Cli-table2, a command-line tool for generating visually appealing Unicode tables, saw a minor version bump from 0.1.5 to 0.1.6. Both versions share a common foundation, utilizing "colors" and "lodash" as core dependencies for styling and utility functions, respectively. They also keep the same devDependencies for testing and build processes. The key distinction lies in the introduction of "ansi-256-colors" as a new development dependency in version 0.1.6, suggesting enhancements or refinements in color handling capabilities during development or testing.
For developers choosing between these versions, the inclusion of "ansi-256-colors" might indicate improved support for a wider range of terminal color schemes in the newer version, potentially leading to more consistent and visually accurate table rendering across different terminal environments. The older version, released in December 2014, offers established stability, while the newer version, released in July 2015, provides potential color enhancements. While most dependencies and the core functionality remain identical (same dependencies, description, license and author), developers should consider the potential benefits of enhanced color support when deciding which version aligns best with their project needs. Reviewing the changelog or release notes (if available) would provide further clarity on specific changes related to "ansi-256-colors" and any bug fixes implemented in version 0.1.6. The repository URL differs slightly between the two versions.
All the vulnerabilities related to the version 0.1.6 of the package
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.11 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.5 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.12 or later.
