Breaking changes 0.4.23 -> 0.5.0?
mtdvlpr opened this issue · comments
Hi, are there any breaking changes that prevent me from forcing my sub-dependencies to use 0.5.0
instead of 0.4.23
?
was wondering the same thing. I checked all commits, the changes are minor though.
Yes, there is #603 which might break dependencies (see the tests changed in the same commit) but was required to address CVE-2023-0842. Hence I released it as 0.5.0 and not 0.4.24 (which I would have preferred).
If your dependencies are affected mostly depends how they use the returned object.
Seeing breaking changes, with "[Object: null prototype]" being added at each level of Object/nested Object. Others are experiencing as well. E.g., mattdesl/parse-bmfont-xml#5. I'm using the same workaround:
JSON.parse(JSON.stringify(result)
. Not sure if there is a better solution, either in this lib, or in using code?
Probably either by comparing it with a value that doesn't have prototypes or using a comparison function that ignores prototypes.