Angular core version 10.1.6 is a minor release update to the core framework building upon version 10.1.5. Both versions share the same core dependencies, relying on tslib for TypeScript helper functions compatible with version 2.0.0 and above. They also specify the same peer dependencies: rxjs version 6.5.3 or higher for reactive programming capabilities, and zone.js version ~0.10.3 for managing asynchronous operations. This means developers can expect consistent API compatibility regarding these external libraries when upgrading between these versions.
The distributions are also very similar. Both versions weigh in at 418 files with an unpacked size of approximately 17.7MB.
The key difference lies in the release date. Version 10.1.6 was published on October 14, 2020, a week after version 10.1.5, which was released on October 7, 2020. While seemingly minor releases, these patch versions typically contain bug fixes, performance improvements, and potentially minor feature enhancements. For developers using Angular, upgrading from 10.1.5 to 10.1.6 is generally recommended assuming that tests pass and that there are no other issues after the upgrade. Given the short timeframe between releases, this update likely addresses critical issues discovered shortly after the 10.1.5 release, offering a more stable and reliable development environment. Developers should consult the official Angular changelog for a complete breakdown of specific fixes and enhancements included in version 10.1.6.
All the vulnerabilities related to the version 10.1.6 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
