Workbox webpack plugin 3.2.0 represents a minor update over version 3.1.0, primarily focusing on aligning with the corresponding workbox-build dependency. Both versions serve the crucial role of integrating Workbox seamlessly into Webpack build processes, automating the generation of precaching manifests that workbox-sw utilizes. Developers benefit from this automation by efficiently managing offline experiences and enhancing the performance of their web applications.
A key difference lies within the dependencies field: version 3.2.0 depends on workbox-build version ^3.2.0, while version 3.1.0 depends on workbox-build version ^3.1.0. This signifies that version 3.2.0 leverages the improvements and bug fixes included in the newer workbox-build release. Users should consider upgrading to the newer version to take advantage of those fixes. The core functionality of the plugin to precache assets using Webpack remains consistent between versions based on the description.
Both plugin versions maintain the same peer dependency requirement for Webpack, supporting versions 2, 3, and 4. This indicates that the update is unlikely to introduce compatibility issues for existing projects using these Webpack versions. Also, the package license and author details remain the same, along with the shared repository on GitHub. Developers should consult the workbox-build changelog for detailed information on the specific enhancements included in the 3.2.0 release of workbox-build.
All the vulnerabilities related to the version 3.2.0 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
