Angular core version 4.4.3 represents a minor update over its predecessor, version 4.4.2. Both versions share the same core framework description, maintain dependencies on tslib (version ^1.7.1), and have peer dependencies on specific versions of rxjs (^5.0.1) and zone.js (^0.8.4). This indicates a focus on maintaining compatibility with existing ecosystems and minimal disruption for developers already working with Angular. Both versions are released under the MIT license, ensuring broad usability, and share the same source code repository on GitHub.
The most notable difference lies in the release date, with version 4.4.3 being published on September 19, 2017, a day later than version 4.4.2. This suggests that version 4.4.3 likely incorporates bug fixes, minor performance improvements, or other small enhancements discovered after the release of 4.4.2. Developers using Angular should consider upgrading to the newer 4.4.3 version to benefit from these improvements and ensure they are working with the most stable and up-to-date version within the 4.4.x series.
Given the similarities, the upgrade process should be relatively straightforward for most developers, with minimal risk of breaking changes. As always, it's advisable to thoroughly test applications after upgrading to confirm compatibility and ensure the improvements address any previously encountered issues. The dist property provides the tarball URL for easy download and installation via npm, streamlining the upgrade process.
All the vulnerabilities related to the version 4.4.3 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
