Angular core version 5.0.5 represents a minor update over its predecessor, version 5.0.4. Both versions share the same fundamental characteristics: they're core components of the Angular framework, built under the MIT license, and maintained by the Angular team. Developers can rely on both packages for fundamental functionalities. Dependencies remain consistent between the two versions, with both relying on tslib (version ^1.7.1) for TypeScript helper functions, ensuring compatibility with TypeScript-based Angular projects. Peer dependencies on rxjs (^5.5.0) and zone.js (^0.8.4) are also unchanged.
The core difference lies in timing and potential bug fixes or minor enhancements implemented in the newer version. Version 5.0.5 was released on December 1st, 2017, at 22:53:00 UTC, whereas version 5.0.4 came out earlier the same day at 05:31:06 UTC. Developers should prioritize version 5.0.5 when starting new projects as it will include the latest fixes. For individuals already using version 5.0.4, examining the Angular changelog or release notes will provide granular detail on the specific modifications made, enabling developers to make informed decisions about upgrading, evaluating if fixes implemented affect them directly. The update is expected to be a seamless transition.
All the vulnerabilities related to the version 5.0.5 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
