Version 17.3.0 of @commitlint/cli introduces notable updates compared to its predecessor, version 17.2.0, primarily focusing on dependency management. A key change is the replacement of the broad lodash dependency in v17.2.0 with more specific lodash modules in v17.3.0. Specifically, lodash.isfunction "^3.0.9" is directly included, and lodash.merge moves from a direct dependency to a development dependency with "^4.6.2"; moreover, its type definitions got added as a dev dependency, too using "@types/lodash.merge":"^4.6.7" and "@types/lodash.isfunction":"^3.0.7". This shift enhances the package's efficiency by reducing its overall size and minimizing potential security vulnerabilities associated with including the entire lodash library. Also, the new version has "@commitlint/format":"^17.0.0" as a direct dependency.
Furthermore, @commitlint/read dependency is bumped from "^17.2.0" to "^17.3.0" in v17.3.0 and @commitlint/lint and @commitlint/load dependencies are bumped from "^17.2.0" to "^17.3.0", reflecting internal updates and improvements within the @commitlint ecosystem, ensuring developers benefit from the latest features and bug fixes within those core modules. Developers upgrading should be aware of these dependency changes, especially if they relied on specific lodash functionalities directly within their commitlint configurations. These targeted updates contribute to a more streamlined and maintainable development experience, aligning with best practices for modern JavaScript package management. Finally, the unpackedSize increases slightly from 29527 to 29659.
The are not vulnerabilities for the version 17.3.0 of the package @commitlint/cli
