@commitlint/cli version 16.2.1 represents a minor update over the previous stable version 16.1.0, providing developers with refinements and potential bug fixes. Key improvements are primarily centered around dependency updates within the @commitlint ecosystem. Specifically, core packages like @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types, @commitlint/format, and @commitlint/utils have been bumped to version 16.2.1 from 16.0.0 or 16.1.0. These updates likely include enhancements in linting rules, configuration loading, commit message reading, type definitions, formatting capabilities and utility functions, contributing to a more robust and consistent commitlinting experience. While the core dependencies yargs, lodash, resolve-from, and resolve-global remain unchanged, as well as the devDependencies execa, fs-extra, @types/node, @types/yargs and @commitlint/test, this incremental update is crucial for staying current with the latest improvements in the @commitlint suite which in its turn ensures consistent commit messages. Developers should upgrade to 16.2.1 to leverage these refinements and benefit from any bug fixes within the core modules. The unpacked size also saw a slight increase, suggesting minor additions or modifications in the codebase. Upgrading ensures optimal performance and alignment with the latest commitlinting best practices.
All the vulnerabilities related to the version 16.2.1 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
