Angular core version 6.1.7 is a minor patch release in the Angular 6 series, following version 6.1.6. Both versions share the same core dependencies, relying on tslib version 1.9.0 or higher and requiring rxjs version 6.0.0 or higher and zone.js version ~0.8.26 as peer dependencies. This ensures compatibility across the Angular ecosystem for developers leveraging these libraries. The license remains MIT, ensuring open-source usage and modification. The repository URL points to the official Angular GitHub repository, providing developers access to the source code and contribution opportunities.
The key difference lies in their release dates and potentially subtle bug fixes or performance improvements. Version 6.1.7 was released on September 6, 2018, while version 6.1.6 was released on August 29, 2018. While both versions have the same fileCount (527), version 6.1.7 has a slightly larger unpackedSize (15462662) compared to version 6.1.6 (15461959). This small increase usually implies code optimization, bug fixes, or minor feature enhancements. Users who are on version 6.1.6 are recommended to upgrade to version 6.1.7 to benefit from the latest improvements. It’s important to consult the official Angular changelog for a detailed list of changes included in this patch release. As these are minor versions there are likely no brreaking changes, making this a low risk upgrade.
All the vulnerabilities related to the version 6.1.7 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
