Mochawesome is a popular and visually appealing HTML/CSS reporter for the Mocha JavaScript testing framework. Comparing version 3.1.0 with the previous stable version, 3.0.3, reveals subtle but important enhancements for developers. Both versions share the same core dependencies like babel-runtime, chalk, diff, json-stringify-safe, lodash, mochawesome-report-generator, strip-ansi, and uuid, ensuring consistent functionality for report generation, styling, and utility tasks. Similarly, the development dependencies remain consistent, indicating a stable build and testing environment facilitated by tools like babel, eslint, mocha, nyc, proxyquire, should, and sinon.
The key difference lies in the release date and unpacked size. Version 3.1.0 was released on October 17, 2018, while v3.0.3 was released on July 25, 2018. The unpacked size of v3.1.0 is slightly larger at 38021 bytes compared to v3.0.3's 37584 bytes. This difference suggests that v3.1.0 likely includes minor bug fixes, performance improvements, or very small feature additions that don't impact the core API or dependencies significantly.
For developers using Mochawesome, upgrading to v3.1.0 ensures they are running the most recent stable release, potentially benefiting from accumulated refinements and optimizations. Considering that the core dependencies remain the same, the upgrade should be seamless with minimal risk of breaking changes, offering developers a more robust reporting experience overall.
All the vulnerabilities related to the version 3.1.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Denial of Service in mem
Versions of mem prior to 4.0.0 are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging.
Upgrade to version 4.0.0 or later.
yargs-parser Vulnerable to Prototype Pollution
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument --foo.__proto__.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
Inefficient Regular Expression Complexity in validator.js
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity
