Read-pkg-up has a new major version, 11.0.0, offering notable updates from the previous stable release, 10.1.0. Both versions share the core functionality of locating and reading the nearest package.json file in the directory tree, but the underlying dependencies have been updated.
The most significant change lies in the dependency updates. Version 11.0.0 upgrades find-up to find-up-simple at version ^1.0.0, while version 10.1.0 uses find-up at ^6.3.0. This shift might introduce changes in how the package searches for the package.json file, potentially impacting performance or behavior in edge cases (although find-up-simple has only one dependency and states itself as a simpler alternative to find-up). Additionally, read-pkg is updated from ^8.1.0 to ^9.0.0, likely bringing improvements and bug fixes related to package.json reading and parsing. type-fest, a utility library for common TypeScript types, also sees an update from ^4.2.0 to ^4.6.0, suggesting enhanced type safety and additional utility types for developers leveraging TypeScript.
While the development dependencies (ava, tsd, and xo) remain largely consistent (except for a minor tsd version bump), the core runtime dependencies have been significantly modernized. Developers should carefully review the changes introduced by these updated dependencies, especially if they rely on specific behaviors or edge cases related to file system searching or package.json parsing. The unpackedSize has increased slightly, from 6218 to 6234 bytes, which is unlikely to be significant. Released on November 3, 2023, version 11.0.0 signifies a commitment to staying current with dependency updates, potentially enhancing performance, security, and code quality.
The are not vulnerabilities for the version 11.0.0 of the package read-pkg-up
