Capture website, a Node.js package designed for capturing website screenshots using Puppeteer, released version 0.3.2 as a minor update following version 0.3.1. Both versions share the same core functionality and dependencies, including 'file-url', 'puppeteer', and 'tough-cookie', ensuring consistent performance in capturing web page screenshots. The development dependencies also remain identical, featuring tools like 'xo' for linting, 'ava' for testing, and '@types/puppeteer' for TypeScript definitions, among others. This suggests no significant changes to the development workflow or underlying technologies between the two releases.
The updates between version 0.3.1 and 0.3.2 appear minimal, primarily focused on internal improvements or bug fixes. Examining the "dist" section, we see 'unpackedSize' increases slightly from 26068 to 26089 bytes between versions 0.3.1 and 0.3.2. This marginal increase is probably due to tiny code changes or documentation adjustments while the number of files included in both tarballs ("fileCount") is the same. Version 0.3.2 was released on April 8, 2019, shortly after version 0.3.1, released on March 31, 2019. Developers considering this library would likely want to use the latest version (0.3.2) for its cumulative fixes and potential minor enhancements. However, they can expect a practically identical experience to version 0.3.1 in terms of core features and API usage.
All the vulnerabilities related to the version 0.3.2 of the package
tough-cookie Prototype Pollution vulnerability
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
