Angular developers considering an upgrade from version 7.1.3 to 7.1.4 of the @angular/core package will find a relatively minor, yet potentially impactful update. Both versions share identical core dependencies on tslib (^1.9.0), as well as peer dependencies rxjs (^6.0.0) and zone.js (~0.8.26), ensuring compatibility across the Angular ecosystem. The license remains MIT, and the source code is hosted in the same Angular GitHub repository.
The key difference lies in the dist section, specifically the unpackedSize. Version 7.1.4 sees a slight increase to 19571934 bytes, compared to 7.1.3's 19443408 bytes. While the fileCount remains constant at 605, this subtle increase in size suggests bug fixes, performance improvements, or small feature additions within the core framework. Furthermore, the releaseDate illuminates the recency; version 7.1.4 was released on December 18, 2018, a week after 7.1.3 which came out on December 11, 2018. Developers should investigate the Angular change log for a detailed breakdown of what specifically changed, and how it may impact their applications. Given the minor nature of this version jump, this update is likely low-risk and focused on refinement.
All the vulnerabilities related to the version 7.1.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
