Angular core version 5.0.4 emerges as a minor update following closely on the heels of version 5.0.3. Both versions share the same core dependencies, relying on tslib version 1.7.1 for TypeScript helper functions. They also maintain identical peer dependencies, requiring rxjs version 5.5.0 or higher for reactive programming capabilities and zone.js version 0.8.4 or higher for managing asynchronous operations within the Angular framework.
The license remains consistent as MIT, ensuring developers have broad freedom in using and distributing the library. Both packages originate from the official Angular repository on GitHub. From a developer's perspective, because the dependencies and peer dependencies haven't changed, upgrading from 5.0.3 to 5.0.4 should be a relatively seamless process. The key difference lies in the release date, with 5.0.4 published on December 1, 2017, subsequent to the November 22, 2017 release of 5.0.3. This suggests that version 5.0.4 likely includes bug fixes, performance improvements, or minor refinements implemented after the initial 5.0.3 release. Developers should check the Angular change log for details on what those fixes and improvements are. Always test thoroughly after updating any dependency, but this angular core update is expected to be relatively straightforward, considering the unchanged dependency landscape.
All the vulnerabilities related to the version 5.0.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
