Angular core version 10.2.2 is a minor update to the core framework, succeeding version 10.2.1. Both versions share the same fundamental dependencies, including tslib for TypeScript helper functions, and peer dependencies rxjs for reactive programming and zone.js for change detection. This indicates a consistent core architecture. The license remains MIT, allowing for broad usage. The source code repository continues to be hosted on GitHub under the Angular project, specifically within the packages/core directory.
A key difference lies in the dist object. While both versions contain 418 files, version 10.2.2 has a slightly larger unpacked size of 17,745,635 bytes compared to 17,738,407 bytes in version 10.2.1. This suggests that bug fixes, performance improvements, or minor feature additions have been introduced, contributing to the increased size. The releaseDate also highlights a timing difference; version 10.2.2 was released on November 4, 2020, subsequent to version 10.2.1 released the prior week.
Given the minor version increment, developers upgrading from 10.2.1 to 10.2.2 should anticipate a smooth transition. Thorough testing is recommended to ensure compatibility with existing applications, especially as the unpacked size and release date point to changes likely containing important bug fixes and improvements. Developers using Angular should consider upgrading to benefit from the potential refinements included in version 10.2.2.
All the vulnerabilities related to the version 10.2.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
