BSON, a crucial package for Node.js and browser environments, facilitates the parsing and serialization of BSON (Binary JSON) data, commonly used with MongoDB. Comparing versions 0.2.11 and 0.2.10, subtle yet impactful changes emerge, particularly concerning dependencies. Most notably, the nan dependency, which enables native Node.js Addons development, experiences a revision. Version 0.2.11 upgrades to nan version 1.2.0, while the prior 0.2.10 relies on nan version ~1.0.0. This shift introduces compatibility enhancements and ensures better adherence to evolving Node.js APIs, streamlining the inclusion of native extensions within the BSON parser. Developers should be aware that nan manages the intricacies of the Node.js ABI (Application Binary Interface), ensuring that native modules can function across different Node.js versions. Upgrading to version 0.2.11 provides a smoother experience when utilizing native BSON extensions, potentially minimizing build issues during installation. Importantly, the core functionality of the BSON parser remains consistent across both versions, with similar focus on speed and efficiency, making it a reliable component for applications handling MongoDB data in JavaScript environments, but special attention should be given to nan when packaging this package in an enviroment with custom node version.
All the vulnerabilities related to the version 0.2.11 of the package
Deserialization of Untrusted Data in bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.
Deserialization of Untrusted Data in bson
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.
