Azure DevOps Node API version 10.1.1 is a minor patch release over the previous stable version 10.1.0. Both versions serve as Node.js clients, enabling developers to interact with Azure DevOps and TFS REST APIs. The core functionality remains consistent, providing access to a wide range of Azure DevOps services. This allows developers to automate tasks, integrate with existing systems, and build custom extensions for the Azure DevOps platform.
The crucial distinction between the two versions lies within the dependencies. Version 10.1.1 upgrades the "typed-rest-client" dependency to "^1.7.3", while version 10.1.0 uses "1.7.2". This seemingly small change could include bug fixes, performance improvements, or new features within the typed-rest-client library that are beneficial for making reliable REST calls.
Developers considering an upgrade should evaluate the changes introduced in typed-rest-client 1.7.3 to identify any potential advantages or breaking changes impacting their existing code. Beyond this dependency update, the devDependencies, licensing, repository, author, and general structure of the package remain identical between the two versions. The unpacked size of the newer version is slightly bigger suggesting some minor content changes or additions alongside the upgraded dependency. In summary version 10.1.1 provides an incremental improvement to the 10.1.0, mainly related to the updated "typed-rest-client", so is advisable upgrading to it.
All the vulnerabilities related to the version 10.1.1 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
