Ant Design (antd) is a popular React UI library offering a rich set of pre-built components for building enterprise-grade applications. Comparing versions 2.10.0 and 2.9.3, developers will find incremental updates primarily focused on dependency upgrades and bug fixes. The core functionality and API remain largely consistent, ensuring smooth transitions for existing projects.
One notable difference lies in the updated dependencies. Version 2.10.0 sees updates to several rc-* (React Component) packages, specifically rc-tree updated from ~1.4.0 to ~1.5.0, and rc-calendar updated from ~8.0.0 to ~8.1.0. These upgrades often bring performance improvements, bug resolutions, and potentially new features within those individual components. Additionally, version 2.10.0 introduces rc-editor-mention with version ~0.6.11 as a new dependency, suggesting enhanced features for mention capabilities.
For developers, sticking to the latest stable version (2.10.0) is generally recommended. This ensures access to the most current bug fixes and optimizations. When upgrading, it is advisable to carefully review the changelogs for the updated rc-* dependencies to understand the specific changes and any potential impact on existing code. The upgrades improve the overall stability, functionality, and maintainability of applications built with Ant Design.
All the vulnerabilities related to the version 2.10.0 of the package
Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.
This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
