Fs-extra is a Node.js package designed to extend the functionality of the built-in fs module by offering utility methods that simplify file system operations. Comparing version 0.0.11 with the older 0.0.4 reveals several key updates relevant to developers.
Version 0.0.11, released in late 2011, introduced dependencies on jasmine-node and coffee-script, suggesting an increased focus on testing and potentially incorporating CoffeeScript into the library's development or usage. The path-extra dependency was also updated to a more flexible ">=0.0.1" version, allowing for a wider range of compatible path-extra versions.
In contrast, version 0.0.4, released in early 2012, relied on rimraf and a specific version of path-extra (0.0.x). rimraf is known for its reliable recursive deletion capabilities, implying that early versions of fs-extra emphasized robust file removal. The move away from a specific rimraf dependency in version 0.0.11 is not explicitly declared here but may suggest a shift in how deletion tasks were handled or a decision to avoid that direct dependency or an assumption that it comes with path-extra (that also changed the version).
For developers, these changes highlight a potential evolution in the library's development process and dependency management. Version 0.0.11 might appeal to those using Jasmine for testing or interested in exploring CoffeeScript integration while version 0.0.4 offers a more direct and maybe simpler integration if rimraf is already a dependency or the developer just looks for that specific functionality and wants to control the version from their main app.
All the vulnerabilities related to the version 0.0.11 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
