Angular's core framework saw a minor version bump from 9.0.0 to 9.0.1, marking a subtle but potentially important update for developers using Angular. While both versions share the same core description, peer dependencies (rxjs, tslib, and zone.js), MIT license, GitHub repository, and author, a closer look reveals nuanced differences. Primarily, version 9.0.1 was released on February 12, 2020, a week after version 9.0.0 which was released on February 6, 2020. The newer version incorporates 676 files compared to 674 in the initial 9.0.0 release, and its unpacked size is slightly larger at 27,504,071 bytes versus 27,491,764 bytes. While seemingly minor, these increases in file count and unpacked size suggest that version 9.0.1 likely includes bug fixes, performance improvements, or small feature enhancements over its predecessor. For developers, upgrading to 9.0.1 is generally recommended to benefit from these incremental improvements and ensure a more stable and refined development experience. Although the changes might not be groundbreaking, staying current with minor version updates helps in maintaining application stability and leveraging any optimizations present in the newer release. Developers should consult the official Angular changelog for a comprehensive list of changes between the two versions to assess the specific impact on their projects.
All the vulnerabilities related to the version 9.0.1 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
