Angular core version 5.0.0 represents a significant upgrade from the 4.4.7 release, marking a pivotal moment for Angular developers. Both versions share a foundation, described as "Angular - the core framework," built with dependencies like tslib, ensuring compatibility with TypeScript utilities. They are released under the MIT license and maintain the same repository.
However, the key differences for developers migrating or choosing between these versions lie in their peer dependencies. Version 5.0.0 mandates rxjs version ^5.5.0, a notable jump from the ^5.0.1 requirement of version 4.4.7, but it still keeps the same version of zone.js. This change in RxJS compatibility potentially introduces breaking changes related to observable handling and reactive programming paradigms, demanding developers to update their RxJS code. Therefore, upgrading to Angular 5.0.0 could provide superior performance and feature enhancements provided by newer RxJS versions, but it also necessitates carefully adapting existing code.
Importantly, the release dates highlight the age disparity: version 5.0.0 was released in November 2017, whereas 4.4.7 has a release date of April 2018. While the former suggests an older codebase, the latter signals a more mature and potentially more stable version. In practice, selecting depends heavily upon project requirements and existing dependencies.
All the vulnerabilities related to the version 5.0.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
