Angular developers should be aware of the subtle but important differences between @angular/core versions 8.2.7 and 8.2.6. Both versions share the same core description as the foundational framework for Angular applications and maintain consistent dependencies on tslib (version ^1.9.0), rxjs (version ^6.4.0), and zone.js (version ~0.9.1). The license remains MIT, and the repository information points to the official Angular GitHub repository, indicating a unified source of truth. Similarly, the author consistently attributes the package to "angular."
The dist object also presents identical fileCount (614) and unpackedSize (25932925) values, suggesting that the core files and overall package size are unchanged. The primary distinction lies in the releaseDate. Version 8.2.7 was released on September 18, 2019, while version 8.2.6 was released on September 11, 2019. This seven-day gap implies that version 8.2.7 likely includes bug fixes, performance enhancements, or minor features that were not present in version 8.2.6. Developers are advised to upgrade to the latest patch version (8.2.7), as it typically incorporates stability improvements and addresses any identified issues. While the specific changes between these versions aren't detailed here, checking the official Angular changelog or release notes is recommended for a comprehensive understanding of the updates.
All the vulnerabilities related to the version 8.2.7 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
