Angular developers will find two closely related versions of the core framework available: 7.2.10 and 7.2.11. Both share the same core description as "Angular - the core framework," utilize the MIT license, depend on tslib version 1.9.0 or higher, and require rxjs version 6.0.0 or higher as a peer dependency, alongside zone.js version 0.8.26. The source code for both versions resides within the same Angular GitHub repository. Looking at the dist object we can see that the number of files is the same but there is a small difference in the unpacked size, with version 7.2.11 being slightly (less than 1MB) larger.
The key difference lies in their release dates: version 7.2.10 was published on March 20, 2019, while version 7.2.11 followed shortly after on March 26, 2019. This short interval suggests that version 7.2.11 likely contains bug fixes or minor improvements over 7.2.10, as opposed to introducing major new features. Upgrading from 7.2.10 to 7.2.11 should be a relatively straightforward process. While the exact nature of changes requires consulting the Angular changelog for these specific versions, developers are generally advised to use the latest stable release (7.2.11) to benefit from the most recent fixes and optimizations. If the changelog doesn't show any breaking change it is safe to adopt the newest version.
All the vulnerabilities related to the version 7.2.11 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
