@commitlint/cli has been updated from version 15.0.0 to 16.0.0, offering developers an enhanced commit message linting experience. Both versions provide tools to ensure commit messages adhere to specified conventions, promoting code consistency and project maintainability. While the core functionality remains the same, version 16.0.0 brings updated dependencies, specifically within the @commitlint ecosystem. Dependencies like @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types, and @commitlint/format have all been bumped to version 16.0.0, ensuring compatibility and potentially introducing new features or bug fixes in those underlying modules. These updates likely contribute to improved linting accuracy and performance. The core dependencies like yargs, lodash, resolve-from, and resolve-global remain consistent in their versions, suggesting stability in the CLI's command-line parsing and utility functions. Version 16.0.0 also shows a slight increase in unpacked size compared to version 15.0.0, due to the updated dependencies and their inclusion in the package. Developers upgrading to version 16.0.0 should review the changelogs for @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types and @commitlint/format to understand the specific changes and ensure a smooth transition, potentially unlocking more robust commit linting capabilities and a more streamlined development workflow.
All the vulnerabilities related to the version 16.0.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
