Angular developers considering an upgrade from version 5.0.1 to 5.0.2 of the core framework should note subtle differences that, while seemingly minor in versioning, still warrant attention. Both versions share identical core dependencies, relying on tslib version ^1.7.1 for TypeScript helper functions. Critically, their reliance on peer dependencies rxjs (^5.5.0) and zone.js (^0.8.4) remains consistent, ensuring compatibility with these essential reactive programming and asynchronous execution libraries within the Angular ecosystem. The MIT license continues to govern usage, and the central code repository remains the official Angular GitHub repository, confirming the project's commitment to open-source principles and community collaboration.
However, the key difference lies in the release date. Version 5.0.2 was published on November 16, 2017, while 5.0.1 was released on November 8, 2017, indicating approximately an 8-day gap. This suggests that 5.0.2 mainly contains bug fixes, performance enhancements, or very minor feature adjustments implemented following the 5.0.1 release. Therefore, developers using Angular 5.0.1 should upgrade to 5.0.2 to benefit from any potential stability improvements and corrections addressed during that short period. While the changelog should be consulted for specifics, the quick turnaround suggests a focused effort to refine the existing codebase and address immediate issues discovered post-release of 5.0.1.
All the vulnerabilities related to the version 5.0.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
