Eslint-plugin-node version 1.1.0 represents an incremental update over its predecessor, version 1.0.0, offering refined linting rules for Node.js projects. Both versions provide additional ESLint rules to ensure code quality and adherence to best practices in Node.js environments.
Key differences lie in the dependency updates. Version 1.1.0 updates the ignore dependency from "^2.2.19" to "^3.0.11" and resolve from "^1.1.6" to "^1.1.7". Semver, an important dependency in version 1.0.0 for developers, has been moved to dependencies on version 1.1.0, in which the package depends on version 5.1.0 and not just "^5.1.0". Version 1.1.0 upgrades the eslint devDependency from "^2.0.0" to "^2.5.1" and shelljs devDependency from "^0.6.0" to "^0.7.0", reflecting ongoing efforts to keep pace with the evolving ESLint ecosystem and build tooling.
Developers considering adopting or upgrading to version 1.1.0 should note these dependency adjustments. The core functionality of providing enhanced linting rules for Node.js remains consistent. The peer dependency on ESLint remains ">1.10.3 <3.0.0" in both versions, ensuring compatibility with a wide range of ESLint versions. By staying current with dependencies, version 1.1.0 offers a more robust and up-to-date linting experience for Node.js developers. The update ensures developers benefit from the latest features and security patches within the dependent libraries.
All the vulnerabilities related to the version 1.1.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
