Version 7.13.5 of @babel/plugin-transform-runtime brings subtle but important changes compared to version 7.13.4. Both versions, designed to externalize Babel's helper functions and automatically polyfill code, prevent global scope pollution, a key benefit for modern JavaScript development. Looking at the dependencies, we can see that version 7.13.5 upgrades babel-plugin-polyfill-corejs2 from ^0.1.2 to ^0.1.4, babel-plugin-polyfill-corejs3 from ^0.1.2 to ^0.1.3 and babel-plugin-polyfill-regenerator from ^0.1.1 to ^0.1.2. This indicates improvements and bug fixes within the core-js and regenerator polyfilling functionalities. Developers leveraging core-js 2, core-js 3, or regenerator-based features in their projects should consider upgrading to 7.13.5 to benefit from these enhancements. Additionally, the @babel/preset-env devDependency moves from version 7.13.0 to 7.13.5 in the newer version. This is also a sign, that you may want to upgrade. While the core functionality and peer dependencies remain the same, the updated polyfill plugins improve overall stability and offer access to the latest polyfill features. By keeping dependencies up-to-date, Babel ensures better compatibility and reduced risk of encountering polyfilling related issues during runtime. The release date difference shows that version 7.13.5 came out shortly after 7.13.4, probably to release the mentioned updates.
All the vulnerabilities related to the version 7.13.5 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
