Angular core version 9.0.7 represents a minor update to the core Angular framework, succeeding version 9.0.6. Both versions share the same fundamental characteristics: they are part of the Angular 9 release family, built to create robust and scalable web applications. They both require similar peer dependencies, specifically rxjs version 6.5.3 or higher, tslib version 1.10.0 or higher, and zone.js version 0.10.2. The licenses are the same (MIT), and the source code repositories are pointing to the same github repository.
A key distinction lies in their release dates: version 9.0.7 was published on March 18, 2020, while version 9.0.6 was released on March 11, 2020. This relatively short time span between releases suggests that version 9.0.7 likely contains bug fixes, performance improvements, or minor enhancements addressing issues discovered in version 9.0.6. The unpacked size of the newer package is slightly larger, indicating potentially added features or code adjustments.
For developers, migrating from 9.0.6 to 9.0.7 should be relatively straightforward, assuming no deprecated features were removed. Reviewing the Angular changelog for detailed information on specific fixes and improvements is highly recommended before updating. This allows developers to understand the precise impact of the update and ensure compatibility with their existing Angular projects.
All the vulnerabilities related to the version 9.0.7 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
