Compression webpack plugin version 1.0.0 represents a significant update from version 0.4.0, introducing notable changes in dependencies and development tools. Primarily, 1.0.0 transitions away from node-zopfli, previously an optional dependency in 0.4.0, used for potentially better gzip compression. This removal may impact compression ratios but could streamline installation and reduce platform-specific issues. While the specific compression method used in 1.0.0 isn't explicitly revealed in the data, the introduction of Babel configurations hints at a focus on modern JavaScript features for enhanced compatibility and maintainability.
The updated version also showcases a substantial shift in its development environment. Version 1.0.0 incorporates a suite of developer dependencies, including Babel for transpilation, ESLint for code linting, Jest for testing, and lint-staged for pre-commit checks. These additions emphasize code quality, modern development practices, and automated testing, fostering more reliable and predictable build processes. The update also reflects a change in peer dependency with webpack, requiring version ^2.0.0 || ^3.0.0 which is a more modern one, whereas version 0.4.0 did not specify it. For developers, beyond just the core functionality, this means a smoother integration process with modern webpack setups and a better-maintained plugin overall.
All the vulnerabilities related to the version 1.0.0 of the package
Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
