Ts-jest version 25.2.0 is a minor update to the popular TypeScript preprocessor for Jest, building upon the functionalities offered in version 25.1.0. While both versions share the same core dependencies, including json5, mkdirp, semver, and resolve for configuration and module resolution, developers should be aware of subtle differences primarily within the dist object. Version 25.2.0 has a slightly larger unpacked size(166357 bytes) compared to 25.1.0 (166279 bytes). The release date is also different, indicating different releases (2020-02-03T20:03:30.486Z vs 2020-01-30T08:46:15.612Z).
For users already on the 25.x series, upgrading to 25.2.0 should be relatively straightforward, mainly involving updating the package version in your package.json and reinstalling dependencies. Developers using ts-jest benefit from its seamless integration with Jest, enabling them to write and test TypeScript code without the need for manual transpilation. Both versions support Jest 25.x and TypeScript 3.x, ensuring compatibility with existing projects. The peerDependencies specify that jest needs to be >=25 <26. The update to 25.2.0 addresses minor improvements, bug fixes, or internal adjustments that contribute to a more robust and reliable testing experience.
All the vulnerabilities related to the version 25.2.0 of the package
yargs-parser Vulnerable to Prototype Pollution
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument --foo.__proto__.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
