Angular Core version 9.0.3 represents a minor update over the preceding stable version 9.0.2, both integral parts of the Angular framework. Primarily, developers interacting with Angular will notice subtle improvements and refinements rather than groundbreaking changes. Both versions share identical peer dependencies on rxjs, tslib, and zone.js, ensuring similar compatibility requirements for your projects. The licenses remain consistent under the MIT license.
The @angular/core package is, as its description suggests, the core of the Angular framework. Both versions offer the fundamental building blocks for creating dynamic web applications. A key difference lies in the dist section: version 9.0.3 shows a slight increase in file count (678 vs 676) and unpacked size (27815904 bytes vs 27589490 bytes) compared to 9.0.2. This suggests bug fixes, performance enhancements, or minor feature additions. The updated release date for 9.0.3, 2020-02-27, indicates a recent patch, meaning the Angular team addressed any issues discovered in 9.0.2. Therefore, upgrading to 9.0.3 is generally recommended as it incorporates the latest improvements and potentially mitigates risks found in the previous version. Developers should always consult the official Angular changelog for specific details on the changes within these minor versions.
All the vulnerabilities related to the version 9.0.3 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
