Cli-table2 is a valuable Node.js package designed for creating visually appealing and customizable Unicode tables directly within your command-line interface. Both versions 0.1.7 and 0.1.8 share the same core functionality, providing developers with a tool to present data in a structured and easy-to-read format. The package is based on the original cli-table and extends it with enhanced features.
Looking at the technical aspects, both versions rely on lodash for utility functions and colors for adding color to the tables, enhancing their visual appeal. The development dependencies, including testing frameworks like chai, sinon, and sinon-chai, along with build tools like gulp, remain consistent, implying a similar testing and build process.
The primary difference between the versions lies in their release dates. Version 0.1.8 was released on July 28, 2015, a week after version 0.1.7, released on July 20, 2015. Since the dependency manifests are identical, it's likely that version 0.1.8 includes bug fixes, performance improvements, or minor enhancements that don't affect the declared dependencies. Developers considering using cli-table2 should opt for the latest version (0.1.8) to benefit from any potential improvements and fixes made since the earlier release. It's worth noting the colors dependency is also listed as an optional dependency, suggesting that the package can function without it, albeit with reduced visual customization.
All the vulnerabilities related to the version 0.1.8 of the package
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.11 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.5 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.12 or later.
