Angular developers considering an upgrade from version 11.0.0 to 11.0.1 of @angular/core will find a relatively minor update primarily focused on bug fixes and small improvements. Both versions share the same core dependencies, relying on tslib version 2.0.0 or higher, and list rxjs version 6.5.3 and zone.js version 0.10.3 as peer dependencies, indicating essential runtime requirements. The licensing remains consistent under the MIT license, and both point to the same Angular repository on GitHub.
The key differentiators lie in the dist section, specifically the fileCount and unpackedSize. Version 11.0.1 boasts 472 files within its distributed package, a slight increase from 11.0.0's 466 files. Conversely, the unpackedSize decreases marginally, from 18,306,596 bytes in 11.0.0 to 18,293,606 bytes in 11.0.1. This suggests the inclusion of some new or adjusted files in the newer version, potentially related to bug fixes or minor feature enhancements, without significantly increasing the overall package size. The release date also indicates a week difference, with version 11.0.1 being released a week later the 11.0.0. For developers, upgrading to 11.0.1 is generally recommended to benefit from these minor improvements and bug fixes, ensuring a more stable and refined development experience within the Angular ecosystem.
All the vulnerabilities related to the version 11.0.1 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
