Url-loader is a webpack loader module that allows developers to inline files directly into their JavaScript bundles as base64 URIs, or optionally emit them as separate files. Comparing versions 0.6.0 and 0.6.1 reveals very minimal functional differences from a developer's perspective. Both versions share the same core dependencies: loader-utils, mime, and schema-utils, indicating a consistency in the fundamental tools used for processing URLs, handling MIME types, and validating loader options. Moreover, they both list file-loader as a peer dependency, meaning that developers will often need to install file-loader as well to handle cases where the file size exceeds the url-loader's limit and prevents inlining. The development dependencies, specifically standard-version, also remain identical, suggesting no alterations in the release process or version management. The primary difference appears to be the release date, with version 0.6.1 being released just a day after 0.6.0. This incremental update likely incorporates bug fixes or minor improvements which don't affect the public API or require code changes in webpack configurations for projects already using version 0.6.0. Developers can confidently upgrade to version 0.6.1, anticipating no breaking changes and potentially benefiting from stability enhancements. The module is licensed under MIT, encouraging wide and free use. To see the specific and small differences in the upgrade see the github webpack repo.
All the vulnerabilities related to the version 0.6.1 of the package
Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
