Angular core version 6.0.6 is a patch release following closely on the heels of version 6.0.5, both iterations focusing on the core framework functionalities developers rely on daily. Both versions share the same core dependencies, requiring tslib version 1.9.0 or higher for TypeScript support, and peer dependencies on rxjs version 6.0.0 and zone.js version 0.8.26, ensuring compatibility with reactive extensions and asynchronous task management respectively. The licensing remains consistent under the MIT license, granting developers broad freedom in utilizing the library. The source code and repository location are unchanged, linking back to the official Angular GitHub repository. While the fileCount remains constant at 464 files, a subtle difference emerges in the unpacked size. Version 6.0.6 weighs in at 13,160,226 bytes, slightly smaller than version 6.0.5's 13,179,645 bytes suggesting potential minor optimizations or bug fixes that reduced the overall footprint. Most notably, the release date distinguishes the versions, with 6.0.6 being released on June 20, 2018, and 6.0.5 on June 13, 2018. Meaning version 6.0.6 has inclusive bug fixes and general improvements that the angular team considered important and deployed accordingly. This makes version 6.0.6 the recommended one to use.
All the vulnerabilities related to the version 6.0.6 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
