Angular core version 9.0.4 represents a subtle but important update to the 9.0.x series building upon the foundation laid by version 9.0.3. Both versions, core components of the Angular framework, share identical peer dependencies on RxJS (version 6.5.3 or higher), tslib (version 1.10.0 or higher) and zone.js (version around 0.10.2), ensuring developers use compatible versions of these core libraries. The library remains under the MIT license and is maintained by the angular team.
While the core functionality and API surface likely remain largely unchanged judging by matching file counts (678) and unpacked sizes of 27815904 bytes in both versions, the key difference lies in the release dates. Version 9.0.4 was published on February 27, 2020, at 21:50:29.089Z, significantly later than version 9.0.3 released earlier that same day at 04:50:26.714Z. This suggests that version 9.0.4 likely contains critical bug fixes or minor enhancements discovered shortly after the release of 9.0.3. Developers should, therefore, opt for version 9.0.4 to benefit from the latest stability improvements. Checking the Angular changelog for detailed descriptions of these resolved issues is highly recommended before upgrading to the latest patch. It's vital to check the angular change log to ensure if the update will impact the developer code.
All the vulnerabilities related to the version 9.0.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
