Eslint-plugin-node has released version 1.2.0, a minor update from the previous stable version 1.1.0, offering enhanced linting rules for Node.js projects. Both versions share the same core dependencies like ignore, minimatch, object-assign, resolve, and semver, ensuring consistent file matching, object manipulation, module resolution, and version comparison capabilities. The peer dependency on ESLint remains the same, requiring a version between 1.10.3 and less than 3.0.0.
The most notable changes appear in the development dependencies. Version 1.2.0 upgrades eslint to ^2.9.0 and eslint-config-mysticatea to ^3.0.0. This suggests improvements in the plugin's compatibility with newer ESLint features and a refined configuration setup, benefiting developers through potentially better linting performance and more streamlined integration. Developers should see improvements in reported errors.
While the core functionality remains consistent, the updated ESLint development dependencies in version 1.2.0 could result in more robust and efficient code analysis. Developers already using eslint-plugin-node should consider upgrading to leverage the latest ESLint engine improvements and configuration optimizations, and they should ensure they have upgraded eslint as well. The upgrade is likely to provide a smoother linting experience.
All the vulnerabilities related to the version 1.2.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
