Angular core version 2.4.0 represents a notable update from the previous stable release, version 2.3.1, bringing key dependency adjustments for developers. Primarily, this update concerns the peer dependencies, specifically the required version of RxJS. Version 2.4.0 bumps the peer dependency for RxJS to "^5.0.1", whereas version 2.3.1 relied on "5.0.0-rc.4". This indicates that developers upgrading to Angular core 2.4.0 need to ensure their projects are using RxJS version 5.0.1 or a compatible later version within the 5.x range. This seemingly small version change is significant because RxJS is a fundamental library for reactive programming in Angular applications, handling asynchronous operations, and data streams.
The difference in RxJS version likely incorporates bug fixes, performance improvements, and potentially new features introduced between RxJS 5.0.0-rc.4 and 5.0.1. Developers should consult the official RxJS changelog to understand the precise nature of these improvements and any necessary code adjustments that might arise from the update. Aside from the RxJS update, the core description, license, repository information, author, tarball location, and zone.js peer dependency remain consistent between the two Angular core versions. Consider this upgrade if you want to keep your Angular project up-to-date with the latest compatible libraries and benefit from the improvements within the new RxJS version.
All the vulnerabilities related to the version 2.4.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
