Angular developers considering upgrading from version 10.2.2 to 10.2.3 of @angular/core will find a relatively incremental update, focused on refinements and bug fixes rather than groundbreaking new features. Both versions share the same fundamental dependencies, including tslib (version ^2.0.0), rxjs (version ^6.5.3) and zone.js (version ~0.10.3). This suggests that the core architecture and reliance on these libraries remain consistent.
The key differentiator lies in the "dist" section. Here, version 10.2.3 reveals a slightly larger unpacked size of 17,745,697 bytes compared to 17,745,635 bytes in the previous iteration. The file count remains constant at 418, implying the size difference arises from alterations within existing files, rather than the addition of new ones. The release date also highlights a timing difference with version 10.2.3 released on November 9, 2020, while version 10.2.2 was released on November 4, 2020.
This subtle size increase, bundled with the version bump suggests internal improvements, possibly bug fixes, performance enhancements, or minor adjustments to existing functionalities. The specific nature of these changes requires delving into the Angular changelog for detailed information. For developers prioritizing stability and incremental improvements, upgrading to 10.2.3 is recommended, as it likely incorporates fixes and optimizations without introducing major breaking changes. Always verify the changelog for any potential impact on your specific application.
All the vulnerabilities related to the version 10.2.3 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
