Angular core version 10.1.2 is a minor release, succeeding version 10.1.1 in the Angular framework's core package. Both versions share the same core dependencies, relying on tslib version 2.0.0 or higher for TypeScript helper functions. They also maintain identical peer dependencies on rxjs (version 6.5.3 or later) and zone.js (version approximately 0.10.3), essential libraries for reactive programming and asynchronous task management in Angular applications. The license remains MIT, and the source code resides in the same GitHub repository under the packages/core directory.
Developers upgrading from 10.1.1 to 10.1.2 might notice a slight reduction in the unpacked size of the package, going from 17687367 bytes to 17687207 bytes. While the file count remains consistent at 419, this could indicate minor optimisations or bug fixes implemented in the newer version. The release dates clearly separate the two releases, with version 10.1.2 being published on September 16, 2020, a week later than version 10.1.1 released on September 9, 2020. Because this is a minor release, developers can expect backwards compatibility, meaning that most projects should be able to upgrade without breaking changes. Before updating, consulting the Angular changelog or release notes is recommended to understand the specific changes and potential impact on existing applications. Ensure rxjs and zone.js are within the defined peer dependency ranges for seamless integration.
All the vulnerabilities related to the version 10.1.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
