Growl, a node package for unobtrusive notifications, has two closely released versions, 1.9.1 and 1.9.2, both under the MIT license. Developed by TJ Holowaychuk, known for his work at vision-media.ca, the core functionality of growl remains consistent between these versions, providing developers with a simple way to integrate system notifications into their Node.js applications. The source code is maintained in a public git repository.
The key difference lies in their release dates: version 1.9.1 was released moments before 1.9.2, suggesting a fix, patch or a very small adjustment prompted the new release. While the package descriptions are identical, those using the library should consider upgrading to the latest version (1.9.2) to benefit from any minor bug fixes or improvements addressed since 1.9.1. The tarball URLs point to where the installable packages can be download, where developers can also analyze and assess the small differences between versions. To upgrade just execute npm install in your node project or update the project to the desired version. Since no explicit changelog is provided those who depend on growl should check the source code of each version to investigate the changes.
All the vulnerabilities related to the version 1.9.2 of the package
Growl before 1.10.0 vulnerable to Command Injection
Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.
Update to version 1.10.0 or later.
