Style-loader is a vital webpack module designed to inject CSS into the DOM. Comparing versions 0.18.1 and 0.18.2 reveals subtle but important changes relevant for developers utilizing this package in their projects. Both versions share core attributes: a shared MIT license, the same author (Tobias Koppers @sokra), identical dependencies on loader-utils and schema-utils, and the same repository. The description also remain the same. The key differences lie in the devDependencies, notably upgrades to the css-loader, mocha, and webpack packages. Style-loader 0.18.2 incorporates css-loader ^0.28.3 while the previous release depended on version ^0.28.1. For mocha, the upgrade is more significant with 3.4.2 compared to 3.2.0. Finally the webpack's version bumps from 2.2.1 to 2.6.1. These updates likely address bug fixes, performance enhancements, or compatibility adjustments within their respective dependency ecosystems. Developers should evaluate these upgrades against their project’s existing dependency constraints as version inconsistencies might create conflicts. The release dates indicate a relatively short interval between the two versions; 0.18.1 came out in May 2017 while 0.18.2 was published in June 2017. The newer version likely contains fixes or improvements identified soon after the initial release. When choosing a version, carefully assess compatibility with existing project dependencies and consult the changelogs of updated development dependencies for specific details of introduced features or breaking.
All the vulnerabilities related to the version 0.18.2 of the package
Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
