@commitlint/cli boasts a new stable release, version 13.2.0, succeeding version 13.1.0. Both versions serve to lint commit messages, enforcing standards for cleaner project histories. Developers can leverage this tool to automate commit message checks, ensuring consistency and adherence to team guidelines, contributing to better collaboration and easier project maintenance.
Key differences between the versions lie in their dependency updates and inclusion of new development dependencies. Version 13.2.0 sees the core dependencies @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types, and @commitlint/format all bumped to version 13.2.0, ensuring compatibility and potentially incorporating bug fixes or enhancements to these core modules. Furthermore, @types/node is introduced as a dev dependency at version 12.20.27 in the newer release, alongside @commitlint/utils and @commitlint/test at version 13.2.0. Version 13.1.0 instead leverages @commitlint/test and @commitlint/utils at version 13.0.0, dropping the @types/node dependency. The unpacked size has slightly increased moving from 52432 to 52679. Developers upgrading should carefully analyze these dependency changes, particularly if they directly interact with the affected modules, to ensure a smooth transition and identify any potential breaking changes introduced by the updated dependencies, resulting in potential bug fixes and enhanced functionality.
All the vulnerabilities related to the version 13.2.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
