Angular core version 6.0.2 represents a minor update over its predecessor, 6.0.1, focusing on refinements and potential bug fixes within the Angular framework. Both versions, described as "Angular - the core framework," share identical core dependencies, relying on tslib version ^1.9.0 for TypeScript helper functions. They also maintain the same peer dependencies: rxjs version ^6.0.0, crucial for reactive programming, and zone.js version ~0.8.26, vital for Angular's change detection mechanism. This indicates that the API compatibility related to these dependencies remains unchanged between the two versions.
Both packages share the same licensing under MIT and the same author: angular team. The main difference appears to be in the release date and potentially some minor internal changes reflecting the package's unpacked size, that is almost identical in both packages.
Version 6.0.2 was released on May 15, 2018, while 6.0.1 saw its release on May 11, 2018. The updated version has a slightly reduce unpacked size, potentially to a few bug fixes or performance enhancements, and a later release date suggests a refinement over the previous one. For developers, upgrading from 6.0.1 to 6.0.2 should be a smooth process, given the shared dependencies and similar characteristics, potentially bringing minor improvements and fixes.
All the vulnerabilities related to the version 6.0.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
