Eslint-plugin-node, a popular ESLint plugin providing additional rules specifically for Node.js environments, saw a release of version 2.1.3 following version 2.1.2. Both versions share the same core dependencies including "ignore", "minimatch", "object-assign", "resolve," and "semver", essential for file system operations and version management. Similarly, development dependencies such as "codecov", "eslint", "eslint-config-mysticatea", "if-node-version", "mocha", "npm-run-all", "nyc", "opener", "rimraf", and "shelljs" remain consistent, indicating a stable tooling environment for development and testing across both versions. The peer dependency on ESLint itself remains at ">=2.0.0", ensuring compatibility with a broad range of ESLint versions.
The key difference between version 2.1.2 and 2.1.3 lies in their release dates. Version 2.1.3 was published on October 15, 2016, while version 2.1.2 was released on September 29, 2016. This temporal gap suggests that version 2.1.3 likely incorporates bug fixes, potentially minor rule adjustments, or internal improvements accumulated during the intervening period. While the absence of explicit changelog data makes pinpointing specific changes difficult, developers are encouraged to upgrade to the newest version to leverage the latest refinements and ensure optimal code quality analysis for their Node.js projects. Upgrading from 2.1.2 to 2.1.3 ensures that you're benefiting from any improvements or patching made to the library in that window between releases.
All the vulnerabilities related to the version 2.1.3 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
