Angular core version 7.0.1 represents a minor update to the 7.0.0 release, both crucial components of the Angular framework. Targeting developers building web applications, both versions share fundamental characteristics: utilizing the MIT license, indicating usage freedom, and depending on tslib for TypeScript helper functions. They also declare peer dependencies on vital libraries like rxjs for reactive programming and zone.js for Angular's change detection mechanism.
The primary difference lies in the @angular/compiler peer dependency, which aligns with their respective versions, ensuring compatibility between the core framework and the compiler. The 7.0.1 version was released quickly after 7.0.0 (October 24th vs October 18th), suggesting it addresses bug fixes or minor enhancements discovered shortly after the initial 7.0.0 release. File count increased slightly from 590 to 596, and unpacked size grew from 17,649,094 bytes to 17,978,650 bytes.
For developers deciding which version to use, 7.0.1 is generally preferred, as it likely incorporates stability improvements and resolves any immediate issues present in 7.0.0. However, review the changelogs for both versions is recommended, for insight into the specific changes included in the 7.0.1 patch. Developers should ensure their projects meet the peer dependency requirements of rxjs, zone.js, and @angular/compiler before upgrading to either version to avoid compatibility issues.
All the vulnerabilities related to the version 7.0.1 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
