Angular core version 9.0.0 represents a significant update from the previous stable version 8.2.14, offering developers notable improvements and changes. Released on February 6, 2020, version 9 incorporates updated peer dependencies, requiring "rxjs" "^6.5.3", "tslib" "^1.10.0" and "zone.js" "~0.10.2", while version 8.2.14, released on November 13, 2019, relied on "rxjs" "^6.4.0" and "zone.js" "~0.9.1". A key difference lies in the direct dependencies. Version 8.2.14 explicitly lists "tslib":"^1.9.0" as a dependency, but version 9.0.0 moves "tslib" to peer dependencies.
The unpacked size of version 9.0.0 also sees an increase to 27491764 from 25931453 in version 8.2.14, suggesting expanded functionality or internal changes. Regarding the file count within the distribution package, version 9.0.0 contains 674 files compared to the 614 files found in version 8.2.14.
For developers considering an upgrade, these changes highlight the importance of verifying compatibility with existing projects, especially considering the shift in peer dependencies and the updated versions of RxJS, zone.js and tslib. The increased size may also influence build times; developers should evaluate the impact on their workflow. These updates reflect Angular's evolution and commitment to improving developer experience and performance.
All the vulnerabilities related to the version 9.0.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
