@splitsoftware/splitio - npm Package Compare versions

Comparing version 11.10.0 to 11.10.1-rc.0

CHANGES.txt

@@ -0,1 +1,4 @@
+11.10.1 (February 3, 2026)
+ - Updated js-yaml dependency for vulnerability fixes.
+
 11.10.0 (January 28, 2026)
@@ -2,0 +5,0 @@ - Updated @splitsoftware/splitio-commons package to version 2.11.0, which:

cjs/settings/defaults/version.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.packageVersion = void 0;
-exports.packageVersion = '11.10.0';
+exports.packageVersion = '11.10.1-rc.0';

cjs/sync/offline/splitsParserFromFile.js

@@ -101,3 +101,3 @@ "use strict";
             previousMock = data;
-            yamldoc = js_yaml_1.default.safeLoad(data);
+            yamldoc = js_yaml_1.default.load(data);
         }
@@ -104,0 +104,0 @@ catch (e) {

esm/settings/defaults/version.js

@@ -1,1 +0,1 @@
-export var packageVersion = '11.10.0';
+export var packageVersion = '11.10.1-rc.0';

esm/sync/offline/splitsParserFromFile.js

@@ -97,3 +97,3 @@ import fs from 'fs';
             previousMock = data;
-            yamldoc = yaml.safeLoad(data);
+            yamldoc = yaml.load(data);
         }
@@ -100,0 +100,0 @@ catch (e) {

package.json

 {
   "name": "@splitsoftware/splitio",
-  "version": "11.10.0",
+  "version": "11.10.1-rc.0",
   "description": "Split SDK",
@@ -44,3 +44,3 @@ "files": [
     "ioredis": "^4.28.0",
-    "js-yaml": "^3.13.1",
+    "js-yaml": "^4.1.1",
     "node-fetch": "^2.7.0",
@@ -47,0 +47,0 @@ "tslib": "^2.3.1",

src/settings/defaults/version.js

@@ -1,1 +0,1 @@
-export const packageVersion = '11.10.0';
+export const packageVersion = '11.10.1-rc.0';

src/sync/offline/splitsParserFromFile.js

@@ -118,3 +118,3 @@ import fs from 'fs';
 
-      yamldoc = yaml.safeLoad(data);
+      yamldoc = yaml.load(data);
     } catch (e) {
@@ -121,0 +121,0 @@ log.error(e);

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 7 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 7 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

283017

0.03%

Worsened metrics

Number of low quality alerts

1

Infinity%

Dependency changes

• + Added

  argparse@2.0.1
  (transitive)

• + Added

  js-yaml@4.1.1
  (transitive)

• - Removed

  argparse@1.0.10
  (transitive)

• - Removed

  esprima@4.0.1
  (transitive)

• - Removed

  js-yaml@3.14.2
  (transitive)

• - Removed

  sprintf-js@1.0.3
  (transitive)

• Updated

  js-yaml@^4.1.1