Angular developers considering an upgrade from version 7.1.2 to 7.1.3 of the @angular/core package will find a relatively incremental update. Both versions share the same core framework description, dependencies on tslib (version ^1.9.0), and peer dependencies on rxjs (^6.0.0) and zone.js (~0.8.26), ensuring compatibility with existing projects using those libraries. The license remains MIT, and the repository URL and author information are consistent.
The primary differences lie in the distribution details and release date. Version 7.1.3 was released on December 11, 2018, while version 7.1.2 was released five days prior, on December 6, 2018. The fileCount in the dist object is identical at 605, however, the unpackedSize shows a slight increase in 7.1.3 to 19443408 bytes, compared to 19441211 bytes in version 7.1.2. This small size difference suggests minor bug fixes, performance improvements, or very targeted feature additions within the core framework.
For developers, this means the update from 7.1.2 to 7.1.3 should be a straightforward process with a low risk of breaking changes. The increase in unpacked size indicates potential improvements, bug fixes that might be beneficial to have. Examine the detailed changelog or release notes available on the official Angular GitHub repository for more clarity on the specifics of fixes and improvements included in version 7.1.3. While this upgrade might seem small, staying up-to-date with newer versions can incrementally enhance the performance and stability of your Angular applications.
All the vulnerabilities related to the version 7.1.3 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
