BSON version 0.2.22 represents an incremental update to the popular bson package, a crucial component for Node.js and browser-based applications dealing with MongoDB data. This release, dated July 23, 2015, builds upon the foundation laid by version 0.2.21, released earlier in March 2015. At its core, bson provides essential tools for efficiently serializing and deserializing data into the BSON (Binary JSON) format, the standard data format used by MongoDB.
The key difference developers should note lies in the dependency updates. Version 0.2.22 updates the nan dependency to "~1.8" representing possibly API compatibility with specific versions of Node.js. In contrast, version 0.2.21 relied on nan version "1.7.0". These nan updates are important because nan enables native Node.js addons to work between different Node.js versions.. This dependency update likely addresses compatibility issues or incorporates performance improvements related to this core component of NodeJS.
For developers considering integrating bson into their projects, both versions offer the same core functionalities: BSON parsing for Node.js and browsers. The package provides a reliable and efficient way to interact with MongoDB databases. The bson package simplifies handling MongoDB data structures within JavaScript environments. Both are distributed under the same open-source license through the GitHub repository.
All the vulnerabilities related to the version 0.2.22 of the package
Deserialization of Untrusted Data in bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.
Deserialization of Untrusted Data in bson
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.
