Semver version 7.3.5 represents a relatively incremental update from version 7.3.4 in the widely used semantic version parser for JavaScript. Both versions share the same fundamental purpose: providing robust semantic version parsing aligned with npm's conventions. While the core functionality remains consistent, a key difference lies in the package's unpacked size, which has slightly increased from 85928 bytes in 7.3.4 to 88244 bytes in 7.3.5. This suggests potential additions or refinements within the codebase, although the impact on performance is likely minimal. They share the same dependencies and dev dependencies so no api impact is expected. The release date difference is also significant: version 7.3.5 was released on March 23, 2021, while 7.3.4 came out on December 1, 2020. This gap indicates accumulated bug fixes, potential security patches, or internal optimizations introduced between the releases. For developers, this ensures continued compatibility with npm's ecosystem and benefits from any enhancements or resolutions implemented in the newer version. While the changes may not be drastic the version bumps show that the registry is active and maintained. Users should upgrade to newer versions as a practice to keep up with the ecosystem growth.
All the vulnerabilities related to the version 7.3.5 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
