Semver, the semantic version parser vital to the npm ecosystem, saw a minor version bump from 7.3.0 to 7.3.1 on April 14th, 2020. While both versions share identical descriptions, development dependencies (relying on tap version 14.10.7 or higher for testing), ISC licensing, and the same Git repository origin, subtle differences exist. The primary visible change lies in the package dist details. Version 7.3.1 has an unpacked size of 83792 bytes, slightly larger than version 7.3.0's 83770 bytes, a mere 22 bytes difference indicating a potentially extremely small fix. The fileCounts remain the same. Most importantly for a software developer using the library, this suggests that the differences deployed between the two versions are low risk and might not even be functional. Semantic versioning dictates how software versions are incremented, and a change from 7.3.0 to 7.3.1 signals the resolution of a bug, typo, or very small internal changes. Developers already using semver 7.3.0 likely benefit from migrating to 7.3.1, as it promises enhanced stability. The releaseDate gives important information about when the update happened.
While difficult to assert without comprehensive release notes, the increased unpacked size points towards minor efficiency improvements or bug fixes within the code, solidifying semver's reliability. The package can be downloaded from the tarball urls supplied.
All the vulnerabilities related to the version 7.3.1 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
