not introduce unexpected breaking changes.
All the vulnerabilities related to the version 10.0.12 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
