Angular core has released version 8.2.1, a minor update following closely on the heels of version 8.2.0. Both versions, acting as the core framework for Angular applications, share identical dependency requirements including tslib (at version ^1.9.0), rxjs (at version ^6.4.0) and zone.js (at version ~0.9.1) to ensure compatibility. Developers upgrading won't encounter breaking changes related to these dependencies. Licensed under MIT, both versions are hosted in the official Angular GitHub repository, reinforcing the project's open-source nature and encouraging community contributions.
The noticeable difference between the two lies in the distribution package. Version 8.2.1, released on August 8, 2019, contains a slightly larger unpacked size of 25,586,265 bytes compared to version 8.2.0's 25,575,069 bytes, released on July 31, 2019. While the file count remains consistent at 620 for both versions, the slight increase in size in the newer version may hint at minor bug fixes, performance improvements, or subtle feature enhancements. Developers should consult the official Angular changelog for a detailed breakdown of these changes to understand the specific benefits of upgrading. Considering the short time span between releases, upgrading to 8.2.1 is recommended to leverage the latest refinements and ensure optimal performance of Angular applications.
All the vulnerabilities related to the version 8.2.1 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
