Angular developers considering an upgrade from version 2.4.10 to 4.0.0 of @angular/core will find significant improvements and breaking changes shaping the modern Angular experience. Version 4.0.0, released on March 23, 2017, marks a notable step forward from its predecessor, released just days earlier on March 17, 2017.
One key difference lies in the peer dependencies. While both versions rely on RxJS, version 4.0.0 mandates rxjs":"^5.0.1", indicating continued reliance. A more crucial alteration involves zone.js, upgraded from ^0.7.2 in 2.4.10 to ^0.8.4 in the newer release. This zone.js update impacts asynchronous operation handling within Angular applications and developers should verify compatibility within their projects during the upgrade process.
Beyond dependency nuances, Angular 4.0.0 boasted smaller bundles due to Angular Package Format (APF) streamlining. This brought faster load times, along with the introduction of features like ngIf with else blocks and animation package improvements. While the core functionalities described in the package remain similar, focusing on the central framework elements, the performance enhancements and new features in version 4.0.0 offered a compelling upgrade path for Angular developers, improving application responsiveness. Developers should also note that version 4 introduced breaking changes, so testing becomes critical to ensure smooth migration.
All the vulnerabilities related to the version 4.0.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
