Code is an assertion library, valuable for developers seeking robust and readable tools to test their JavaScript applications. Comparing versions 5.2.4 and 5.2.3, we see incremental improvements. Both versions share the same core functionality and dependency on Hoek 6.x.x for utility functions, ensuring backward compatibility in the core assertion logic. They're both licensed under the BSD-3-Clause, allowing for flexible use and modification.
The primary difference surfaces in the development dependencies. Version 5.2.4 upgrades the lab testing framework dependency to version 18.x.x, a notable shift from version 5.2.3's reliance on lab 17.x.x. This update potentially introduces new testing features, performance enhancements, and bug fixes offered by the newer lab release. Developers leveraging the lab framework for testing should consider this upgrade, as it may require adjustments to their testing configuration or introduce breaking changes in test syntax, but also may improve speed or quality of some tests. The markdown-toc dependency remains consistent at version 1.1.x in both releases, indicating no changes in documentation generation tooling.
The unpackedSize property shows a minor decrease from 18983 bytes in 5.2.3 to 18981 bytes in 5.2.4, likely due to small code optimizations or refactoring. The release date also highlights the recency of 5.2.4 (2018-11-22) compared to 5.2.3 (2018-11-02). The slight difference is a hint that version 5.2.4 probably includes some minor improvements that are worth upgrading.
All the vulnerabilities related to the version 5.2.4 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
