Angular developers will find the upgrade from @angular/core version 4.4.6 to 4.4.7 a relatively minor bump, yet one that incorporates valuable improvements. Both versions share the same fundamental dependencies, relying on tslib for TypeScript helper functions and requiring peer dependencies like rxjs and zone.js for reactive programming and asynchronous task management. The core framework description remains consistent, emphasizing Angular's foundational role in building dynamic web applications.
The key difference lies in the release date and presumably, the bug fixes and minor enhancements incorporated in the newer version, 4.4.7. Released in April 2018, it follows the October 2017 release of its predecessor. While the specific changes aren't explicitly detailed, developers benefit from stability improvements and potential performance optimizations that generally accompany patch releases. The dist object in the metadata for 4.4.7 also provides detailed metrics like fileCount (135) and unpackedSize (5398397), not present in the 4.4.6 data, offering insights into the package's contents and potential footprint. By upgrading, developers ensure they're working with the most recent iteration of the 4.4.x series, benefiting from bug fixes and enhancements that contribute to a more stable and performant application. Always consult the official Angular changelog for a comprehensive list of changes.
All the vulnerabilities related to the version 4.4.7 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
