@babel/plugin-transform-runtime, a crucial Babel plugin, has a new version 7.13.1, released shortly after 7.13.0. Both versions share the same core function: externalizing references to Babel helpers and built-ins to avoid global namespace pollution, enabling automatic polyfilling. Key dependencies remain consistent, including semver, @babel/helper-plugin-utils, @babel/helper-module-imports, and the polyfill plugins babel-plugin-polyfill-corejs2, babel-plugin-polyfill-corejs3, and babel-plugin-polyfill-regenerator.
The primary difference lies in the updated development dependencies. Version 7.13.1 upgrades @babel/core and @babel/runtime and @babel/runtime-corejs3 to version 7.13.1, from their previous versions 7.13.0. This indicates a likely focus on internal updates, bug fixes, or improvements related to core functionality within the Babel ecosystem and its runtime environment; however, the scope of changes might be minimal. Both versions maintain the same peerDependencies requirement of @babel/core at ^7.0.0-0, ensuring compatibility with a broad range of Babel 7 versions. With identical file counts and unpacked sizes, the update from 7.13.0 to 7.13.1 appears to be a fine-tuning release. Developers should consider upgrading to 7.13.1 primarily to leverage any bug fixes or performance enhancements within the core Babel runtime and related modules, ensuring the most stable and performant polyfilling experience.
All the vulnerabilities related to the version 7.13.1 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
