Style-loader is a crucial webpack module responsible for injecting CSS into a webpage by adding <style> tags to the DOM. Examining versions 0.19.0 and 0.18.2 reveals subtle but potentially important changes for developers. Both versions share a common base, utilizing loader-utils and schema-utils as dependencies, handling common loader functionalities and schema validation respectively. They are both MIT licensed and written by Tobias Koppers with the same repository. Likewise, their devDependencies which include tools like css-loader, file-loader, jsdom, memory-fs, mocha, standard-version, and webpack (version 2.6.1) mean that both versions had the same testing and development environment.
The primary difference lies in the release date and potentially in the underlying code changes that motivated the new release. Version 0.19.0 was released on October 3, 2017, while 0.18.2 arrived much earlier, on June 5, 2017. Developers should consider this time gap, acknowledging that 0.19.0 likely incorporates bug fixes, performance improvements, or minor feature enhancements accumulated over those months. While a detailed changelog (not provided), would reveal specific modifications, upgrading to 0.19.0 is generally advisable to leverage potential improvements and ensure compatibility with other packages. Check the changelog prior upgrading and asses the value of the upgrade, as it depends a lot from the specific webpack configuration you're using.
All the vulnerabilities related to the version 0.19.0 of the package
Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
