@babel/plugin-transform-runtime versions 7.13.7 and 7.13.6 are incremental updates to a crucial Babel plugin designed to streamline polyfilling in JavaScript projects. Both versions share the core functionality of externalizing references to Babel helpers and built-ins, preventing global namespace pollution and reducing bundle sizes. They both depends on packages like semver, @babel/helper-plugin-utils, @babel/helper-module-imports, and the babel-plugin-polyfill-corejs family.
The key difference lies in the updated development dependencies. Version 7.13.7 upgrades @babel/runtime and @babel/runtime-corejs3 to version 7.13.7, while 7.13.6 uses their 7.13.6 version. While seemingly minor, these updates within the @babel/runtime ecosystem often address bug fixes, performance improvements, and compatibility enhancements that directly impact the transformed code's behavior in various JavaScript environments.
For developers, this means upgrading to 7.13.7 ensures access to the latest refinements in Babel's runtime helpers and core-js polyfills, potentially resolving subtle edge cases or optimizing performance in their applications. The unchanged file count and unpacked size suggest that the core logic of the plugin remains consistent, minimizing the risk of introducing breaking changes. Therefore, for projects already using @babel/plugin-transform-runtime, updating to version 7.13.7 is a recommended practice to benefit from the most current and stable runtime environment.
All the vulnerabilities related to the version 7.13.7 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
