Angular developers will find subtle yet potentially impactful differences between @angular/core versions 9.1.9 and 9.1.10. Both versions share the same core framework description, licensing under MIT, and maintain compatibility with peer dependencies such as rxjs (^6.5.3), tslib (^1.10.0), and zone.js (~0.10.3). The repository and author information remain consistent, pointing to the official Angular GitHub repository and attributing authorship to the Angular team.
However, the key distinctions lie in their release timing and distribution details. Version 9.1.10 was released on June 9, 2020, while 9.1.9 was released earlier on May 20, 2020. While file count remains consistent at 680 files, version 9.1.10 shows a slightly larger unpacked size of 27,979,057 bytes compared to 9.1.9's 27,979,031 bytes. This increase of 26 bytes, while seemingly insignificant, could be indicative of minor bug fixes, performance improvements, or adjustments to accommodate specific edge cases addressed in the newer version. Developers should consult the official Angular changelog or release notes associated with version 9.1.10 for a comprehensive understanding of the changes implemented and their potential impact on application behavior. Upgrading to the latest patch version is generally recommended to benefit from the newest fixes and optimizations.
All the vulnerabilities related to the version 9.1.10 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
