Ant Design (antd) is a popular, enterprise-class UI design language and React-based component library, offering a rich set of pre-built, customizable components to streamline web application development. Comparing versions 2.5.1 and 2.5.2, developers will find subtle but important differences across dependencies and development tools.
In terms of dependencies, version 2.5.2 updates rc-tabs to version ~7.1.0 (from ~7.0.5 in 2.5.1) and rc-slider to version ~5.4.0 (from ~5.3.0). While both versions rely on core dependencies like react, moment, and rc-form, these underlying component updates likely involve bug fixes, performance improvements, or new feature enhancements that contribute to a more refined user experience.
For the development environment, there's a version uplift with bisheng-plugin-toc updated to ^0.4.0 from ^0.3.0. Bisheng is a static site generator used internally for documentation.
These changes, although seemingly minor version increments, might introduce valuable tweaks to specific UI components, impacting the visual presentation and interactive behavior of various elements like tabs and sliders. Developers considering an upgrade should carefully review the release notes of rc-tabs and rc-slider, alongside any antd specific notices, to understand the precise nature of these changes and ensure compatibility with existing code. While both share a common foundation, the refined dependencies in version 2.5.2 may present a smoother or more feature-rich development journey.
All the vulnerabilities related to the version 2.5.2 of the package
Regular Expression Denial of Service in moment
Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings.
Update to version 2.19.3 or later.
Path Traversal: 'dir/../../filename' in moment.locale
This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale.
This problem is patched in 2.29.2, and the patch can be applied to all affected versions (from 1.0.1 up until 2.29.1, inclusive).
Sanitize user-provided locale name before passing it to moment.js.
Are there any links users can visit to find out more?
If you have any questions or comments about this advisory:
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
