Angular core version 9.1.4 represents a minor update to the Angular framework, building upon the foundation laid by version 9.1.3. Both versions share the same core dependencies on RxJS (^6.5.3), tslib (^1.10.0), and zone.js (~0.10.3), ensuring compatibility for existing projects. The license remains MIT, providing developers with the freedom to use and modify the framework. The source code for both versions resides within the same repository on GitHub under the /packages/core directory, maintaining consistency for contribution and review.
While seemingly incremental, the update from 9.1.3 to 9.1.4 includes bug fixes and performance enhancements. This is reflected in a slightly larger unpacked size of 28,077,978 bytes for 9.1.4 compared to 28,045,291 bytes for the previous version. The file count remains stable at 682, suggesting the changes are not related to the addition or removal of files. The key difference is the release date, with 9.1.4 being released on April 29, 2020, a week after 9.1.3 which was released on April 22, 2020. For developers, migrating to 9.1.4 is recommended to benefit from these improvements, ensuring a more stable and optimized Angular application. Always test thoroughly in a development environment before deploying to production.
All the vulnerabilities related to the version 9.1.4 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
