carbone - npm Package Compare versions

Comparing version 3.5.5 to 3.5.6

CHANGELOG.md

 
+### v3.5.6
+  - Release June 12th 2023
+  - Fix: removed the possibility of prototype pollution in formatters. This can only occur if the parent NodeJS application has the same security issue. CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
+  - Update some dependencies
+
 ### v3.5.5
@@ -3,0 +8,0 @@ - Release February 15th 2023

lib/input.js

@@ -5,3 +5,3 @@ const params = require('./params');
 const locale = require('../formatters/_locale.js');
-const formatters = {};
+const formatters = Object.create(null); // Remove  __proto__ and constructor attributes. Mitigates prototype pollution attacks.
 
@@ -8,0 +8,0 @@ /**

package.json

 {
   "name": "carbone",
   "description": "Fast, Simple and Powerful report generator. Injects JSON and produces PDF, DOCX, XLSX, ODT, PPTX, ODS, ...!",
-  "version": "3.5.5",
+  "version": "3.5.6",
   "bin": "bin/carbone",
@@ -27,5 +27,5 @@ "main": "./lib",
   "dependencies": {
-    "dayjs": "=1.11.7",
+    "dayjs": "=1.11.11",
     "dayjs-timezone-iana-plugin": "=0.1.0",
-    "debug": "=4.3.4",
+    "debug": "=4.3.5",
     "which": "=2.0.2",
@@ -32,0 +32,0 @@ "yauzl": "=2.10.0",

README.md

 <p align="center">
   <a href="https://carbone.io/" target="_blank">
-    <img alt="CarboneJS" width="100" src="https://carbone.io/img/favicon.png">
+    <img alt="CarboneJS" width="100" src="https://carbone.io/img/carbone_icon_v3_github.png">
   </a>
@@ -23,4 +23,4 @@ </p>
   </a>
-  <a href="https://hub.docker.com/r/carbone/carbone-env-docker">
-    <img src="https://badgen.net/docker/pulls/carbone/carbone-env-docker?icon=docker" alt="docker badge">
+  <a href="https://hub.docker.com/r/carbone/carbone-ee">
+    <img src="https://badgen.net/docker/pulls/carbone/carbone-ee?icon=docker" alt="docker badge">
   </a>
@@ -35,9 +35,21 @@ <a href="https://github.com/carboneio/carbone">
 
-### News
+### News 2024/02
 
-15th of February 2023: Carbone just launched [on Product Hunt](https://www.producthunt.com/posts/carbone)! Feel free to support us. It will help us improve the engine!
+Use the latest version (v4+) for free with our Docker Edition:
 
-Please consider using the Cloud or On-Premise [Enterprise Edition](https://carbone.io/pricing.html) if you need **professional support**. 
-The Community Edition is one major version behind the Enterprise Edition. Feel free to contact us [on the chat](https://carbone.io) if you need further information.
+```sh
+  docker pull carbone/carbone-ee
+```
 
+Since v4.18.0 (February 14, 2024), no license is required to start the On-Premise Docker Edition with the REST API (same API as the Cloud Edition).
+You will only need a license if you want to use some advanced features. By default, only community features are enabled.
+
+Why? We try to optimize our time as much as possible. We are working on many things for the long-awaited Carbone v5 (new studio, new website, IA, ...).
+Activating community features in the Docker Edition was much easier. This edition is updated as often as the Enterprise Edition with our automatic CI.
+
+The Open Source Edition will be updated in v4 when the v5 will be released. The open source edition is always one major version behind (v3+)
+
+Feel free to contact us [on the chat](https://carbone.io) if you need further information or  **professional support**. 
+
+
 ## Table of content
@@ -44,0 +56,0 @@

No alert changes

Improved metrics

Total package byte prevSize

501216

increased by0.17%

Lines of code

9401

increased by1.61%

Number of lines in readme file

331

increased by3.76%

Dependency changes

• Updateddayjs@=1.11.11

• Updateddebug@=4.3.5