Angular core version 9.0.2 represents a subtle but important update over its predecessor, version 9.0.1. Released just a week apart, these versions of Angular's core framework are designed to power dynamic web applications with features that enhance both developer experience and application performance. Both versions share identical peer dependencies on rxjs, tslib, and zone.js, ensuring consistent compatibility regarding reactive programming, TypeScript helpers, and asynchronous task management.
The key difference between the two versions lies within the slightly increased unpacked size of version 9.0.2, which is 27589490 bytes in comparison to 27504071 bytes of the previous version. This increase suggests minor bug fixes, performance enhancements, or documentation updates integrated into the newer release. While the file count remains the same at 676, developers should be especially aware to check the changelog in the official angular repository to discover what the updates are, and if those affect the application they're developing.
Developers considering upgrading from 9.0.1 to 9.0.2 should be looking for the bug fixing and performance improvements. It's highly recommended using package managers such as npm or yarn to seamlessly update to the newer version. Staying up to date with the latest minor versions ensures your application benefits from the most current fixes and improvements available within the Angular ecosystem, and it's also useful to keep the packages updated to avoid security problems.
All the vulnerabilities related to the version 9.0.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
