Got version 8.3.2 represents a minor update to the popular "got" package, a simplified HTTP request client for Node.js. Comparing it to the previous stable version, 8.3.1, reveals minimal yet significant changes that developers should be aware of. Both versions share the same core dependencies, like pify for promise conversion, isurl for URL validation, and cacheable-request for intelligent caching. The development dependencies also remain identical, indicating a consistent testing and linting setup with tools like xo, ava, and nyc.
The crucial difference lies in the dist object. Version 8.3.2 has a slightly larger unpackedSize of 42097 bytes, compared to 42079 bytes in version 8.3.1. While seemingly small, this suggests subtle internal modifications or bug fixes included in the newer release. The releaseDate confirms this as a more recent build, indicating a timely reaction to address any potential issues identified in the previous version or introduce incremental improvements. For developers using "got," upgrading to 8.3.2 is generally advisable to benefit from the latest enhancements and bug fixes, ensuring a more stable and reliable HTTP client experience. While there are no explicitly labeled new features, the update emphasizes the ongoing maintenance and refinement by the maintainers, crucial for the longevity and trustworthiness of the package.
All the vulnerabilities related to the version 8.3.2 of the package
Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
http-cache-semantics vulnerable to Regular Expression Denial of Service
http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
