Eslint-plugin-node has released version 1.2.1, a minor update following closely on the heels of version 1.2.0. Both versions cater to developers seeking to enhance their Node.js projects with additional ESLint rules. A close look reveals that from a dependency and development dependency standpoint, versions 1.2.0 and 1.2.1 appear identical. They share the same dependencies, including "ignore," "minimatch", and "resolve," crucial for file handling and path resolution, and development tools like "eslint", "mocha" and "istanbul". The peer dependency on ESLint remains consistent, requiring a version within the range of >=1.10.3 and <3.0.0 ensuring compatibility with older ESLint setups while avoiding the v3 line; important for legacy projects.
The primary visible difference lies in the "releaseDate." Version 1.2.1 was published shortly after 1.2.0. This suggests that 1.2.1 likely contains minor bug fixes, internal improvements, or documentation updates that didn't warrant a major or minor version bump. For developers, this means that upgrading to 1.2.1 from 1.2.0 should be a straightforward process without any expected breaking changes. It's always prudent to review the changelog(if available) for the finer details of what has changed. The MIT license ensures flexibility for use in various project types. Given the rapid succession of releases, users experiencing issues with 1.2.0 should certainly upgrade to 1.2.1 while new adopters can pick 1.2.1 directly.
All the vulnerabilities related to the version 1.2.1 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
