Semver version 6.1.1 represents a minor update to the popular semantic version parser for JavaScript, building upon the foundation laid by version 6.1.0. Both versions share the same core functionality and development dependencies, relying on tap for testing. They are both licensed under ISC. Version 6.1.1 was released on May 28, 2019, a few days after 6.1.0 which was released on May 22, 2019.
Developers familiar with 6.1.0 will find a largely consistent experience in 6.1.1. The differences between the two versions are subtle, primarily reflected in the dist object, specifically the unpackedSize which indicates a slight increase of around 600 bytes, from 63544 to 64174. This suggests minor code adjustments or additions, such as bug fixes, performance improvements, or documentation updates, rather than significant feature enhancements. While the file count remains the same, the slightly larger unpacked size could also stem from changes in code formatting or build processes.
For developers already using semver 6.1.0, upgrading to 6.1.1 should be a straightforward process. For new users, either version presents a robust and reliable solution for semantic version parsing.
All the vulnerabilities related to the version 6.1.1 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
