NYC version 14.1.0 introduces several dependency updates and improvements compared to version 14.0.0, making it a worthwhile upgrade for developers utilizing this command-line interface for Istanbul. Key updates in dependencies include "test-exclude" (5.2.3 vs 5.2.2), "istanbul-reports" (2.2.4 vs 2.2.2), "istanbul-lib-hook" (2.0.7 vs 2.0.6), "istanbul-lib-report" (2.0.8 vs 2.0.7), "istanbul-lib-coverage" (2.0.5 vs 2.0.4), "istanbul-lib-instrument" (3.3.0 vs 3.2.0), and "istanbul-lib-source-maps" (3.0.6 vs 3.0.5). These updates suggest enhancements in test exclusion, reporting capabilities, code hooking, report generation, coverage analysis, instrumentation, and source map handling.
Developers will likely benefit from improved accuracy and performance in their code coverage workflows. Notably, the "istanbul-lib-instrument" update from 3.2.0 to 3.3.0 implies improvements in the process of adding instrumentation to code for coverage tracking, potentially reducing overhead and improving performance. The "istanbul-reports" update suggests better formatted and more comprehensive coverage reports. Furthermore, the newer version has slightly increased unpacked size, which might be caused by the increase of code in the updated libraries. Also the release date is newer, so it comes with the latest fixes of that time. Upgrade to 14.1.0 for the most up-to-date features and dependency resolutions.
All the vulnerabilities related to the version 14.1.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
