Angular core version 7.2.4 is a minor release, succeeding version 7.2.3, within the Angular framework's core functionality. Both versions share the same core description: "Angular - the core framework," indicating their role as fundamental building blocks for Angular applications. They also maintain identical dependencies on tslib (^1.9.0) for TypeScript helper functions, and peer dependencies on rxjs (^6.0.0) for reactive programming and zone.js (~0.8.26) for asynchronous task management. The license remains MIT, and the repository points to the main Angular GitHub repository.
The key difference lies in the release date and unpacked size. Version 7.2.4 was released on February 6, 2019, a week after 7.2.3 which was released on January 30, 2019. There's also a slight increase in the unpacked size of the package in the newer version, from 20660232 bytes to 20661507 bytes, while the file count remains constant at 611. This suggests that the update likely includes minor bug fixes, performance improvements, or very small feature enhancements within the core framework.
For developers, upgrading from 7.2.3 to 7.2.4 should be relatively straightforward given the shared dependencies and the nature of a patch release. While the specifics of the changes aren't explicitly outlined, the increased unpacked size hints at internal adjustments that could enhance application stability or runtime efficiency. As always, reviewing the official Angular changelog for detailed information on the specific changes introduced in 7.2.4 is recommended before upgrading.
All the vulnerabilities related to the version 7.2.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
