Angular developers should note a subtle update between @angular/core versions 7.2.12 and 7.2.13. Both versions are described as "Angular - the core framework" and maintain identical dependency and peer dependency requirements, specifically using tslib version ^1.9.0, rxjs version ^6.0.0, and zone.js version ~0.8.26. This indicates no breaking API changes or significant feature additions within the core framework itself.
Crucially, the file count and unpacked size in the dist object are identical (611 files and 20728232 unpacked size), suggesting that the changes between the versions don't come from increased overall content of the package. The fundamental difference lies in the release date. Version 7.2.13 was released on April 13, 2019, while version 7.2.12 came out on April 3, 2019. The ten-day gap suggests the update likely addresses bug fixes, performance improvements, or minor refinements. While the core API surface appears unchanged, upgrading from 7.2.12 to 7.2.13 is recommended to benefit from the latest stability enhancements and potential security patches. Developers should always check the official Angular changelog or release notes for a detailed breakdown of the specific changes included in 7.2.13.
All the vulnerabilities related to the version 7.2.13 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
