Angular's core framework saw a minor version bump from 10.2.0 to 10.2.1, representing a small incremental update. Both versions share the same core dependencies, relying on tslib for TypeScript helper functions and peer dependencies like rxjs and zone.js for reactive programming and asynchronous task management respectively. Developers upgrading should note that the peer dependencies remain consistent, ensuring compatibility with existing projects using those versions. The license remains MIT, indicating that the library can be used in open source and commercial projects.
The primary difference lies in the increment to the patch version. This usually signifies bug fixes and small improvements rather than new features or breaking changes. Examining the dist object reveals the unpackedSize differs slightly; version 10.2.1 is fractionally larger, suggesting internal adjustments or updated assets. The release date also highlights the time difference, with version 10.2.1 deployed a week later than version 10.2.0. Developers generally benefit from upgrading to patch releases like these due to the included bug fixes and performance improvements, which can often enhance application stability and responsiveness without requiring significant code modifications. Developers should refer to the official Angular changelog for specific details on the exact bugs that were fixed or minor enhancements included in the 10.2.1 release.
All the vulnerabilities related to the version 10.2.1 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
