Eslint-plugin-node provides supplemental ESLint rules tailored for Node.js development. Version 1.3.0 introduces changes built upon the solid foundation laid by version 1.2.2. Both versions maintain consistent core dependencies, including "ignore," "minimatch," "object-assign," "resolve," and "semver," crucial for file exclusion, pattern matching, object manipulation, module resolution, and version comparison, respectively. Similarly, the development dependencies like "coveralls," "eslint," "eslint-config-mysticatea," "istanbul," "mocha," "npm-run-all," "rimraf," and "shelljs" remain the same, ensuring a stable testing and development environment. The peer dependency on ESLint itself remains "^1.10.3 || ^2.0.0", indicating compatibility with ESLint versions 1.10.3 and 2.x.
The key difference lies in the release date. Version 1.3.0 was released on May 14, 2016, while version 1.2.2 was released on May 13, 2016. This indicates that version 1.3.0 is a patch or minor update to version 1.2.2 likely containing bug fixes or small feature enhancements. For developers, this means upgrading from 1.2.2 to 1.3.0 should be relatively straightforward and low-risk which provides a more stable node.js linting experience based on the latest updates.
All the vulnerabilities related to the version 1.3.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
