Boom is a valuable npm package designed to streamline HTTP error handling within Node.js applications, providing a standardized and developer-friendly approach to managing error responses. Comparing versions 7.2.1 and 7.2.0 reveals subtle but important upgrades that developers should consider. While both versions offer the core functionality of creating HTTP-friendly error objects, version 7.2.1 demonstrates an evolution in its dependency management, specifically with the "hoek" package. Version 7.2.1 upgrades the "hoek" dependency from "5.x.x" to "6.x.x". This update introduces improvements and potential bug fixes included in the newer version of the 'hoek' utility library, which boom relies on for internal operations. Developers upgrading to 7.2.1 can expect enhanced stability and potentially improved performance stemming from this dependency update.
Furthermore, the "devDependencies" section also shows changes. While both versions utilize "code" and "markdown-toc" in similar versions, the "lab" testing framework sees an update from "15.x.x" in 7.2.0 to "17.x.x" in 7.2.1. This indicates enhancements in the testing suite surrounding the boom package itself, ensuring more robust and reliable error handling. Finally, the "unpackedSize" and "releaseDate" also indicate that version 7.2.1 is a more recent release, with slight changes in the package size. Developers should evaluate if the update to version 7.2.1 introduces breaking changes by carefully reviewing the changelog.
All the vulnerabilities related to the version 7.2.1 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
