Extend is a utility library for Node.js and the browser, inspired by jQuery's extend function, that allows you to deeply merge objects. Version 1.3.0 enhances the library's applicability with support for browser environments, broadening its reach from solely Node.js as indicated in the description of version 1.2.1. This makes extend a more versatile solution for developers working on both server-side and client-side JavaScript projects. A notable difference is the addition of "covert" as a development dependency in version 1.3.0 indicating the use of code coverage tools for testing, thus pointing to the increased focus on code quality and reliability. Version 1.3.0 also upgrades the "tape" testing dependency to "~2.13.2" from "~1.1.0" bringing in newer assertion features and better test reporting, facilitating easier development and maintenance. Version 1.3.0 was released on June 20, 2014, significantly later than version 1.2.1 released in September 2013, indicating a substantial period between updates which is relevant for considering the level of support and features. This makes version 1.3.0 a worthwhile upgrade if you need browser compatibility and appreciate rigorous testing practices.
All the vulnerabilities related to the version 1.3.0 of the package
Prototype Pollution in extend
Versions of extend prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The extend() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
If you're using extend 3.x upgrade to 3.0.2 or later.
If you're using extend 2.x upgrade to 2.0.2 or later.
