Angular Core, the fundamental building block of Angular applications, saw a subtle update from version 6.1.0 to 6.1.1. Both versions share the same core dependencies, relying on tslib (version 1.9.0 or higher) for TypeScript helper functions and specifying rxjs (version 6.0.0 or higher) and zone.js (version ~0.8.26) as peer dependencies, meaning these are expected to be installed separately by the user. This ensures compatibility across different Angular modules. The update appears to primarily involve internal changes and bug fixes, as reflected in the slight reduction in fileCount (from 530 to 527) and unpackedSize (from 15525662 bytes to 15457456 bytes). While the core functionality remains consistent between the two versions, users should generally opt for the newer 6.1.1 release. Released on August 2, 2018, a week following the 6.1.0 release on July 25, 2018, the updated version likely incorporates stability improvements and minor adjustments that enhance the overall development experience, potentially addressing edge cases or performance bottlenecks. For developers, this means a smoother, more robust foundation for building Angular applications, aligning with the Angular team's commitment to continuous refinement.
All the vulnerabilities related to the version 6.1.1 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
