Angular developers have two closely related versions of @angular/core to choose from: 10.1.4 and 10.1.5. Both versions share the same core framework description, dependencies on tslib version 2.0.0 or higher, and peer dependencies on rxjs (version 6.5.3 or higher) and zone.js (version approximately 0.10.3). They are also both licensed under the MIT license and are maintained within the Angular GitHub repository under the "packages/core" directory. The author remains as "angular" for both versions. Both share the same file count (418) and unpacked size of 17730902 bytes.
The key distinction lies in the release date and, implicitly, the bug fixes, performance improvements, or minor feature adjustments incorporated between these dates. Version 10.1.4 was released on September 30, 2020, while version 10.1.5 followed shortly after on October 7, 2020. While the provided data doesn't specify the exact changes, the quick succession suggests that version 10.1.5 likely addresses issues discovered or improvements made shortly after the 10.1.4 release. Developers should generally opt for the latest stable version (10.1.5 in this case) to benefit from the most up-to-date fixes and enhancements within the Angular core framework. Checking the Angular changelog or release notes for versions 10.1.5 would be valuable to see a more complete version history.
All the vulnerabilities related to the version 10.1.5 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
