Angular core version 10.0.4 is a minor patch release over the previous stable version 10.0.3, both part of the Angular 10 release line. Developers considering an upgrade should note the changes between these two versions. Both versions share identical dependencies, relying on tslib version 2.0.0 for TypeScript helper functions. Their peer dependencies also remain consistent, requiring rxjs version 6.5.3 and zone.js version 0.10.3, indicating compatibility with existing projects using these libraries. The licensing (MIT), repository location, and author ("angular") are also unchanged, highlighting that the core team and project structure remain the same.
The primary differentiating factors lie in the dist object. Version 10.0.4 features a slightly smaller unpackedSize of 17,555,783 bytes compared to 10.0.3's 17,589,050 bytes, and contains 414 files versus the previous version's 415 files. This suggests that version 10.0.4 likely contains some bug fixes, code optimization and removal of redundant files, resulting in a slimmed-down package size. Furthermore, version 10.0.4 was released on July 15, 2020, a week after version 10.0.3's release on July 8, 2020. This short interval signifies the patch fixes were deemed important and should be used by developers who are using the previous release. For developers already using Angular 10, upgrading to 10.0.4 is recommended to benefit from the latest fixes.
All the vulnerabilities related to the version 10.0.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
