Ant Design (Antd) evolved from version 2.4.3 to 2.5.0 with notable updates for React developers. Both versions share the core philosophy of providing an enterprise-class UI design language and React-based components. Dependencies like moment, rc-form, and several rc-* components are largely aligned, ensuring continued stability.
Key differences emerge in the dependency versions of core components impacting functionality and potentially styling. Most notably, rc-table was updated from ~5.0.0 to ~5.2.0, rc-calendar from ~7.4.1 to ~7.5.1, and rc-slider from ~5.2.0 to ~5.3.0 possibly including bug fixes, performance improvements or new features in these components. The new version removes the gregorian-calendar and gregorian-calendar-format as direct dependencies.
Regarding development dependencies, both versions extensively use tools like babel, eslint, jest, and bisheng for development, testing, and documentation. The versions of these tools are very similar with some minor bumps to keep the development ecosystem updated. The release date signifies a commitment to ongoing improvement, with version 2.5.0 released just over a week after 2.4.3, suggesting a focus on rapid iteration. Developers considering upgrading should carefully review the changelogs for rc-table, rc-calendar and rc-slider for detailed information on new features, bug fixes, and potential breaking changes related to these specific components. The upgrade promises refinements to existing components and an updated development environment. Those using the table, calendar, and slider components should pay close attention to the upgrade.
All the vulnerabilities related to the version 2.5.0 of the package
Regular Expression Denial of Service in moment
Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings.
Update to version 2.19.3 or later.
Path Traversal: 'dir/../../filename' in moment.locale
This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale.
This problem is patched in 2.29.2, and the patch can be applied to all affected versions (from 1.0.1 up until 2.29.1, inclusive).
Sanitize user-provided locale name before passing it to moment.js.
Are there any links users can visit to find out more?
If you have any questions or comments about this advisory:
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
