Angular core version 10.1.4 represents a minor update to the core Angular framework, building upon the previous stable version 10.1.3. Both versions share the same core dependencies, relying on tslib for TypeScript helper functions and peer dependencies on rxjs for reactive programming and zone.js for managing asynchronous tasks. This ensures a consistent foundation for Angular applications.
The key difference lies in the details of the release. Version 10.1.4, released on September 30, 2020, came about a week after 10.1.3, which was released on September 23, 2020. The updated version includes some changes, which are reflected in a subtle reduction in the number of files within the package within the distribution, from 419 to 418. Also, the unpacked size increased from 17687864 to 17730902 bytes.
For developers upgrading from 10.1.3, the changes are likely to be small bug fixes and performance improvements, justifying the minor version bump. While the core dependencies remain the same, developers should always consult the official Angular changelog for a comprehensive list of changes and potential breaking changes, however minor they may be. Staying up-to-date with the latest minor versions ensures access to the most stable and performant version of the Angular framework. This upgrade should provide incremental improvements, solidifying the existing functionality without requiring significant code modifications for most applications. As always, testing your application after upgrading any dependency is recommended.
All the vulnerabilities related to the version 10.1.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
