@commitlint/cli, a tool for linting commit messages, saw a minor version update from 4.1.0 to 4.1.1 in October 2017. This incremental release includes key updates for developers seeking to maintain consistent and informative commit messages. The primary difference lies in the updated dependency on "@commitlint/core," which moves from version 4.1.0 to 4.1.1. This suggests that the core logic for commit message analysis and rule enforcement has been refined.
While both versions retain similar dependencies like 'meow' for CLI argument parsing, 'chalk' for enhancing console output with colors, and 'lodash' for utility functions. Both versions also utilise babel-polyfill and get-stdin - this minor increase shows that there was an update in the underlined logic of the core of the library which improved some functionalities or fixed some errors without big change in the dependencies, or devDependencies.
Developers should upgrade to version 4.1.1 to benefit from the improvements and potential bug fixes within the updated "@commitlint/core" dependency. This ensures access to the latest refinements in commit message linting, which contribute to better project maintainability and collaboration within development teams. The release, published on October 9, 2017, is readily available via npm. This allows developers to ensure clean commit histories and contribute within their team.
All the vulnerabilities related to the version 4.1.1 of the package
Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
dot-prop Prototype Pollution vulnerability
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
