@babel/plugin-transform-runtime version 7.13.2 is a minor update to the popular Babel plugin that helps to reduce code duplication and bundle size by externalizing Babel's helper functions and polyfills for features like async/await and core-js. This allows developers to avoid injecting these helpers and polyfills directly into each module, leading to more efficient and maintainable code. Both versions, 7.13.1 and 7.13.2, share the same core functionality, dependencies (like semver, helper-plugin-utils, module-imports, and the polyfill plugins), peer dependencies (specifically requiring @babel/core version 7 or higher) and development dependencies. They both depend in same versions to polyfill-corejs2, polyfill-corejs3 and polyfill-regenerator, ensuring consistent polyfilling across projects. The minor bump from 7.13.1 to 7.13.2 involves updates to some of the internal dev dependencies like @babel/runtime from version 7.13.1 to 7.13.2. This suggests improvements or bug fixes within Babel's runtime library itself, ensuring better compatibility and stability. Also, the @babel/runtime-corejs3 package (responsible for core-js version 3 polyfilling) sees a change from version 7.13.1 to 7.13.2. With that in mind, upgrading to 7.13.2 is recommended because it includes the latest bug fixes of @babel/runtime and @babel/runtime-corejs3, potential performance tweaks, and ensures compatibility with the newest Babel ecosystem components without introducing any breaking changes or modifying the fundamental behavior of the plugin.
All the vulnerabilities related to the version 7.13.2 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
