Pino version 9.7.0 introduces notable updates and refinements compared to the preceding 9.6.0, enhancing its capabilities as a super-fast JSON logger. A key change lies in the dependencies, with version 9.7.0 incorporating an updated process-warning dependency, now at version ^5.0.0 compared to ^4.0.0 in 9.6.0. Furthermore, the development dependencies have received an upgrade, now including TypeScript version ~5.8.2 in the newer version, a bump from ~5.7.2. These updates bring the potential for improved type safety and alignment with the latest TypeScript features. For developers, this means benefiting from enhanced tooling and potentially fewer type-related errors during development.
Additionally, there are updates to several devDependencies like @yao-pkg/pkg which jumps from 6.1.1 to 6.3.0 and eslint plugins. These updates likely encompass bug fixes, performance improvements and potentially new features within those individual packages. The dist object reveals increases in fileCount (from 199 to 202) and unpackedSize (from 746497 to 753820), suggesting that the new release contains some considerable changes that are not only about dependencies.
These subtle but impactful adjustments in version 9.7.0 underscore Pino's commitment to staying current with the evolving JavaScript ecosystem, while continuing to provide a robust and performant logging solution.
All the vulnerabilities related to the version 9.7.0 of the package
fast-redact vulnerable to prototype pollution
fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
