Angular core version 7.2.2 represents a minor update over the preceding stable version, 7.2.1, both iterations of the core framework share a consistent foundation, reflected in identical dependencies on tslib (version ^1.9.0) and peer dependencies on rxjs (^6.0.0) and zone.js (~0.8.26). This indicates a shared architecture and commitment to compatibility within the broader Angular ecosystem. Both remain under the MIT license, ensuring freedom for developers.
A key area to consider for developers choosing between these versions is the release date. Version 7.2.2 arrived on January 22, 2019, signifying a more recent build compared to 7.2.1 released on January 16, 2019. While the fileCount (611) and unpackedSize (20659620) are identical, suggesting minimal structural changes in the package contents themselves, this update potentially includes bug fixes or performance improvements implemented following the 7.2.1 release.
For developers actively maintaining Angular applications, updating to the latest minor version, 7.2.2, is generally recommended. The changes usually entail minimal breaking changes with the aim to improve stability for better software development.
All the vulnerabilities related to the version 7.2.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
