@commitlint/cli version 14.0.0 introduces updated dependencies across the board compared to the previous stable release, version 13.2.1. Key dependencies like @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types, and @commitlint/format have all been bumped to version 14.0.0, suggesting potential new features, bug fixes, or breaking changes within those core modules. Developers upgrading should consult the changelogs for each of these updated packages to understand the specific modifications and ensure a smooth transition. Furthermore, the devDependencies @commitlint/test and @commitlint/utils were also upgraded to version 14.0.0, along with the upgrade from @types/node version 12.20.28 to 12.20.36.
The updated release also includes changes to the package metadata, specifically the inclusion of the "directory" field within the "repository" object, pointing to "@commitlint/cli," providing more explicit context for repository structure. The unpacked size also increased slightly, from 52846 to 53015 bytes, hinting at possible additions to the codebase or updated bundled dependencies. The release dates also highlight the recency of version 14.0.0 (October 26, 2021), indicating a more up-to-date set of features and fixes compared to version 13.2.1 (October 9, 2021). Developers should use the newer version to benefit from the updated core modules that fix issues, improve performance or introduce new utilities.
All the vulnerabilities related to the version 14.0.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
