@commitlint/cli, a package for linting commit messages based on conventional commit standards, saw a minor version bump from 16.2.3 to 16.2.4. Both versions share the same core functionality of analyzing and validating commit messages against defined rulesets to maintain consistency and improve project maintainability. The key difference lies in the updated dependencies. Version 16.2.4 upgrades @commitlint/lint from version 16.2.1 (present in 16.2.3) to 16.2.4 and @commitlint/load from 16.2.3 (present in 16.2.3) to 16.2.4 . Developers should note this upgrade as it likely incorporates bug fixes, performance improvements, or new features within the linting and configuration loading processes. While @commitlint/read, @commitlint/types and @commitlint/format remain at version 16.2.1 across both releases, using version 16.2.4 ensures you're benefiting from the latest refinements in essential linting and loading functionality. Developers utilizing commitlint in their CI/CD pipelines should consider upgrading to harness these potential enhancements and maintain optimal code quality. Notably, the unpacked size of the package has increased slightly from 54851 bytes to 55132 bytes, probably because of the updated dependencies. This increase in size should not be significant enough to deter most users.
All the vulnerabilities related to the version 16.2.4 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
