Angular core, a fundamental package for building Angular applications, saw a release of version 8.2.3 on August 21, 2019, following version 8.2.2 which was released on August 12, 2019. Both versions share the same core description, declaring themselves as "Angular - the core framework". They depend on tslib with a version constraint of "^1.9.0" and have peer dependencies on rxjs ("^6.4.0") and zone.js ("~0.9.1"), crucial for reactive programming and asynchronous task management within Angular applications. Maintained under the MIT license, the source code is accessible through the official Angular GitHub repository.
While both versions seem largely consistent in their stated dependencies and peer dependencies, some subtle differences exist. Version 8.2.3 has a smaller unpacked size of 25932925 bytes compared to version 8.2.2's 25963455 bytes. Also the fileCount attribute has a difference, 614 and 620 respectively. These variations suggest potential optimizations or bug fixes introduced in the newer version that might impact the overall application size and or performance in certain situations. Users are recommended to usually upgrade to the latest patch version to benefit from bug fixes and performance improvements. Developers should refer to the official Angular changelog for a comprehensive overview of specific changes and bug fixes included in version 8.2.3 to understand the specific benefits for their projects.
All the vulnerabilities related to the version 8.2.3 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
