@commitlint/cli, a popular tool for linting commit messages and ensuring project consistency, saw a recent update from version 18.4.3 to 18.4.4. Both versions share the same core purpose: helping developers adhere to commit message conventions. Under the hood, both rely on dependencies like execa for executing commands, yargs for command-line argument parsing, and the suite of @commitlint/* packages for linting, loading configurations, reading commit messages, and handling types. The lodash.isfunction dependency remains consistent as well.
However, the key difference lies within the updated internal @commitlint/* packages. Specifically, @commitlint/lint, @commitlint/load, @commitlint/read, @commitlint/types, @commitlint/format, and @commitlint/utils all incremented from version 18.4.3 to 18.4.4, indicating internal bug fixes, performance improvements, or feature enhancements within these modules. Developers should upgrade to 18.4.4 from 18.4.3 because of possible bug fixes on the core linting process. While the devDependencies remain largely the same, with @commitlint/test staying back at version 18.0.0, the updated @commitlint/utils package might be of interest. The upgrade could also possibly resolve dependency vulnerabilities. The difference in the release dates, with 18.4.4 released in January 2024 and 18.4.3 in November 2023, clearly marks the newer availability of the latest minor patch.
The are not vulnerabilities for the version 18.4.4 of the package @commitlint/cli
