@commitlint/cli versions 12.1.2 and 12.1.1 offer commit message linting capabilities, ensuring adherence to established conventions for cleaner project histories. The core functionality remains consistent between the two, centered around utilizing yargs for command-line argument parsing and lodash for utility functions. Both rely on internal modules like @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types, and @commitlint/format for the actual linting process, configuration loading, message reading, type definitions, and output formatting respectively. Development dependencies, including execa, fs-extra, @types/yargs, @commitlint/test, and @commitlint/utils, are also largely similar between the two versions.
A notable difference lies in the removal of the get-stdin dependency in version 12.1.2. While get-stdin was used in 12.1.1 for reading commit messages from standard input, it has been replaced in the newer version. This implies a potential change in how commit messages are handled, possibly integrating the functionality directly or using another, more efficient method. This shift could impact developers relying on specific input mechanisms, requiring adjustments in their workflows when upgrading. Furthermore, the unpacked size of the package has slightly increased from 48660 to 50321. Developers should evaluate the impact based on their deployment environments and update accordingly.
All the vulnerabilities related to the version 12.1.2 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
