BSON version 0.2.15 represents a minor update over its predecessor, version 0.2.14, within the realm of BSON parsers tailored for both Node.js and browser environments. While the core functionalities and dependencies, including "nan" version 1.3.0 for native Node.js add-on support, and development dependencies like "one", "gleak", and "nodeunit" remain consistent, a key distinction lies in the release date. Version 0.2.15 was published on September 4th, 2014, at 17:39:14.933Z, following closely after version 0.2.14, which was released earlier the same day at 08:08:40.363Z.
This suggests that version 0.2.15 likely includes bug fixes, performance improvements, or minor adjustments implemented shortly after the initial 0.2.14 release. Developers already utilizing the BSON library should consider upgrading to version 0.2.15 to benefit from these potential enhancements. The repository information remains unchanged, pointing to the same Git repository on GitHub under the mongodb/js-bson umbrella, where developers can access the source code and contribute to the project. Both versions credit Christian Amor Kvalheim as the author, ensuring continuity in maintainership. When choosing a version, developers should always consult the project's changelog or release notes for a detailed breakdown of the specific changes introduced in version 0.2.15 to make an informed decision.
All the vulnerabilities related to the version 0.2.15 of the package
Deserialization of Untrusted Data in bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.
Deserialization of Untrusted Data in bson
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.
