Underscore.js, a venerable JavaScript library providing functional programming tools, released version 1.13.5 in September 2022, building upon its previous stable version 1.13.4 from June 2022. While both versions maintain the core description as a "JavaScript's functional programming helper library" and share the same MIT license and author, Jeremy Ashkenas, key differences emerge in their development dependencies, reflecting ongoing modernization and tooling improvements.
Notably, version 1.13.5 upgrades several crucial devDependencies. nyc, a code coverage tool, jumps from version 2.1.3 to a more recent 15.1.0, potentially improving the accuracy and reporting of test coverage. The coveralls dependency also sees changes - from version 2.11.2 to 3.1.1. Additionally, karma, a popular test runner, transitions from a very old 0.13.13 to 4.4.1, representing a significant step forward in testing infrastructure. karma-qunit also has an upgrade from "~2.0.1" to "^4.1.2" and karma-sauce-launcher from "^1.2.0" to "^4.3.6". The introduction of patch-package in 1.13.5 suggests an increased focus on resolving dependency-related issues directly within the project. These changes likely contribute to a more robust and maintainable development environment.
From a developer's perspective, these improvements translate to a more reliable and well-tested library. While the core functionality of Underscore.js remains consistent between versions, developers can expect better test coverage, more modern testing tools, and a potentially more stable codebase due to the updated dependencies. The size differential, albeit minor (903345 unpacked size for v1.13.5 vs. 901694 for v1.13.4), could reflect the added tooling and associated code.
The are not vulnerabilities for the version 1.13.5 of the package underscore
