Angular core version 9.1.5 represents a minor release following the 9.1.4 version, both integral parts of the Angular framework. As indicated by the versioning scheme, the update likely includes bug fixes and small improvements rather than substantial new features. Examining the metadata, both versions share identical peer dependencies, requiring rxjs version ^6.5.3, tslib version ^1.10.0, and zone.js version ~0.10.3. This suggests that upgrading from 9.1.4 to 9.1.5 shouldn't necessitate changes to your existing dependency versions, simplifying the update process.
The most apparent difference lies in the "releaseDate," with 9.1.5 being released on May 7, 2020, and 9.1.4 on April 29, 2020, indicating approximately a week's gap between the releases. A notable change also surfaces in the size of the unpacked tarball: version 9.1.5 weighs in at 28148905 bytes, a modest increase from the 28077978 bytes of version 9.1.4. The slight increase in size likely reflects the included bug fixes and minor enhancements. While both have the same number of files, 682, the adjusted unpacked size suggests refinements or patches made to existing components within the core framework. Developers maintaining Angular applications using version 9.1.4 should consider upgrading to 9.1.5 to benefit from the latest bug fixes and performance improvements, ensuring a more stable and reliable application.
All the vulnerabilities related to the version 9.1.5 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
