The eslint-plugin-jest package provides ESLint rules specifically designed for Jest testing environments, helping developers enforce best practices and maintain code quality in their tests. Version 22.18.0 introduces subtle but potentially impactful changes compared to the previous stable version, 22.17.0. While the core dependencies related to TypeScript, ESLint, Babel, and Jest infrastructure remain consistent, the updated version includes modifications reflected in the dist metadata. Specifically, the fileCount increases from 87 to 89 files, and the unpackedSize grows from 190709 bytes to 193644 bytes, suggesting additions or modifications in the rule definitions or related assets packaged within the library.
This update was released on October 12, 2019, a little over a month after version 22.17.0. Developers should upgrade to 22.18.0 to benefit from potential bug fixes, performance improvements, or new rule implementations that enhance the static analysis of Jest test code. The consistent peer dependency on ESLint (>=5) ensures compatibility for existing projects. Developers are advised to review the changelog on the project's GitHub repository (linked in the repository URL) for a detailed list of changes between versions and understand the specific impacts of the upgrade on their testing codebase. Minor version updates like these are important for improving code quality and catching potential test errors early in the development cycle.
All the vulnerabilities related to the version 22.18.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
