Angular core version 8.2.6 is a patch release in the Angular 8 series, arriving shortly after version 8.2.5. Examining the metadata, the core differences appear focused on internal improvements and bug fixes rather than introducing significant new features for developers. Both versions share identical dependencies on tslib (version ^1.9.0) and peer dependencies on rxjs (version ^6.4.0) and zone.js (version ~0.9.1), suggesting that developers upgrading from 8.2.5 should not encounter any breaking changes related to these core packages.
The fileCount remains constant at 614, but a slight increase in unpackedSize from 25932817 to 25932925 bytes suggests minor adjustments or additions to the codebase, likely under-the-hood optimizations. The release date difference clearly indicates that 8.2.6 is a direct successor, published approximately a week after 8.2.5.
For developers, the upgrade from 8.2.5 to 8.2.6 is recommended for its stability enhancements and potential bug resolutions. While no groundbreaking functionalities are introduced, staying current with patch releases ensures a smoother development experience and mitigates potential compatibility issues. When upgrading, developers should run their test suites to confirm everything works as expected, despite the relatively minor nature of the patch. The consistent peer dependencies minimize the risk of conflicts with existing projects.
All the vulnerabilities related to the version 8.2.6 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
