Ant Design (antd) is a popular React-based UI library offering a comprehensive suite of enterprise-class components for building modern web applications. Examining versions 2.10.3 and 2.10.2, we uncover subtle but important differences useful to developers. The update from 2.10.2 to 2.10.3 introduces a key dependency update rc-calendar which advances from version ~8.3.0 to ~8.4.0. While seemingly minor, this adjustment might include bug fixes, performance improvements, or new features within the calendar component, potentially impacting date selection and display in applications using antd. Differences on devDependencies: antd-tools goes from version ~0.19.1 to ^1.4.2 and typescript goes from version ~2.2.1 to ~2.3.0.
Both versions share the same core dependencies, ensuring stability and consistent functionality for components like forms, menus, tables, dialogs, and more. Developers leveraging antd benefit from a well-structured, themable, and accessible UI framework, accelerating development cycles and maintaining a unified design language. For developers considering upgrading to version 2.10.3, reviewing the changelog for rc-calendar 8.4.0 to identify specific enhancements or breaking changes is essential. The core value proposition remains consistent—a robust React UI library simplifying web application development with a focus on usability and aesthetics. Remember to check the Ant Design project's official website and GitHub repository for detailed release notes and migration guides.
All the vulnerabilities related to the version 2.10.3 of the package
Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.
This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
