Underscore.js is a lightweight JavaScript library providing a collection of utility functions that support common functional programming tasks. Versions 1.9.0 and 1.9.1 offer developers tools for manipulating arrays, objects, and functions, promoting a more concise and readable coding style. Both releases maintain the same core functionality and developer dependencies, including tools such as uglify-js for minification and eslint for code linting, ensuring code quality and performance optimization. The license remains MIT in both versions.
The key difference between version 1.9.0, released in April 2018 and 1.9.1, released in May 2018 lies in subtle internal improvements that contributed to an increase in the unpacked size (110852 vs 110995) This latest release signifies ongoing maintenance and refinement, despite seemingly identical feature sets and dependencies. Developers who are always on the lookout for the latest improvements should prefer the 1.9.1.
Developers appreciate Underscore.js for its focus on "batteries included" approach to common JavaScript needs, which streamlines development workflows. The library eliminates the need to write verbose, repetitive code for tasks like mapping, filtering, and reducing data. Underscore.js proves invaluable for front-end developers building dynamic web applications and back-end developers looking for concise functional programming tools.
All the vulnerabilities related to the version 1.9.1 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
