Angular core version 10.0.8 represents a patch release in the Angular 10 series, arriving shortly after version 10.0.7. Both versions share the same core dependencies, relying on tslib version 2.0.0 or higher for TypeScript helper functions. They also maintain identical peer dependency requirements, mandating rxjs version 6.5.3 or higher for reactive programming functionality and zone.js version ~0.10.3 for Angular's change detection mechanism. This consistency indicates that the fundamental APIs and core functionality remain largely unchanged between the two versions.
The key differences lie in the release dates, with 10.0.8 being released on August 4, 2020, and 10.0.7 on July 30, 2020. The unpacked size saw only a minor reduction of 26 KB. Given the short timeframe between releases and the identical dependency and peer dependency specifications, version 10.0.8 likely addresses bug fixes and minor improvements identified in 10.0.7 rather than introducing significant new features or breaking changes.
For developers using Angular 10, upgrading from 10.0.7 to 10.0.8 is recommended. While the changes may not be drastic, patch releases often include important stability and performance enhancements. Checking the angular changelog to discover the exact fixes provided by the new version is suggested. Since there are no changes, as mentioned above, on dependencies or peer dependecies the upgrade should be pretty straightforward.
All the vulnerabilities related to the version 10.0.8 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
