@commitlint/cli version 12.1.0 brings subtle but important improvements over its predecessor, 12.0.1, for developers striving for consistent commit messages. While both versions share a core functionality of linting commit messages against defined rules, ensuring project clarity and maintainability, the updated version incorporates changes in its internal dependencies that could indirectly influence functionality. Most notably, @commitlint/lint, @commitlint/load, and @commitlint/read dependencies are bumped from version 12.0.1 to 12.1.0 reflecting coordinated adjustments across the commitlint ecosystem, while @commitlint/types and @commitlint/format remain unchanged meaning that core type definitions and formatting logic remain aligned.
The developer dependencies also experience updates, with @commitlint/test and @commitlint/utils bumped to 12.1.0, while staying on 12.0.1 in the previous version. This could mean improvements in testing and utility functions that could enhance the developer experience when contributing to or extending commitlint. Importantly, no breaking changes are signaled suggesting a smooth transition for users upgrading from 12.0.1. The increase in unpacked size from 48317 to 48493 might reflect the new features or optimizations introduced across these interlinked dependency updates. Finally, the release date difference indicates active maintenance and incremental enhancements within the commitlint project, which is a positive indicator for user reliance and long-term project support.
All the vulnerabilities related to the version 12.1.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
