Husky version 1.1.0 introduces subtle but potentially impactful changes compared to version 1.0.1, primarily revolving around development dependencies. Both versions share the same core functionality of preventing bad commits and pushes through Git hooks, making them essential tools for maintaining code quality and consistency within development teams. They utilize the same core dependencies like execa, is-ci, and cosmiconfig to achieve this.
The significant differences lie in the devDependencies section. Version 1.1.0 updates ts-jest from 23.1.4 to 23.10.3 and prettier from 1.14.2 to 1.14.3. Notably, it also upgrades typescript from 3.0.3 to 3.1.1 and @types/node from 10.9.4 to 10.11.3. Furthermore, tslint-plugin-prettier receives an update from 1.3.0 to 2.0.0, and @types/mkdirp is introduced with version 0.5.2. This signals a focus on improved TypeScript and linting support and a better developer experience. Despite a drop in unpacked size, from 33741 to 32610, the file count remains constant, at 17. Thus the update aims for refinement and optimization, especially for projects leveraging TypeScript and Prettier. While the core hook functionality remains consistent, developers using TypeScript should strongly consider upgrading to access the latest type definitions and tooling improvements.
All the vulnerabilities related to the version 1.1.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
