Angular developers considering an update to their core framework from version 6.0.3 to 6.0.4 should be aware of subtle differences between these releases. Both versions, maintained under the MIT license and developed by the Angular team, rely on tslib version 1.9.0 and share peer dependencies on rxjs version 6.0.0 and zone.js version 0.8.26, suggesting a high degree of compatibility within the broader Angular ecosystem. The package descriptions remain the same, indicating no major feature additions or deprecations introduced with the update.
The primary differences lie in the release timing and package size. Version 6.0.4 was released on June 6th, 2018, approximately two weeks after version 6.0.3, which was released on May 22nd, 2018. This short interval suggests the newer release likely addresses bug fixes or minor improvements identified shortly after the previous version. Interestingly, the unpacked size decreased from 13,331,099 bytes in 6.0.3 to 13,194,825 bytes in 6.0.4. While both versions have the same number of files, the reduction in unpacked size might suggest optimizations in code or resource usage.
For developers, the update from 6.0.3 to 6.0.4 is recommended, given the bug fixes that are likely and the slight footprint improvement for deployment. Examine release notes for detailed fix information.
All the vulnerabilities related to the version 6.0.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
