Terser version 4.6.13 represents a minor update to the popular JavaScript parser, mangler, compressor, and beautifier toolkit, building upon the foundation laid by version 4.6.12. Both versions maintain the same core dependencies on commander, source-map, and source-map-support, ensuring consistent functionality for command-line argument parsing and source map handling. Similarly, the development dependencies, including testing frameworks like mocha, linters like eslint, and build tools like rollup, remain unchanged, indicating a stable development environment. The license, repository, and author information remain the same, ensuring continuity and provenance.
The primary difference between the two versions lies in the dist section. Version 4.6.13 has a slightly larger unpacked size of 1808883 bytes compared to 4.6.12's 1808179 bytes, a difference of ~700 bytes, suggesting minor code or asset additions. The release date also indicates that version 4.6.13 was published on April 30, 2020, a week after version 4.6.12. Developers considering upgrading should note this minor size difference. Although no specific changes or bug fixes are explicitly listed, the updated release date and slightly increased size generally implies that the update could incorporate small fixes, performance improvements, or very minor feature enhancements. It is recommended to review the changelog or commit history on the Terser GitHub repository for a comprehensive overview of the changes to assess the impact on specific use cases.
All the vulnerabilities related to the version 4.6.13 of the package
Terser insecure use of regular expressions leads to ReDoS
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
