Telejson is a library designed for efficiently "teleporting" or transferring rich data structures between different environments or contexts, a common requirement in modern web development, especially when dealing with complex state management or data serialization. Comparing versions 5.3.0 and 5.2.0 reveals a few key differences. Both versions share identical dependencies, including crucial packages such as lodash, is-regex, isobject, is-symbol, is-function, and memoizerific, ensuring consistent functionality for data manipulation, type checking, and performance optimization via memoization. Similarly, development dependencies like jest for testing, eslint and prettier for code quality, and Babel presets for compatibility remain unchanged.
The significant distinction lies within the dist object. Version 5.3.0 boasts a larger unpacked size of 42916 bytes and contains 10 files, a notable increase compared to version 5.2.0's unpacked size of 24618 bytes and 7 files. This suggests that version 5.3.0 might include additional features, optimizations, or expanded test coverage compared to its predecessor. Developers considering an upgrade should investigate the specific code changes between these versions to understand the new functionalities introduced and assess their impact on existing implementations. Date is also a difference, with version 5.3.0 released a week later than version 5.2.0. This library is MIT licensed and stored in github.
All the vulnerabilities related to the version 5.3.0 of the package
min-document vulnerable to prototype pollution
A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects, leading to denial of service or arbitrary code execution. This issue arises from insufficient validation of attribute namespace removal operations, allowing unintended modification of critical object prototypes. The vulnerability remains unaddressed in the latest available version.
