Underscore.js is a lightweight JavaScript library that provides a collection of utility functions often found in functional programming languages. Versions 1.9.1 and 1.9.2, while both part of the same family, showcase subtle yet important differences for developers. Both versions maintains the same core mission: to be a practical JavaScript's functional programming helper library. They are licensed under the permissive MIT license, encouraging wide adoption and modification.
A notable change between versions is the introduction of karma-sauce-launcher as a dev dependency in 1.9.2. This package likely enhances cross-browser testing capabilities using Sauce Labs, suggesting a focus on improved compatibility and stability across various browser environments. Also notable is the update of uglify-js devDependency from version 3.3.21 in 1.9.2 from the 1.9.1 version. While the core functionalities remain consistent, developers can anticipate potentially more robust browser support in version 1.9.2.
Furthermore, the dist object reveals slight variations. While both versions contain 6 files when packaged, the unpacked size grew marginally from 110,995 bytes in 1.9.1 to 111,042 bytes in 1.9.2. This size difference, though minimal, indicates possible enhancements or minor code additions. Most importantly, the release dates are markedly different — May 31, 2018, for v1.9.1 and January 6, 2020, for v1.9.2. Therefore, version 1.9.2, while seemingly similar, offers the advantage of incorporating more recent updates, bug fixes, and improved testing infrastructure, potentially leading to a more stable and reliable experience for developers integrating Underscore.js into their projects.
All the vulnerabilities related to the version 1.9.2 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
