Angular core version 7.2.5 represents a minor update over its immediate predecessor, version 7.2.4, within the Angular framework. Both versions share the same core description as the "Angular - the core framework", indicating that the fundamental purpose and role of the package remain consistent. Key dependencies like tslib (^1.9.0) and peer dependencies such as rxjs (^6.0.0) and zone.js (~0.8.26) are identical, ensuring compatibility and a seamless upgrade path for developers already working with Angular 7.2.4. The license continues to be MIT, providing developers with liberal usage rights.
The most evident distinction lies in the dist object which contains metadata about the distribution package. Version 7.2.5 was released on February 15, 2019, roughly nine days after version 7.2.4 (released on February 6, 2019). While the fileCount remains consistent at 611, the unpackedSize shows a slight increase from 20,661,507 bytes in 7.2.4 to 20,708,013 bytes in 7.2.5. This suggests that the newer version includes some additions or modifications that resulted in a larger package size, although the file count remained the same. Developers should be aware of the small size increase. Though the change is minimal, a careful look at the changelog, available on the Angular GitHub repository, is advised before upgrading to ensure compatibility with existing projects or code.
All the vulnerabilities related to the version 7.2.5 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
