Angular core version 4.1.3 represents a minor update to the Angular framework, building upon the foundation laid by version 4.1.2. Both versions share the same core description as "Angular - the core framework", indicating a maintenance release rather than a major overhaul. They maintain identical peer dependencies, requiring rxjs version ^5.0.1 and zone.js version ^0.8.4, ensuring compatibility with existing projects utilizing these libraries. The licensing remains consistent under the MIT license, and both versions are hosted within the Angular GitHub repository.
The primary difference lies in their release dates. Version 4.1.3 was published on May 17, 2017, while version 4.1.2 was released a week earlier on May 10, 2017. This suggests that version 4.1.3 likely includes bug fixes, performance improvements, or minor feature enhancements implemented since the previous release. For developers, upgrading from 4.1.2 to 4.1.3 is recommended to benefit from these improvements and ensure stability. This type of patch prevents developers from having to implement workarounds for any uncovered issues in the previous version. While the changelog for this specific version might contain the individual fixes, it's a general practice to keep the core dependencies updated.
All the vulnerabilities related to the version 4.1.3 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
