@commitlint/cli has released version 13.0.0, a significant update from the previous stable version 12.1.4, offering improved commit message linting. The core functionality remains the same: to ensure commit messages adhere to predefined standards, promoting consistency and clarity in project history. Key differences lie in the updated dependency versions. Notably, yargs has been upgraded from ^16.2.0 to ^17.0.0, offering enhanced command-line argument parsing capabilities. This upgrade might introduce breaking changes if your codebase relies on specific yargs behaviors. Dependency packages, including @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types, and @commitlint/format, have all been bumped to ^13.0.0, ensuring alignment across the @commitlint ecosystem and potentially incorporating new features, bug fixes, and performance improvements in these core modules.
For developers, upgrading to 13.0.0 means potentially leveraging the latest features and fixes within the @commitlint ecosystem. The devDependencies also see updates, with fs-extra moving from ^9.0.0 to ^10.0.0 and @types/yargs shifting from ^16.0.0 to ^17.0.0, beneficial for development environments and tooling. The unpacked size and release date differences indicate underlying code changes and improvements. Ensure thorough testing after upgrading to identify and address any unforeseen compatibility issues arising from the dependency updates, especially with yargs. The update to v13 offers a maintenance and improvements across the board.
All the vulnerabilities related to the version 13.0.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
