Growl is a Node.js library that provides unobtrusive, system-level notifications, allowing developers to easily integrate informative alerts into their applications. Version 1.9.0, released in February 2016, builds upon the foundation laid by the previous stable version, 1.8.1, which was released in July 2014. While both versions share the same core functionality of delivering Growl notifications and are licensed under the MIT license, indicating a permissive usage policy, some key differences exist.
The main difference between the two versions is that Version 1.9.0 includes the license information while Version 1.8.1 does not. Additionally, the release date and tarball URL within the dist object denote the newer release and package location. Developers considering an upgrade should note the two-year gap between releases, suggesting potential improvements in stability, security, or compatibility. While specific changes between versions aren't detailed in the provided data, staying up-to-date with the latest releases is generally recommended to leverage such enhancements. Notably, both versions share the same author and repository, indicating consistent stewardship of the project. Ensure compatibility by consulting the project's repository and any associated documentation to identify specific changes or bug fixes that might impact your usage.
All the vulnerabilities related to the version 1.9.0 of the package
Growl before 1.10.0 vulnerable to Command Injection
Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.
Update to version 1.10.0 or later.
