Ts-jest version 25.1.0 is a minor update to the popular TypeScript preprocessor for Jest, building upon the solid foundation of version 25.0.0. Both versions share core dependencies like json5, mkdirp, and semver, ensuring continued compatibility and functionality. The primary difference lies in the updated development dependencies, particularly the upgrade of @types/jest from version 23.x to 25.x. This suggests that version 25.1.0 includes improved type definitions and support for the latest Jest features and APIs.
For developers, this means a smoother experience when working with Jest and TypeScript. The updated type definitions offer enhanced code completion, static analysis, and overall type safety, reducing the likelihood of runtime errors. While existing projects using ts-jest 25.0.0 might not require an immediate upgrade, new projects or those seeking to leverage the latest Jest advancements will benefit from the improved type support in version 25.1.0. Notably, both versions maintain the same peer dependency on Jest (>=25 <26), so ensure your project uses appropriate Jest version for compatibility. The update also includes some under the hood improvements: filecount went from 73 to 73, unpackedSize from 165849 to 166279 and releaseDate went from 2020-01-23 to 2020-01-30.
All the vulnerabilities related to the version 25.1.0 of the package
yargs-parser Vulnerable to Prototype Pollution
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument --foo.__proto__.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
