Ant Design (antd) is a popular React UI library providing a comprehensive suite of enterprise-class components for building rich and interactive web applications. Comparing versions 2.10.3 and 2.10.4 reveals subtle yet important updates for developers. The core components remain consistent, ensuring a stable foundation for existing projects.
A notable difference lies in the updated dependency for rc-util, moving from version 4.0.1 to ^4.0.4. This suggests improvements or bug fixes within the rc-util utility library that benefit antd's internal operations. rc-util provides a set of reusable React utilities, so this update potentially enhances the performance or stability of various antd components. The release date difference of a few hours suggest that antd 2.10.4 may include bug fixes found after the release of the previous version.
Both versions share the same core dependencies, like moment for date management, rc-form for form handling, and various rc-* components for specialized UI elements like menus, tables, and dialogs. This consistency demonstrates a focus on incremental improvements rather than radical changes. Developers can upgrade with confidence, expecting minimal disruption to their existing codebases. The devDependencies also appear the same, indicating that the development and build processes remained unchanged between these releases. These updates are relevant for developers already using Ant Design and those evaluating the library for new projects.
All the vulnerabilities related to the version 2.10.4 of the package
Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.
This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
