Angular core version 8.2.5 represents a minor update to the core framework, building upon the foundation established by version 8.2.4. Both versions share the same fundamental dependencies, relying on tslib for TypeScript helper functions and requiring rxjs and zone.js as peer dependencies for reactive programming and asynchronous task management, respectively. This ensures API compatibility and a smooth transition for developers already working with Angular 8.2.x. License remains MIT.
From the developer's perspective, while the core dependencies and API surface remain consistent, subtle changes are present. The unpackedSize of version 8.2.5 is slightly smaller than that of 8.2.4, suggesting minor under-the-hood optimizations. More importantly, the newer version was released on September 4, 2019, a week after 8.2.4 meaning bug fixes or small improvements, although specifics aren't detailed, are likely included. Developers should upgrade, as a general practice, to benefit from the latest bug fixes and performance improvements. Always reviewing the Angular changelog or release notes is advisable for detailed information about the specific changes and potential impact on existing projects.
All the vulnerabilities related to the version 8.2.5 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
