@commitlint/cli version 13.1.0 introduces subtle yet crucial refinements over its predecessor, version 13.0.0, impacting developers aiming for impeccable commit message hygiene. Examining the package data reveals that the core dependencies remain largely consistent, indicating a focus on internal improvements rather than radical feature additions. Both versions rely on yargs for command-line argument parsing, lodash for utility functions, and resolve-from/resolve-global for module resolution. The @commitlint/* family of packages, including lint, load, read, types, and format, sees a version bump from 13.0.0 to 13.1.0, signalling enhancements within the commitlint's core functionalities of linting, configuration loading, message reading, type handling, and output formatting.
From a developer's perspective, while the API surface might appear unchanged, this update likely contains bug fixes, performance optimizations, and potentially refined rule implementations within the @commitlint/* modules. The increase in unpacked size (52432 vs 51741) could hint at expanded rule definitions or more comprehensive internal documentation. Upgrading to 13.1.0 is recommended for projects already using @commitlint/cli to leverage these improvements, ensuring more accurate and efficient commit message linting. As always, consult the official commitlint changelog for a detailed breakdown of the specific changes introduced in this minor release. The release date confirms version 13.1.0 was published roughly two months after 13.0.0.
All the vulnerabilities related to the version 13.1.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
