Angular developers will find that version 8.1.0 of @angular/core introduces some notable changes compared to the previous stable version, 8.0.3. Both versions share the same core framework description, license (MIT), and repository details, indicating consistent maintenance and open-source commitment from the Angular team. They also depend on the same version of tslib ( ^1.9.0), ensuring Typescript compatibility, and share the same peer dependencies on rxjs (^6.4.0) and zone.js (~0.9.1), highlighting a consistent ecosystem requirement.
However, a key difference lies in the package size. Version 8.1.0 sees an increase, with a tarball file count of 626 and an unpacked size of 26388657, compared to 8.0.3's 590 files and unpacked size of 24590401. This suggests that version 8.1.0 includes new features, optimizations, or bug fixes that contribute to the larger footprint. The release dates are also significant, with 8.1.0 being released on 2019-07-02, just a few days after the release of 8.0.3 on 2019-06-26. This indicates a quick iteration, possibly addressing immediate issues or introducing minor enhancements shortly after the 8.0.3 release. Developers should investigate the changelog to understand the specific additions and bug fixes in 8.1.0 to determine if upgrading is beneficial for their projects, particularly concerning the increased package size.
All the vulnerabilities related to the version 8.1.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
