Semver, the semantic version parser vital to the npm ecosystem, saw a minor version update from 7.2.0 to 7.2.1 on April 6th, 2020. While both versions share the same core description, dependency on tap for development, ISC license, and repository details, subtle changes are present that could be of interest to developers. Primarily, the dist object reveals variations in the packaged distribution. Version 7.2.1 boasts a slightly smaller unpackedSize of 77432 bytes compared to 7.2.0's 97872 bytes, suggesting potential optimizations or reductions in included files. Correspondingly, the fileCount also decreased from 51 to 50.
Developers considering an upgrade may find these size reductions beneficial, leading to slightly faster installation times and reduced disk space usage, especially in environments where these factors are critical. The nearly simultaneous release dates indicate that version 7.2.1 likely addresses a minor bug fix or optimization identified shortly after the release of 7.2.0, and those that are dependent on it should update their packages. Since the version change is considered a patch, one can assume, however, that no breaking change has been introduced and therefore the update has a low risk. Developers should always review the changelog of the package for detailed information about the changes.
All the vulnerabilities related to the version 7.2.1 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
