Angular version 9.1.2 is a minor release following 9.1.1 of the core framework, focusing primarily on refinements and bug fixes rather than introducing groundbreaking new features. Both versions share the same fundamental peer dependencies, requiring compatible versions of RxJS (^6.5.3), tslib (^1.10.0), and Zone.js (~0.10.3) to function correctly, ensuring a consistent development environment. Licensed under the MIT license and maintained by the Angular team, both packages are available within the Angular GitHub repository under the packages/core directory, emphasizing their commitment to open-source development and community involvement.
While the core description remains consistent, developers might be interested in the differences in dist metadata. Version 9.1.2 comprises 682 files with an unpacked size of 27967899 bytes versus 27929495 bytes of version 9.1.1, suggesting that bug fixes and minor changes led to a size increment. Given the release date (April 15, 2020, for 9.1.2 and April 7, 2020, for 9.1.1), the newer version incorporates a week's worth of fixes and refinements. Developers should consult the official Angular changelog for a comprehensive list of specific changes between these versions to understand the impact on their applications and decide whether upgrading is beneficial, balancing potential improvements against the effort required for testing and integration.
All the vulnerabilities related to the version 9.1.2 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
