Angular core version 7.2.6 is a minor release following 7.2.5, both building upon the solid foundation of the Angular framework. These versions share core characteristics: they both depend on tslib version 1.9.0 or higher and have peer dependencies on rxjs version 6.0.0 or higher and zone.js version 0.8.26. This indicates a consistent reliance on these key libraries for reactivity and asynchronous operations. Both versions are licensed under the MIT license, inherit the same repository on GitHub, and are attributed to the "angular" author.
The key difference between these two versions lies in their release date and unpacked size after installation. Version 7.2.6 was released on February 20, 2019 which compiled resulted in an unpacked size of 20709225 bytes while version 7.2.5 was released on February 15, 2019 and has an uncompressed size of 20708013 bytes. These differences, while minor, suggest that version 7.2.6 likely includes bug fixes, performance improvements, or very subtle feature enhancements relative to 7.2.5 to address potential regressions or further improvements. Developers using Angular should consider upgrading to 7.2.6, as bug fixes and performance enhancements improve code stability and user experience.
All the vulnerabilities related to the version 7.2.6 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
