Unconfig version 0.3.3 introduces several dependency updates, enhancing the library's underlying functionality and development tooling. Most notably, the defu dependency, used for deep merging objects, jumps from version 5.0.1 to version 6.0.0. This upgrade likely incorporates performance improvements and bug fixes within the merging process, which could be crucial for developers relying on Unconfig to handle complex configuration structures. Additionally, @antfu/utils is bumped from 0.5.0 to 0.5.1, potentially providing refined utility functions for internal Unconfig operations.
On the development side, notable updates include upgrades to eslint (8.11.0 to 8.13.0), vitest (0.7.4 to 0.9.3), unbuild (0.7.0 to 0.7.3), @antfu/ni (0.13.2 to 0.14.0), @types/node (17.0.21 to 17.0.23), and @antfu/eslint-config (0.18.8 to 0.20.2). These changes indicate improvements in the development workflow, testing capabilities, and code linting, ensuring higher code quality and maintainability. TypeScript also sees a minor version bump from 4.6.2 to 4.6.3. Developers integrating Unconfig into their projects can expect benefits from these updated dependencies, leading to more robust and streamlined configuration loading processes. The release date difference suggests about a three week cycle. The unpacked size is the same for both versions.
All the vulnerabilities related to the version 0.3.3 of the package
antfu/utils vulnerable to prototype pollution
Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.
