Angular core version 7.0.4 is a patch release in the Angular 7 series, following version 7.0.3. Both versions fundamentally deliver the core framework functionalities for building web applications with Angular. Examining the metadata, the key distinction lies in the releaseDate. Version 7.0.4 arrived on November 14, 2018, a week after 7.0.3, released on November 7, 2018. This suggests incremental bug fixes and minor improvements were addressed in the newer patch.
While the dependencies and peerDependencies remain the same (relying on tslib, rxjs, and zone.js), a subtle difference exists in the bundled package; the unpackedSize of 7.0.4 is slightly smaller (17933591 bytes) than 7.0.3(17956374 bytes) , hinting at possible optimization efforts within the code or build process making the library a bit lighter. The filecount remains exactly the same.
For developers using Angular, the choice hinges on stability and risk tolerance. Upgrading to 7.0.4 is generally recommended, as patch releases often contain vital fixes impacting application behavior and security. However, projects with strict dependency management should review the changelog for 7.0.4 to ensure compatibility and understand the specific changes implemented since 7.0.3, even though the difference hints at a small under-the-hood improvement. Ultimately, both provide the essential Angular core for building robust web applications.
All the vulnerabilities related to the version 7.0.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
