@babel/plugin-transform-runtime version 7.13.4 introduces subtle but important changes compared to the previous stable version, 7.13.2. Both versions serve the same core purpose: to externalize references to Babel's helper functions and built-ins, enabling automatic polyfilling without polluting the global scope. This is crucial for preventing naming conflicts and ensuring compatibility across different environments. Developers rely on this plugin to streamline their code and avoid manual polyfill management.
The key difference lies in the updated versions of its development dependencies, specifically @babel/runtime (updated from 7.13.2 to 7.13.4) and @babel/runtime-corejs3 (updated from 7.13.1 to 7.13.4). These updates likely incorporate bug fixes, performance improvements, and potentially new features related to the core runtime and the core-js polyfills. While the core functionalities of the plugin remain consistent - transforming code for broader compatibility and handling asynchronous functions with regenerator - these dependency refinements enhance the overall reliability and efficiency of the runtime environment that the plugin leverages. The consistent unpacked size of 13746 bytes and identical file count of 9 suggest only internal code or a negligble difference in the volume of code changed. These changes are important for users who depend on specific bug fixes in the affected @babel/runtime to enhance the reliability of their builds and prevent potential issues. The release date difference indicates active maintenance of the library, providing additional reassurance for developers.
All the vulnerabilities related to the version 7.13.4 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
