Angular core version 10.2.4 represents a subtle but important update over its predecessor, 10.2.3, within the Angular framework. Both versions share the same core dependencies, relying on tslib for TypeScript helper functions and listing rxjs and zone.js as peer dependencies, indicating compatibility requirements with specific versions of these reactive programming and asynchronous execution libraries respectively. This ensures a consistent foundation for building robust Angular applications.
The key difference lies in the details of the distributed package. Version 10.2.4 incorporates a slightly larger number of files (419 vs 418) and a modestly increased unpacked size (17762662 bytes vs 17745697 bytes) compared to 10.2.3. While seemingly minor, these changes suggest internal adjustments, bug fixes, or performance improvements that contribute to a more refined development experience. Developers should be aware that upgrading to 10.2.4 could resolve any latent issues present in 10.2.3. The release date also highlights a significant gap between the two versions, from November 9th to December 17th. So developers should consider investigating the changelog for a detailed understanding of the specific alterations between the versions. The MIT license ensures developers of its open-source availability and permissibility for a wide range of project types.
All the vulnerabilities related to the version 10.2.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
