Angular core version 9.0.5 is a patch release following the 9.0.4 version, both part of the Angular 9 release family. Targeted towards Angular developers, these versions offer a stable foundation for building robust web applications. Both versions share identical peer dependencies, requiring RxJS version ^6.5.3, tslib ^1.10.0, and zone.js ~0.10.2, ensuring compatibility with the wider Angular ecosystem. The license remains MIT, offering developers flexibility in usage and distribution. The repository information points to the official Angular GitHub repository, specifically the 'packages/core' directory, enabling developers to directly access the source code and contribute to the framework.
The key difference lies in the release date and the unpacked size of the distribution. Version 9.0.5 was released on March 4th, 2020, a week after version 9.0.4's release on February 27th, 2020, suggesting that 9.0.5 incorporates bug fixes or minor improvements discovered since the prior release. The slight increase in unpacked size, from 27815904 bytes in 9.0.4 to 27823190 bytes in 9.0.5, reinforces this idea, indicating that the changes are likely additive rather than subtractive. For developers, upgrading from 9.0.4 to 9.0.5 is recommended to benefit from the latest refinements and potential stability improvements, especially if any issues were experienced with the earlier 9.0.4 version. Both versions are important for building performant applications which are easy to test and maintain.
All the vulnerabilities related to the version 9.0.5 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
