Version 2.4.2 of the hosted-git-info npm package introduces a minor update over its predecessor, version 2.4.1, focusing on under-the-hood improvements. Both versions are designed to provide developers with comprehensive metadata and convenient conversions derived from repository URLs across major platforms like GitHub, Bitbucket, and GitLab. This capability remains consistent between the versions, enabling tools and applications to seamlessly identify and interact with hosted Git repositories, facilitating actions from bug reporting to dependency management.
The core functionality, offering simple ways to extract information like user, project, and default branch from git URLs, remains unchanged. Developers who have leveraged this in their workflows will experience no breaking changes when upgrading.
While the code functionality remains consistent, the key difference lies in the releaseDate. Version 2.4.2 was released on April 13, 2017, following version 2.4.1 which was released on March 22, 2017. This difference hints at bug fixes or documentation updates improving the overall package stability. For those seeking the latest refinements and ensuring they're using the most up-to-date iteration of the library, upgrading to version 2.4.2 is recommended, as it is the most recently released version. The devDependencies, including tap and standard remain consistent between both versions.
All the vulnerabilities related to the version 2.4.2 of the package
Regular Expression Denial of Service in hosted-git-info
The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity
