Happy New Year!
As of a few minutes ago (at time of publication!), Saxon-JS 2.0.3 has been published to the npm registry. This release contains no changes in functionality (this is not the release you’ve been waiting for, we’re still working on that one).
The previous version has a published dependency on
axios version
0.19.2 which is, apparently, the subject of a security vulnerability
(or so npm install
asserted this morning).
This tiny release simply updates the dependency to a patched version of axios.
Axios is an HTTP library that is only used by the NodeJS version of Saxon-JS. When Saxon-JS is running in the browser, it uses the browser’s APIs, so this update should have no consequences for the browser version at all.