@angular/core version 7.2.8 represents a minor update to the core Angular framework, building on the foundation laid by version 7.2.7. Both versions maintain the core description of providing "Angular - the core framework." The fundamental dependencies remain constant: tslib at ^1.9.0, rxjs at ^6.0.0 as a peer dependency, and zone.js at ~0.8.26 also as a peer dependency. This indicates that the underlying TypeScript helper library and the reactive programming and asynchronous task management tools remain compatible and essential for Angular applications.
The license continues to be MIT, and source code accessible at the Angular GitHub repository solidifying Angular's commitment to open-source principles. The difference between the two versions includes an increasing unpacked size from 20722093 to 20724772 and a difference in release date which shifts from 2019-02-27T00:29:01.963Z to 2019-03-06T18:17:53.491Z. The difference indicates there's been a week between the 2 releases. Developers should approach the update from 7.2.7 to 7.2.8 as incremental, resolving bugs and potentially introducing minor performance improvements. Examining the detailed changelog provided with the release would be ideal to understand the precise nature of fixes or adjustments that could impact existing Angular projects. Given the file count is the same, changes are subtle and likely addressed within the same files.
All the vulnerabilities related to the version 7.2.8 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
