Cli-table2 is a valuable npm package designed for creating aesthetically pleasing Unicode tables directly within command-line interfaces. Based on the original cli-table, this module simplifies the process of presenting data in a structured and readable format, enhancing the user experience for command-line applications. Both versions 0.1.0 and 0.1.1 share a common foundation, including dependencies like "colors" for terminal styling and "lodash" for utility functions. Developers frequently rely on these dependencies to streamline development processes.
Examining the two versions, the core functionality and dependencies remain consistent, suggesting a minimal incremental update between versions 0.1.0 and 0.1.1. Both rely on the same suite of development tools such as Chai, Sinon and Mocha for testing, Gulp for task automation, and Coveralls for code coverage reporting. The most notable difference lies in the release dates, with version 0.1.1 released just minutes after 0.1.0 suggesting a quick bug fix or minor adjustment. For developers, opting for the slightly newer version (0.1.1) is advisable, presuming it addresses any immediate issues detected in the initial release.
Ultimately, developers gain a robust solution for crafting visually engaging command-line tables making cli-table2 a practical choice for projects requiring clear and organized data presentation. Its reliance on established libraries like Lodash further enhances developer productivity.
All the vulnerabilities related to the version 0.1.1 of the package
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.11 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.5 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.12 or later.
