@commitlint/cli saw a bump from version 16.2.1 to 16.2.3, representing incremental improvements and refinements for developers using this commit message linting tool. Both versions share a core set of dependencies, including yargs for command-line argument parsing, lodash for utility functions, and internal @commitlint packages for linting, loading configurations, reading commit messages, type definitions, and formatting output. This indicates a stable API and consistent functionality across the versions.
The key differences appear subtle but important. While most dependencies remain at the same versions, @commitlint/load experienced an update from 16.2.1 in the older version to 16.2.3 in the newer version. This suggests enhancements or bug fixes specifically within the configuration loading mechanism. Additionally, the @types/node dev dependency was bumped from 12.20.45 to 12.20.47, likely to address minor compatibility issues or incorporate new type definitions for Node.js environments.
The slight increase in unpacked size (from 54684 to 54851) further hints at internal adjustments, possibly related to the @commitlint/load update. The releaseDate clearly shows that 16.2.3 is a more recent release than 16.2.1. For developers, upgrading to 16.2.3 is recommended to leverage the refined configuration loading logic and any potential bug fixes or performance improvements integrated within that package.
All the vulnerabilities related to the version 16.2.3 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
