Workbox webpack plugin version 3.6.2 introduces key updates compared to version 3.6.1, offering developers improved capabilities for offline web application development. Both versions serve as essential plugins for webpack builds, streamlining the creation of a file manifest to pre-cache with workbox-sw, ensuring a faster and more reliable user experience, especially in offline scenarios.
A notable difference lies in the introduction of babel-runtime as a dependency in version 3.6.2, alongside an update to workbox-build, also to version 3.6.2. Version 3.6.1 depended solely on workbox-build at version 3.6.1, and json-stable-stringify. This suggests potentially enhanced compatibility or new functionalities related to Babel transformations within the newer version. The plugin maintains its peer dependency regarding webpack versions, ensuring seamless integration with webpack 2, 3, and 4.
The file count and unpacked size vary slightly between the versions - 3.6.2 has 18 files and an unpacked size of 64462 compared to 3.6.1's 17 files and 53088 size, hinting at added features or internal improvements. Developers should consider upgrading to version 3.6.2 for the latest refinements to the workbox webpack plugin aimed at optimising service worker management and offline caching strategies within their webpack-based projects. The upgrade offers the potential for streamlined workflow and improved performance of modern web applications.
All the vulnerabilities related to the version 3.6.2 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
