Angular developers will find nuanced yet impactful differences between version 7.2.0 and its predecessor, 7.1.4, of the core Angular framework. Both versions maintain the same core dependencies on tslib and identical peer dependencies on rxjs and zone.js, ensuring a smooth transition for projects already leveraging these libraries. Crucially, the license remains MIT, guaranteeing continued open-source usability.
A notable change lies in the package size. Version 7.2.0 sees an increase in fileCount from 605 to 611 and in unpackedSize from 19,571,934 bytes to 20,661,604 bytes. This suggests the addition of new features, bug fixes, or optimizations that contribute to the larger footprint, potentially encompassing enhanced component functionalities or improved performance characteristics.
The most apparent difference is the release date. Version 7.2.0 arrived on January 7, 2019, while 7.1.4 was released on December 18, 2018. This difference indicates roughly a three-week period of development and refinement between the releases. Developers should consult the official Angular changelog for a comprehensive list of specific changes and updates introduced in version 7.2.0. This information will allow them to make informed decisions on whether upgrading to 7.2.0 is beneficial for their projects. While the core dependencies are the same, new implementations or bug fixes contained within would affect upgrade impact.
All the vulnerabilities related to the version 7.2.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
