Cli-progress version 3.10.0, released in January 2022, introduces a subtle but potentially impactful change for developers utilizing this popular command-line progress bar library. The most significant difference between version 3.10.0 and its predecessor, version 3.9.1 (released in September 2021), lies in its dependencies. Version 3.10.0 removes the direct dependency on the colors package. In contrast, version 3.9.1 explicitly includes colors version 1.1.2 as a dependency.
This change likely reflects a shift toward a more streamlined and potentially more secure dependency tree. The removal of colors could be due to concerns about its maintenance or the introduction of alternative, more robust solutions for color handling within the library. Developers upgrading to version 3.10.0 should be aware of this change, especially if their existing code relies directly on the colors package through cli-progress. Version 3.9.1 has a smaller unpacked size of 55268 compared to 3.10.0 with an unpacked size of 55664, so there are other changes as well in the newer version compared to the older version, but the biggest change is definitely the removed color dependency. Both versions maintain the same core functionality, providing an "easy to use progress-bar for command-line/terminal applications," licensed under MIT, and created by Andi Dittrich. Both versions use the string-width package version 4.2.0 and have the same development dependencies.
The are not vulnerabilities for the version 3.10.0 of the package cli-progress
