NYC version 14.1.1 is a minor patch release over version 14.1.0 of the popular Istanbul command-line interface, a crucial tool for JavaScript developers focused on code coverage analysis. Both versions share the same core dependencies, ensuring a consistent experience for users relying on features like globbing, UUID generation, YAML parsing, and Istanbul's core libraries for instrumentation and reporting.
The key difference between the two versions lies in the bug fixes and minor improvements introduced in 14.1.1. While the dependency lists for both versions are identical, the updated release, published on May 9th, 2019, likely addresses issues discovered since the release of 14.1.0 on April 24th, 2019. The unpacked size also increased slightly, pointing to possible changes that address reported issues in the previous release improving its overall stability. Developers should always prioritize the newer version, 14.1.1, to benefit from the latest bug fixes and enhancements that contribute to a more reliable code coverage process. If encountering issues with 14.1.0, upgrading to 14.1.1 should be the first troubleshooting step. For projects committed to precise dependency management, reviewing the changelog (available on the nyc GitHub repository) between these versions is recommended for understanding the exact nature of the fixes.
All the vulnerabilities related to the version 14.1.1 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
